Remove Easeware.Driver.exe Virus (Removal Guide)

0
49
Easeware.Driver.exe Trojan

Easeware.Driver.exe (also known as Zcash Miner) is a Trojan that uses the power of your CPU to mine the Zcash, or ZEC, digital currency. It gets on the computer though the hijacked installer of the Driver Easy application and it does so without the permission of the developers. It starts wreaking havoc immediately after and it’s executed by scheduled tasks. The processor of your PC then starts getting abused and the Zcash is mined. It gets overheated because of that and, sooner or later, slowdowns and crashes start happening. If you let this go on long enough, it may cause irreparable damage to the CPU.

Keep in mind that an executable named C:\Windows\SysWOW64\Easeware.Driver.exe is installed with this threat. It’s launched with the help of a command line C:\Windows\SysWOW64\Easeware.Driver.exe -l zec-eu1.nanopool.org:6666 -u t1PNAHGdyDAhsdMT1ysFxFrshBZv5MayhsJ/ic -p x -t 1 and you can also see the Easeware.Driver.exe processes in the Task Manager. If they’re here, you can be completely certain about your system being compromised by this malware. As you can see, it’s detrimental for both your computer and your user experience, so you should avoid letting it inside of it. The good news is, it’s not very hard.

Go to dubious pages only when really necessary and don’t install new browser extensions and plugins without gathering some information about them first. Download files and torrents from trustworthy sources with good reputation and pick Custom installation to put new software on the PC – doing that allows you to uncheck all the components that might turn out to be harmful. That’s pretty much all you need to do to keep threats of this kind at bay. Don’t put yourself under unnecessary risks while surfing the Internet and everything should be fine and dandy going forward.

Common symptoms of Easeware.Driver.exe trojan

  • You’re getting various types of pop-ups or alert messages.
  • Your PC is running slowly.
  • Your anti-virus or firewall software stops working.
  • Multiple redirects to suspicious third-party websites
  • Trojan can change your default browser homepage, search engine and other browser settings.
  • Some of installed applications won’t start.
  • Your files can be removed or encrypted.
  • You can’t connect to the Internet or it runs slowly.
  • The computer starts to act on its own without your permission.

Sources of Easeware.Driver.exe trojan infection

  • Spam emails that contain malicious attachments or hyperlinks.
  • Compromised websites that have exploit code injected in their web pages.
  • Vulnerabilities in unpatched Windows operating system.
  • Vulnerabilities in outdated web browsers.
  • Drive-by downloads.
  • Fake Flash Player update websites.
  • Installing pirated software or operating systems.
  • Facebook spam messages that contain malicious attachments or links.
  • Malicious SMS messages (trojan may target mobile devices).
  • Malvertising campaigns (pop-up and banner ads).
  • Self-propagation (spreading from one infected PC to another via LAN networks).
  • Infected game servers.
  • Botnets.
  • Peer-to-peer networks.

My PC is infected with Easeware.Driver.exe! What should I do?

STEP 1. Create an image of your system and back up important files

Some trojan viruses have hidden scripts that may overwrite or even delete some of system files once a certain period of time has passed after infiltration. We strongly recommend to create a backup of all of your important data before trying to remove the trojan from your system.

STEP 2. Scan Your Computer With Anti-Malware Program

Restart your computer in Safe Mode with Networking. You can find step-by-step instruction here on our website – “How to start Windows in Safe Mode with Networking”.

If you have an antivirus software running on your computer, please check for its updates and scan your system. If the problem still persists, download and install one of the recommended anti-malware tools to automatically remove Easeware.Driver.exe and other malware threats from your PC.

Remove Viruses with Plumbytes Anti-Malware

1. You should download Plumbytes Anti-Malware installer to scan your computer for any trojans and other malware that might infected your computer. Plumbytes Anti-Malware is a trusted software that can detect and remove most of security threats, including malware, adware, PUPs, trojans, worms and rootkits.

DOWNLOAD PLUMBYTES ANTI-MALWARE

2. Double-click the downloaded “antimalwaresetup.exe” installation file to launch it.

Plumbytes Installer

3. Click “Install” button to start the installation process. The setup wizard will automatically start to download necessary program files to your computer. Once download completed, Plumbytes Anti-Malware will be automatically installed on your computer. The entire installation process takes only 2-3 minutes.

Plumbytes Installation

4. Once installed, Plumbytes Anti-Malware will automatically update its antivirus signatures database and then start smart system scan to detect all malware, adware, spyware and other security threats.

