Counter.wmail-service.com is a Command & Control (C&C) server for VenomSoftX malware, a dangerous JavaScript-based RAT (remote access trojan), and a cryptocurrency hijacker. VenomSoftX is focused on stealing cryptocurrency and clipboard contents, as well as scanning the affected machine for fingerprints as well as downloading additional payloads, or even executing commands.
ViperSoftX makes use of malicious browser extensions that allow complete access to each page that a victim goes to. To hide from users, it disguises itself in the form of “Google Sheets 2.1”, “Google Docs 1.0” or another extension that appears legitimate.
The ViperSoftX malware is a man-in-the-browser attacks by altering API requests’ information on the most popular cryptocurrency exchanges, which allows the attacker to execute swapping of cryptocurrency addresses. It also takes credentials, clipboard contents and alters cryptocurrency addresses on websites that are visited.
To test your computer for malware and then remove it for free, follow the instructions below.
Removal Instructions for Counter.wmail-service.com Trojan
To remove Counter.wmail-service.com Trojan from your computer, follow these steps:
- Step 1. Use Rkill to end the malicious process
- STEP 2. Remove malicious software from your PC
- Step 3.: Uninstall malicious Browser policies and browsers from Windows
- Step 4 Remove the malicious file and/or folders off Windows
- Step 5: Set your browser’s settings back to default settings
- Step 6 Utilize Malwarebytes to get rid of trojans as well as hijackers of browsers
- Step 7: Utilize HitmanPro to scan your PC for rootkits, malware and other threats.
- Step 8 Step 8: Utilize AdwCleaner to get rid of adware and harmful browser policies
Step 1: Make use of Rkill to stop harmful processes
In the initial step, we download and execute Rkill to stop any malicious processes that are running on your computer.
RKill is a tool created by BleepingComputer.com which aims to stop recognized malware programs so your regular security software is able to be run and cleanse your PC free of any infections. When RKill is running, it kills malware processes, and remove improper executable associations as well as fixes to the policies that prohibit users from using certain tools.
- Download Rkill.
It is possible to download RKill on your personal computer by following the link. Once you arrive at the page for downloading, you need to click the Download Now button, which is labelled iExplore.exe. The file we download is an renamed version of Rkill (iExplore.exe) because certain malware won’t allow applications to function unless they are associated with an exact name for the file.
- Run RKill.
Once you’ve downloaded the file, double click on the iExplore.exe icon to end harmful processes. Most of the time the downloads are saved in folders in the Downloads folder.
The program could take a while to find and close numerous malware programs.Once it’s finished the black screen will shut down automatically, and an open log file will appear. Don’t restart your computer. Follow the next step of this guide.
Step 2: Remove malware-related programs from your computer.
In the next step, we examine the computer for any suspicious or harmful programs are installed on the system. Sometimes, browser hijackers and adware may have an usable Uninstall entry that could be used to eliminate these programs.
- Use on the Windows keys + I to launch the Settings application.
To begin, you need to start by opening Windows Settings through pressing Windows + I in your keyboard. It is also possible to right-click your start button and choose ” Settings” from the drop-down menu.
- On the Settings app, click “Apps” and then “Apps & features”.
After the Settings window opens you can click ” Apps” on the sidebar. Then choose ” Apps & Features“.
- Look for the malicious program on the installed programs and remove it.
In the the Apps and Features settings go to the Apps & Features list and look for unidentified or suspicious applications. To simplify things to find the right program, you can sort all installed applications by their install date. In order to do that, simply click “Sort by” and select “Install date”.
Be on the lookout for any suspicious programs that may be the cause of all the drama. Anything you can’t remember downloading, or doesn’t seem like a legitimate program. If you discover a malware-laden program, simply click to the 3 dots icon next to it, and then select ” Uninstall” from the menu that pops up.If you’ve checked your computer for malware and didn’t find any it is safe to move on to the next step of this guide.
- Follow the steps to remove the program.
In the next window In the next message box, confirm the process of uninstallation by clicking Uninstall Then follow the steps to remove the malicious program.
You must read all of the instructions carefully Be aware that some malicious software will try to sneak information to trick you into thinking that you didn’t take the time to read them carefully.
If you’re experiencing difficulties when trying to uninstall an application, you can utilize Revo’s Uninstaller to completely delete the undesirable program from your PC.
Once the malware have been eliminated from your PC We can move on to the next step of this tutorial.
Step 3: Disable malicious browsing policies and browsers from Windows
In the third step we will run our Command Prompt as Administrator and execute the following commands to eliminate the harmful policies that were created by malware.
- Open Command Prompt as Administrator.
To launch the Command Prompt as an administrator within Windows simply type ” cmd” in the search box and after that, right click on the Command Prompt result and choose ” Run as administrator” as illustrated in the below image.
