PBot Removal Guide

Do you know what PBot is?

PBot is not a unique infection, but the kind that we do not see all that often. It works as an advertising-supported program – which we see many of – but one that is on serious steroids. If this threat manages to slither into your operating system, it can silently modify the content you see on any website you visit to expose you to scams, malicious links, and malware installers. Obviously, this is the kind of malware you do not want to find on your operating system. If you do – and you are likely to find that out with the help of a legitimate malware scanner – you need to delete it as soon as possible. The bad news is that detecting this malware can be problematic. The good news is that removing PBot should not be. Our research team created a guide that should help, and you can always add a comment below if you have more questions for us.

Who dropped PBot onto your computer? That is the kind of question you need to ask yourself whenever you face an infection. This malicious threat, according to our research team, is dropped by an exploit kit. An exploit kit is designed to exploit a known vulnerability within the operating system, browser, or software. The one we are discussing in this case drops a downloader that sends PBot to the vulnerable system, and that can be done silently, without alerting the victim at all. That means that you are unlikely to notice when this infection slithers in, and that gives it full power to act maliciously. The most interesting component that belongs to this malware is called “settings.ini,” and inside this file one can find websites that are white-listed, which means that the adware does not affect them. Evidently, these sites are Russian, which suggests that the adware itself was created by Russian cyber attackers.

It was found that PBot malware performs man-in-the-browser (MITB) attacks, which allows it to manipulate data shared between the browser and its security mechanism. According to our research, the infection is likely to affect such files as Amigo.exe, Browser.exe Chrome.exe, Chromium.exe, Firefox.exe, Iexplore.exe, MicrosoftEdge.exe, MicrosoftEdgeCP.exe, and Opera.exe. Basically, the infection could inject malicious scripts into trustworthy websites that are accessed via the browsers that these .exe files represent. To make things easier for itself, PBot can even forge the certificate of the websites that are visited. The infection could be used to display advertisements, but it could also be used to modify the websites in a way that would allow cyber criminals to steal, for example, online bank account login information. Needless to say, this is the kind of malware you want deleted as soon as possible.

How did you find out about PBot? Maybe you found the components of this unfamiliar program, and you investigated the matter further. Maybe you randomly decided to scan your operating system to check if it is clean. However that happened, if you found this adware, you need to get rid of it as soon as possible. First, you must scan your operating system to check if other threats exist. If they do not, focus on deleting PBot. You can uninstall this threat via Control Panel, or you can get rid of its components using the manual removal instructions below. Afterward, you need to quickly reset the passwords of your most sensitive accounts because you do not want cyber criminals taking advantage of them. Finally, you MUST install reliable security software to stop uninvited programs from slithering into your PC without your knowledge in the future.

Delete PBot from Windows

  1. Simultaneously tap Win+E keys to launch Windows Explorer.
  2. Enter %APPDATA% into the bar at the top and tap Enter to access the directory.
  3. Right-click and Delete these components:
    • webrun.exe
    • MinerBlocker folder
    • MinerBlockerupd folder
  4. Simultaneously tap Win+R to launch RUN and then enter regedit.exe into the dialog box to access Registry Editor.
  5. Move to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
  6. Right-click and Delete these entries:
    • MinerBlocker
    • MinerBlocker_upd
  7. Empty Recycle Bin.
  8. Install a trusted malware scanner to check if you have successfully cleaned your operating system.

In non-techie terms:

There is no doubt that you want to remove PBot from your operating system. But how should you do it? Our research team recommends eliminating this adware piece by piece using the guide you can see above, but you could also uninstall it as a regular application. That being said, you must understand that PBot is not a regular app, and you need to be cautious about it. Since you might not know when this malware got in, you are at a huge risk because as long as this adware is active, you can be exposed to malware, fake ads, and scams. Removing the threat is important, but it is just as important that you reset your passwords afterward to make sure that your accounts cannot be hacked. Also, installing anti-malware software is strongly recommended because you want reliable protection against malware and adware in the future.