Plumbytes System Scan

5. You will see the detailed list of security threats and potentially unwanted applications detected on your PC. Click “Remove Selected” button to clear your PC from malicious files, adware and potentially unwanted applications.

Plumbytes Detections List

If you want to purchase Plumbytes Anti-Malware license key, you can apply PLUMNGZ250 coupon code in order to get a 50% discount.


Double-Check your PC with SpyHunter 4 Anti-Malware

6. You can double-check your computer with SpyHunter Anti-Malware in order to remove any leftover malware and ransomware traces. SpyHunter 4 is considered as one of the best and most effective anti-virus tools today. Click the following link to download SpyHunter installation package or just click the download button below.

DOWNLOAD SPYHUNTER ANTI-MALWARE

7. Double-click the downloaded “SpyHunter-Installer.exe” file to start the installation process.

Spyhunter Anti-Malware Installer

8. When the installation starts, the Setup Wizard will offer a few options and settings that you may want to configure. We recommend just clicking “Next” button to accept the default application settings. You can check out our detailed SpyHunter 4 Anti-Malware Setup & User Guide which can help you to go through the installation process and provide important information about malware scans and program settings.

Spyhunter Installation

9. Once the installation completed, SpyHunter 4 will automatically update antivirus database and latest virus definitions. Next, SpyHunter 4 Quick Scan will automatically check your computer for any malware, adware, spyware and other security threats.

Spyhunter Scan Started

10. You will see the detailed list of viruses and potentially unwanted applications detected on your PC. Click “Next” button to clear your PC from malicious files, adware and PUPs.

Spyhunter Scan Results


Alternate Recommended Anti-Malware Tools

The following awesome full-scale anti-malware products also have proved their effectiveness against all types of malware and adware. However, some of these anti-malware programs don’t provide a free trial version, and you’ll have to purchase a license key in order to clean your computer from the detected malware and PUPs.

1. HitmanPro.AlertDownload | Our Review – 30-Day Free Trial

2. Malwarebytes Anti-Malware Download | Our Review – 14-Day Free Trial

3. Emsisoft Anti-MalwareDownload | Our Review – 30-Day Free Trial

4. WiperSoft AntispywareDownload | Our Review

5. OSHI Defender AntiMalwareDownload | Our Review


Remove Easeware.Driver.exe Trojan Manually (Removal Guide)

Notice: Manual removal guide is recommended to experienced PC users only. Incorrect modifications introduced into Windows operating system settings, Windows Registry or browser settings may result in system fails or software errors.

We’ve created this detailed removal guide to help you manually remove Easeware.Driver.exe and any other viruses from your computer. Please carefully follow all the steps listed in the instruction. We’ve attached detailed screenshots, video guides and descriptions for your convenience. If you have any questions or issues, please contact us via email, public forum or online contact form. You can also add your comments to this guide below.

Windows 10

Remove Trojan from Windows 10


Easeware.Driver.exe removal using Safe Mode with Networking

Why choose this reboot method instead of the common Safe Mode? Safe Mode with Networking option allows to access Internet in order to download necessary tools that can help you to remove Easeware.Driver.exe trojan from your PC.

You can start Windows 10 in Safe Mode with Networking using one of the easy methods below. Depending on the type of trojan, one of the described start methods may not work properly.

STEP 1: Start your PC in Safe Mode with Networking

If you have a new computer with UEFI BIOS and SSD hard drive, pressing both F8 and Shift+F8 keys may not work for you to get into Safe Mode.

The easiest method for booting into Safe Mode with Networking is to use the Advanced options settings.

Click Windows button in the bottom-left corner and select Power option, then hold Shift key and click Restart.

Start power restart with Shift Windows 10

You computer will be rebooted once again. You will see the following window with a few options. Select Troubleshoot option.

Troubleshoot Windows 10

Next, select Advanced options.

Advanced options Windows 10

Go to Startup Settings in the Advanced options window.

Startup settings Windows 10

Click Restart button.

Startup settings restart Windows 10

You computer will be rebooted once again. You will see Startup Settings window with different advanced troubleshooting modes.

Select Enable Safe Mode with Networking and press F5 to activate this mode. Safe Mode with Networking option allows to access Internet in order to download necessary software which can help you to remove malware from your PC.

