Home / Spyware Help / SLICKSHOES Removal Guide

SLICKSHOES Removal Guide

by 0 Comments

Do you know what SLICKSHOES is?

If you are an individual Windows user, SLICKSHOES should not be a problem. However, if you work for a large company or a government agency, this is the threat that you need to be aware of. Without a doubt, we do not dismiss the possibility that this threat could go rampant and infect anything and everything in its way, which is why all Windows users need to build defenses against it. If this malicious infection invades the system successfully – and it is most likely to do that along with other threats – it could be used to drop other malware files. According to our research team, this dangerous trojan has been linked to the infamous Lazarus/Hidden Cobra group, which is believed to work on behalf of the North Korean government. Of course, regardless of who’s operating malware, it must be deleted. Continue reading to learn how to identify and remove SLICKSHOES.

It appears that SLICKSHOES is distributed by exploiting Themida, a self-proclaimed Advanced Windows software protection system that is meant to protect software developers from having their products cracked. The trojan comes packed with Themida, and once it is inside the targeted system, it decodes itself and drops a malicious embedded file in the %WINDIR%\Web\ folder. Its name is taskenc.exe. This .exe file is operated as a remote administration tool (RAT) and SLICKSHOES is a beacon-style implant. It can be used to manipulate files and processes, download files, execute commands and processes, and even capture screenshots. All of this is done to gather intelligence. If cybercriminals are successful at deploying this dangerous malware, they might be able to steal sensitive information and further infect systems with malware. It is hard to say what kinds of other threats could be dropped by the trojan, but if you discover it, you must scan your operating system. Employ a trusted malware scanner, and it will let you know what other threats you might need to delete from your system.

Since SLICKSHOES is most likely to be employed by state actors in North Korea, we assume that the targets of this malware are most likely to be strategically chosen companies, organizations, and government departments. Cyberwarfare is the chosen method of state focused attacks these days, and infections like SLICKSHOES can facilitate them. Unfortunately, there are plenty of other threats that can be employed. Other malicious tools that have been linked to Hidden Cobra attacks include ARTFULPIE, BISTROMATH, CROWDEDFLOUNDER, HOPLIGHT, HOTCROISSANT, VOLGMER, etc. All of these infections have unique traits and can assist cybercriminals in different ways. While some threats are built for spying, others are built for stealing sensitive data or enabling remote control. Needless to say, the companies and government organizations that could be targeted by SLICKSHOES and similar threats know that they are vulnerable, and that is why they build strong security teams for protection. Unfortunately, sometimes cybercriminals are one step ahead and are able to attack successfully.

Whether you are part of a larger network or an individual Windows user, if you discover SLICKSHOES, you need to delete this dangerous infection immediately. You also need to inspect your operating system to check whether there are other threats that require removal too. Most likely, additional threats exist. Furthermore, you have to figure out how to secure your operating system to prevent similar attacks in the future. Due to these reasons, our recommendation is that you implement anti-malware software you can trust. This software will automatically delete SLICKSHOES and all other threats that might exist. It will also secure your system. If you much prefer to get rid of the trojan yourself, check out the guide below.

Remove SLICKSHOES from Windows

  1. Simultaneously tap Win and E keys to launch File Explorer.
  2. Type %WINDIR% into the field at the top and tap Enter.
  3. If you can find a folder named Web with taskenc.exe inside, right-click and Delete it.
  4. Exit File Explorer and then Empty Recycle Bin.
  5. Immediately install a trusted malware scanner to scan you system for other threats.

In non-techie terms:

SLICKSHOES is a dropper trojan that is most likely to be used by state actors from North Korea. The attackers are known as Hidden Cobra or Lazarus, and they have used a ton of different tools to invade operating systems, steal information, drop malware, hijack systems and networks, and perform other illicit and dangerous actions. Our hope is that the targets of this malware are aware of it and can build strong defenses against it. If you are an individual Windows user, it is unlikely that you will need to bother with the removal of SLICKSHOES, but in the world of malware everything is possible, which is why you need to upgrade your virtual security also. We suggest installing anti-malware software that could automatically secure your system and delete active infections.