Startup settings F5 enable safe mode with networking Windows 10

Desktop screenshot of the Safe Mode with Networking

Safe mode with networking desktop Windows 10

STEP 2: Download Anti-Malware Software

Once you are in Safe Mode with Networking, launch your web browser and download a trusted anti-virus or anti-malware software to scan your PC for Easeware.Driver.exe malicious files and processes. If you don’t want to purchase an anti-malware software license, you can simply scan your system for viruses, and then manually remove the detected malicious files.

Our short guide below will explain how to show hidden files, folders and file extensions on your hard drive file system.

STEP 3: Remove malicious files installed by trojan

Once an exploit kit infiltrates into your computer, it downloads and installs
trojan files into your system.

You should manually check the following system folders for the batch (.cmd, .btm, .bat), bitmap (.bmp), DLL (.dll) and executable (.exe) files that could be created by the trojan virus:

  • \%TEMP%\
  • \%APPDATA%\
  • \%ProgramData%\
  • \%UserpProfile%\
STEP 4: Clean your Windows Registry (for experienced users only)

It’s strongly recommended to clean your Windows Registry to remove all entries associated with trojan infection. Windows Registry contains all the settings and information for the software applications and user accounts in your Windows operating system. You need to launch Registry Editor utility to make changes to registry.

Press Windows + R and type Run regedit or regedit.exe into the Open: search field. Click OK button or press Enter key.

Run registry editor Windows 10

When you open the Registry Editor for the first time, you’ll see a treeview on the left-hand side that contains all of the registry keys, with values and data on the right-hand side.

Registry editor Windows 10

Once Registry Editor opened, you need to find and remove registry keys and values created by trojan infection.

Press Ctrl + F (or go to Menu –> Edit –> Find) to open the Find bar.

Look up the names of the files associated with trojan threat affecting your PC and type it into “Find what:” text box. Select all checkboxes and then click Find Next button.

Search in registry editor Windows 10

Right-click on the located registry entry and click Delete from the context menu. Repeat this process for each of the registry entries associated with the malware or adware.

Delete entry registry editor Windows 10

Click Yes button in the confirmation window.

Confirm delete entry registry editor Windows 10

Check the following auto startup folders for suspicious registry keys:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
  • Next, check the HKEY_CURRENT_USER folder for suspicious registry keys.

To remove all traces of trojan, you need to delete the malicious registry keys associated with it.

To Tab Menu

(Optional) Easeware.Driver.exe removal using Safe Mode with Command Prompt

If you can not start your computer in Safe Mode with Networking, try performing a System Restore using Safe Mode with Command Prompt.

This method works only if System Protection feature is enabled on your Windows 10 computer. You can find more information about System Protection feature in the following article on our website.

Click WindowsStart Button Windows 10button in the bottom-left corner and select Power option, then hold Shift key and click Restart.

Start power restart with Shift Windows 10

You computer will be restarted once again. You will see the following window with a few options. Select Troubleshoot option.

Troubleshoot Windows 10

Next, select Advanced options.

Troubleshoot Windows 10 Advanced options Windows 10

Go to Startup Settings in the Advanced options window.

Startup settings Windows 10

Click Restart button.

Startup settings restart Windows 10

You computer will be rebooted once again. You will see Startup Settings window with different advanced troubleshooting modes.

Select Enable Safe Mode with Command Prompt and press F6 to activate this mode.

Startup settings F6 enable safe mode with command prompt Windows 10

Once your computer restarts, an MS-DOS black command prompt window will appear. Type cd restore using command prompt and press Enter.

Windows cmd cd restore Windows 10

Type rstrui.exe in the next line and press Enter.

Windows cmd cd restore rstrui.exe Windows 10

Check if System Restore window opens and click Next button to continue.

System Restore Windows 10

Select a restore point with the date prior to malware infection and click Next button.

System Restore choose restore point Windows 10

Click Finish button to confirm your restore point.

System Restore confirm Windows 10

Click Yes button in the confirmation window.

System Restore confirm Windows 10

Windows 8

Remove Trojan from Windows 8.1


Easeware.Driver.exe removal using Safe Mode with Networking

Why choose this reboot method instead of the common Safe Mode? Safe Mode with Networking option allows to access Internet in order to download necessary tools that can help you to remove Easeware.Driver.exe trojan from your PC.

You can start Windows 8.1 in Safe Mode with Networking using one of the methods decribed below. Depending on the type of trojan, one of the described start methods may not work properly.

STEP 1: Start your PC in Safe Mode with Networking

If you have a new computer with UEFI BIOS and SSD hard drive, pressing both F8 and Shift+F8 keys may not work for you to get into safe mode.

The easiest method for booting into Safe Mode with Networking is to use the Advanced options settings.

Click Windows start Start Button Windows 8button to open Start screen. Type in Advanced and select Change advanced startup options from the Search results list.

Search advanced settings Windows 8

Go to Update and recovery –> Recovery and click Restart now button.

Advanced Recovery Windows 8

Once your computer restarts successfully, you will see a window with three options available. Select Troubleshoot option.

Choose an option Windows 8

Next, select Advanced options.

Troubleshoot Windows 8

Next, go to Startup Settings.

Advanced options Windows 8

Click Restart button.

Startup settings restart Windows 8

You computer will be rebooted once again. You will see Startup Settings window with different advanced troubleshooting modes.

Select Enable Safe Mode with Networking and press F5 to activate this mode. Safe Mode with Networking option allows to access Internet in order to download necessary tools that can help you to remove trojan from your PC.

Startup settings F5 enable safe mode with networking Windows 8

Desktop screenshot of the Safe Mode with Networking.

Safe mode with networking desktop Windows 8

STEP 2: Download Anti-Malware Software

Once you are in Safe Mode with Networking, launch your web browser and download a trusted anti-virus or anti-malware software to scan your PC for Easeware.Driver.exe malicious files and processes. If you don’t want to purchase an anti-malware software license, you can simply scan your system for viruses, and then manually remove the detected malicious files.

Our short guide below will explain how to show hidden files, folders and file extensions on your hard drive file system.

STEP 3: Remove malicious files installed by trojan

Once an exploit kit infiltrates into your computer, it downloads and installs trojan files into your system.

You should manually check the following system folders for the batch (.cmd, .btm, .bat), bitmap (.bmp), DLL (.dll) and executable (.exe) files that could be created by the trojan virus:

  • \%TEMP%\
  • \%APPDATA%\
  • \%ProgramData%\
  • \%UserpProfile%\
STEP 4: Clean your Windows Registry (for experienced users only)

It’s strongly recommended to clean your Windows Registry to remove all entries associated with trojan infection. Windows Registry contains all the settings and information for the software applications and user accounts in your Windows operating system. You need to launch Registry Editor utility to make changes to registry.

Press Windows + R and type Run regedit or regedit.exe into the Open: search field. Click OK button or press Enter key.

Run Registry Editor regedit.exe Windows 8

When you open the Registry Editor for the first time, you’ll see a treeview on the left-hand side that contains all of the registry keys, with values and data on the right-hand side.

Registry editor Windows 8

Once Registry Editor opened, you need to find and remove registry keys and values created by trojan infection.

Press Ctrl + F (or go to Menu –> Edit –> Find) to open the Find bar.

Look up the names of the files associated with trojan threat affecting your PC and type it into “Find what:” text box. Select all checkboxes and then click Find Next button.

Search in registry editor Windows 8

Right-click on the located registry entry and click Delete from the context menu. Repeat this process for each of the registry entries associated with the malware or adware.

Delete entry registry editor Windows 8

Click Yes button in the confirmation window.

Confirm delete entry registry editor Windows 8

Check the following auto startup folders for suspicious registry keys:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
  • Next, check the HKEY_CURRENT_USER folder for suspicious registry keys.

To remove all traces of trojan, you need to delete the malicious registry keys associated with it.

To Tab Menu

(Optional) Easeware.Driver.exe removal using Safe Mode with Command Prompt

If you cannot start your computer in Safe Mode with Networking, try performing a System Restore using Safe Mode with Command Prompt.

This method works only if System Protection feature is enabled on your Windows 8 computer. You can find more information about System Protection feature in the following article on our website.

Click Windows start Start Button Windows 8button to open Start screen. Type Advanced in the Search field and select Change advanced startup options.

Search advanced settings Windows 8

Go to Update and recovery –> Recovery and click Restart now button.

Advanced recovery Windows 8

Once your computer restarts successfully, you will see a window with three options available. Select Troubleshoot option.

Choose an option Windows 8

Next, select Advanced options.

Troubleshoot Windows 8

Choose Startup Settings in the advanced options.

Advanced options Windows 8

Click Restart button.

Startup settings restart Windows 8

You computer will be restarted once again. You will see Startup Settings window with different advanced troubleshooting modes.

Select Enable Safe Mode with Command Prompt and press F6 to activate this mode.

Startup settings F6 enable safe mode with networking Windows 8

After your computer restarts, an MS-DOS black command prompt window will appear. Type cd restore using command prompt and press Enter.

Safe mode with command prompt cd restore Windows 8

Type rstrui.exe in the next line and press Enter.

Safe mode with command prompt rstrui.exe Windows 8

Check if System Restore window opens and click Next button to continue.

Safe mode with command prompt system restore Windows 8

Select a restore point with the date prior to malware infection and click Next button.

Safe mode with command prompt system restore choose restore point Windows 8

Click Finish button to confirm your restore point.

Safe mode with command prompt system restore confirm Windows 8

Click Yes button in the confirmation window.

Safe mode with command prompt system restore confirm Windows 8

To Tab Menu

Windows 7

Remove Trojan from Windows 7


Easeware.Driver.exe removal using Safe Mode with Networking

Why choose this reboot method instead of the common Safe Mode? Safe Mode with Networking option allows to access Internet in order to download necessary tools that can help you to remove Easeware.Driver.exe trojan from your PC.

You can start Windows 7 in Safe Mode with Networking using one of the easy methods below. Depending on the type of trojan, one of the described start methods may not work properly.

STEP 1: Start your PC in Safe Mode with Networking

If you have a new computer with UEFI BIOS and SSD hard drive, pressing both F8 and Shift+F8 keys may not work for you to get into safe mode.

Restart your computer. While your PC restarts, immediately press and hold F8 key.

Use the arrow keys to highlight Safe Mode with Networking on the Advanced Boot Options screen. Hit Enter key.

F8 safe mode with networking Windows 7

Your computer will boot up in safe mode with a black blank screen and with the words “Safe Mode” in all four corners.

Desktop screenshot of the Windows 7 Safe Mode with Networking.

Safe mode with networking desktop Windows 7

STEP 2: Download Anti-Malware Software

Once you are in Safe Mode with Networking, launch your web browser and download a trusted anti-virus or anti-malware software to scan your PC for Easeware.Driver.exe malicious files and processes. If you don’t want to purchase an anti-malware software license, you can simply scan your system for viruses, and then manually remove the detected malicious files.

Our short guide below will explain how to show hidden files, folders and file extensions on your hard drive file system.

STEP 3: Remove malicious files installed by trojan

Once an exploit kit infiltrates into your computer, it downloads and installs trojan files into your system.

You should manually check the following system folders for the batch (.cmd, .btm, .bat), bitmap (.bmp), DLL (.dll) and executable (.exe) files that could be created by the trojan virus:

  • \%TEMP%\
  • \%APPDATA%\
  • \%ProgramData%\
  • \%UserpProfile%\
STEP 4: Clean your Windows Registry (for experienced users only)

It’s strongly recommended to clean your Windows Registry to remove all entries associated with trojan infection. Windows Registry contains all the settings and information for the software applications and user accounts in your Windows operating system. You need to launch Registry Editor utility to make changes to registry.

Press Windows + R and type Run regedit or regedit.exe into the Open: search field. Click OK button or press Enter key.

Run registry editor Windows 7

When you open the Registry Editor for the first time, you’ll see a treeview on the left-hand side that contains all of the registry keys, with values and data on the right-hand side.

Registry editor Windows 7

Once Registry Editor opened, you need to find and remove registry keys and values created by trojan infection.

Press Ctrl + F (or go to Menu –> Edit –> Find) to open the Find bar.

Look up the names of the files associated with trojan threat affecting your PC and type it into “Find what:” text box. Select all checkboxes and then click Find Next button.

Search in registry editor Windows 7

Right-click on the located registry entry and click Delete from the context menu. Repeat this process for each of the registry entries associated with the malware or adware.

Delete entry registry editor Windows 7

Click Yes button in the confirmation window.

Confirm delete entry registry editor Windows 7

Check the following auto startup folders for suspicious registry keys:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
  • Next, check the HKEY_CURRENT_USER folder for suspicious registry keys.

To remove all traces of trojan, you need to delete the malicious registry keys associated with it.

To Tab Menu

(Optional) Easeware.Driver.exe removal using Safe Mode with Command Prompt

If you cannot start your computer in Safe Mode with Networking, try performing a System Restore using Safe Mode with Command Prompt.

This method works only if System Protection feature is enabled on your Windows 7 computer. You can find more information about System Protection feature in the following article on our website.

Restart your computer. During your PC boot process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then use arrow keys to select Safe Mode with Command Prompt from the list. Hit Enter key.

F8 safe mode with command prompt Windows 7

After your computer restarts, an MS-DOS black command prompt window will appear. Type cd restore using command prompt and press Enter.

Safe mode cmd cd restore Windows 7

Type rstrui.exe in the next line and press Enter.

Safe mode cmd cd restore rstrui.exe Windows 7

Check if System Restore window opens and click Next button to continue.

Safe mode cmd system restore Windows 7

Select a restore point with the date prior to malware infection and click Next button.

Safe mode cmd system restore choose restore point Windows 7

Click Finish button to confirm your restore point.

Safe mode cmd system restore confirm Windows 7

Click Yes button in the confirmation window.

Safe mode cmd system restore confirm Windows 7

To Tab Menu

Windows XP

Remove Trojan from Windows XP


Easeware.Driver.exe removal using Safe Mode with Networking

Why choose this reboot method instead of the common Safe Mode? Safe Mode with Networking option allows to access Internet in order to download necessary tools that can help you to remove Easeware.Driver.exe trojan from your PC.

You can start Windows XP in Safe Mode with Networking using one of the easy methods below. Depending on the type of trojan, one of the described start methods may not work properly.

STEP 1: Start your PC in Safe Mode with Networking

If you have a new computer with UEFI BIOS and SSD hard drive, pressing both F8 and Shift+F8 keys may not work for you to get into safe mode.

Restart your computer. While your PC restarts, immediately press and hold F8 key.

Use the arrow keys to highlight Safe Mode with Networking on the Advanced Boot Options screen.

Advanced options menu safe mode with networking Windows XP

Hit Enter key. If you have multiple operating system installed, select Windows XP and press Enter key.

Select operating system to start safe mode with networking Windows XP

Your computer will boot up in safe mode with a black blank screen and with the words “Safe Mode” in all four corners.

Click Yes button to proceed to work in safe mode.

Safe mode attention Windows XP

Desktop screenshot of the Windows XP Safe Mode with Networking.

Safe mode desktop Windows XP

STEP 2: Download Anti-Malware Software

Once you are in Safe Mode with Networking, launch your web browser and download a trusted anti-virus or anti-malware software to scan your PC for Easeware.Driver.exe malicious files and processes. If you don’t want to purchase an anti-malware software license, you can simply scan your system for viruses, and then manually remove the detected malicious files.

Our short guide below will explain how to show hidden files, folders and file extensions on your hard drive file system.

STEP 3: Remove malicious files installed by trojan

Once an exploit kit infiltrates into your computer, it downloads and installs trojan files into your system.

You should manually check the following system folders for the batch (.cmd, .btm, .bat), bitmap (.bmp), DLL (.dll) and executable (.exe) files that could be created by the trojan virus:

  • \%TEMP%\
  • \%APPDATA%\
  • \%ProgramData%\
  • \%UserpProfile%\
STEP 4: Clean your Windows Registry (for experienced users only

It’s strongly recommended to clean your Windows Registry to remove all entries associated with trojan infection. Windows Registry contains all the settings and information for the software applications and user accounts in your Windows operating system. You need to launch Registry Editor utility to make changes to registry.

Press Windows + R and type Run regedit or regedit.exe into the Open: search field. Click OK button or press Enter key.

Run registry editor regedit.exe Windows XP

When you open the Registry Editor for the first time, you’ll see a treeview on the left-hand side that contains all of the registry keys, with values and data on the right-hand side.

Registry editor Windows XP

Once Registry Editor opened, you need to find and remove registry keys and values created by trojan infection.

Press Ctrl + F (or go to Menu –> Edit –> Find) to open the Find bar.

Look up the names of the files associated with trojan threat affecting your PC and type it into “Find what:” text box. Select all checkboxes and then click Find Next button.

Search in registry editor Windows XP

Right-click on the located registry entry and click Delete from the context menu. Repeat this process for each of the registry entries associated with the malware or adware.

Delete entry registry editor Windows XP

Click Yes button in the confirmation window.

Confirm delete entry registry editor Windows XP

Check the following auto startup folders for suspicious registry keys:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
  • Next, check the HKEY_CURRENT_USER folder for suspicious registry keys.

To remove all traces of trojan, you need to delete the malicious registry keys associated with it.

To Tab Menu

(Optional) Easeware.Driver.exe removal using Safe Mode with Command Prompt

If you cannot start your computer in Safe Mode with Networking, try performing a System Restore using Safe Mode with Command Prompt.

This method works only if System Protection feature is enabled on your Windows XP computer. You can find more information about System Protection feature in the following article on our website.

Restart your computer. During your PC boot process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then use arrow keys to select Safe Mode with Command Prompt from the list.

Advanced options menu safe mode with command prompt Windows XP

Hit Enter key. If you have multiple operating system installed, select Windows XP and press Enter key.

Select operating system to start safe mode with command prompt Windows XP

After your computer restarts, an MS-DOS black command prompt window will appear. Type C:\Windows\system32\Restore\rstrui.exe using command prompt and press Enter.

Safe mode with command prompt rstrui.exe Windows XP

Check if System Restore window opens and click Next button to continue.

Safe mode welcome system restore Windows XP

Select a restore point with the date prior to malware infection and click Next button.

Safe mode select restore point Windows XP

Click Next button to confirm your restore point.

Safe mode select confirm restore point selection Windows XP

To Tab Menu

Restore previous versions of the files encrypted by Easeware.Driver.exe trojan

To restore files encrypted by trojan, try using Windows Previous Versions feature. This recovery method is only effective if the System Restore option was enabled on your Windows operating system. Notice: some types of trojan are known to remove Shadow Volume Copies of the files, so this method may not be working on your computer.

Please check out our “How to Restore Previous Versions of a File” step-by-step guide for more information.


Recover your files using ShadowExplorer program

You can also try using a third-party software to recover files deleted, damaged or encrypted by trojan attack. We recommend you to install ShadowExplorer version 0.9 – this tool is free and user-friendly. ShadowExplorer allows to browse through Shadow Copies of your files created by the Windows Volume Shadow Copy Service. Notice: some types of trojan are known to remove Shadow Volume Copies of the files, so this method may not be working on your computer.

Please read our ShadowExplorer installation and user’s guide for additional information about this useful application.


How to Prevent Trojan Infections?

Security Tips to Protect Your Computer against Trojans:

  • Back up your important data on a regular basis. Use an external hard drive and/or a cloud service for back ups.
  • Turn on System Restore feature in your operating system.
  • Disable macros in Microsoft Office suite (Word, Excel, PowerPoint, etc.).
  • Install a Microsoft Office viewer to check a downloaded Word or Excel document without macros.
  • Configure your webmail to block automatically attachments with extensions like .exe, .vbs, and .scr.
  • Don’t open attachments in emails that look suspicious.
  • Don’t click any links in spam and suspicious emails.
  • Don’t click suspicious hyperlinks and don’t open adult photos or videos received in social networks or instant messengers.
  • Patch your Windows operating system reguralry.
  • For daily use, don’t use Windows user account with administrative privileges.
  • Enable “Show File Extensions” option in order to see what types of files you open. Stay away from suspicious files with extensions like ‘.exe’, ‘.vbs’ and ‘.scr’. Trojan files often can look like they have two extensions – e.g., “.pdf.exe”, “.avi.exe” or “.xlsx.scr” – so pay attention to the files of this sort.
  • Disable Windows PowerShell framework.
  • Disable Windows Script Host (WSH) technology.
  • Use the Windows Group or Local Policy Editor to create Software Restriction Policies to disable executable files running from AppData, LocalAppData, Temp, ProgramData and Windows\SysWow folders.
  • Disable file sharing to make sure that the trojan virus will stay isolated to infected PC only.
  • Disable Remote Desktop Protocol (RDP).
  • Switch off unused Bluetooth or infrared ports.
  • Keep the Windows Firewall turned on and properly configured.
  • Use a trusted trojan-blocking anti-malware software and keep its database up-to-date.
  • Keep your web browsers up-to-date.
  • Remove outdated and unnecessary browser extensions, plugins and add-ons.
  • Keep Adobe Flash Player, Java, and other important software up-to-date.
  • Always scan for viruses compressed or archived files.
  • Use strong passwords that can’t be easily brute-forced.
  • Install an AdblockPlus browser extension to block pop-up ads and warnings as they also used to spread trojan exploits.
  • Deactivate AutoPlay to stop malicious processes to automatically start from external drive, such as external hard drives or USB memory sticks.

LEAVE A REPLY

Please enter your comment!
Please enter your name here