An User Account Control (UAC) screen will appear, asking permission for the program to start. Click “Yes”.
- Run commands to eliminate malicious policies from Windows
You’ll see a black-colored screen that is referred to as the “Administrator Command Prompt’. This screen is where you will be able to type commands into the box and press on the Enter button on the keyboard.
Then type the following commands, then press Enter after each command:
- Type RD /S /Q “%WinDir%\System32\GroupPolicyUsers” and press the Enter key on your keyboard.
- Type RD /S /Q “%WinDir%\System32\GroupPolicy” and press the Enter key on your keyboard.
- Type Gpupdate/force and then press to press the Enter button on the keyboard.
After entering all one of these commands, the display should appear similar to the picture below.
Once the malicious policies have been removed The next step, we’ll change your browser settings back to their default settings.
Step 4: Remove harmful files and folders from Windows
In the fourth step, we’ll manually search and eliminate malicious schedule tasks as well as folders from your computer.
- Eliminate the malicious scheduled tasks.
This virus could trigger an insecure scheduled task on the Task Scheduler to make sure that it’s automatically restored every five minutes after it was deleted. The task could be run regularly in order to make sure that the virus is not able to be removed from your computer.
- Look up “Task Scheduler” in the Windows search, as it is shown below.You may also open the Task Scheduler application using the Windows + R buttons and then typing “taskschd.msc” and press Enter.
- Within the window for Task Scheduler go to the Task Scheduler Library located on the left on the right.
- Find the suspicious scheduled task within the task list. It could be assigned an unintentionally generated name (eg. Chrome_Policy or Chrome_Bookmarks, for example,) or it could be identified as a suspect or unidentified task. Right-click the malicious task and choose ” Delete” from the menu.
- Remove malicious files that are located in AppDataRoaming directory
We are now going to delete the malicious file located in the AppDataRoaming folder.
- Find ” Run” within the search window as in the below screenshot, or click the Windows + R button to launch Run. Run application.
- In the Run App text box, type in “ %AppData% ” Click OK . Windows will immediately open the Roaming folder, which is within the AppData folder. This is inside the AppData.
- In the folder AppDataRoaming, search and delete any unidentified folders that have names such as Markets, Energy, Bloom, and Travel (note that the actual name of your PC may differ but you should search for applications that use similar names).
- Remove malicious files that are located in AppDataLocal folder
The next step is to eliminate the malicious folders which are located in the AppDataLocal folder, as well as the harmful Chrome browser extension.
- Look up ” Run” in the Windows search box as in the below screenshot, or hit the Windows + R button to launch Run. Run application.
- In the Run App text box, type “ %localappdata% ” Click OK . Windows will immediately open the AppDataLocal directory, located inside within the AppData folder.
- In the AppDataLocal directory search and delete The WindowsApp and ServiceApp folders.
Then, look for the Google folder, and then go to Google > Chrome > User Data > Default (or Profile) > Extensions . Find the malicious extension’s folder. inside the Extensions folder and then delete within the Extensions folder and delete it. It could have an unintentionally generated name, or be identified as an unknown or suspicious extension.
After we’ve manually eliminated the malware-related files and tasks from your system, you can move on to our next task.
Step 5. Reset your browser’s settings to default
In this phase we’ll remove unwanted notifications or malicious extensions and make any settings default that may have been altered by malware.
Note that this method will erase any extensions, toolbars, and other settings, but it will keep your bookmarks and favorite sites intact. For every browser you’ve installed on your system Click on the tab for browsers following the instructions to reset your browser.
Set Chrome to default settings for Windows back to the default setting
Then, we’ll reset your Chrome browser settings back to the default settings. This resets your start page as well as new tab pages search engine, new tab page, and tabs that are pinned. This will also block any extensions and clear temporary data such as cookies. Your history, favorites and passwords saved are not cleared.
- Click on the three dots in the upper right corner. Then hit “Settings”.
Start Chrome, and then click the Menu button (represented with three dots) in the top-right corner of the screen. The dropdown menu which opens select “ Settings “.
- Click “Advanced”.
The Chrome’s “Settings” should now be open in the form of a new window or tab according to your configuration. In the left-hand sidebar, select the “ Advanced ” link.
- “Reset and Clean Up “Reset and clean up”.
On the right sidebar below the “Advanced” section in the section “ Clean up and reset “.
- Choose “Reset settings to their original defaults”.
The main windows, there is the “ Clean up and reset ” section is clearly visible, as seen in the image below. Click on “ Reset settings to their initial defaults “.
- Select “Reset settings”.
A confirmation dialog will be displayed, describing the components to be restored to their original state if you proceed with the reset procedure. For the process to be completed, simply click the “ Reset settings ” button.
- (Optional) Reset Chrome Data Sync.
If an infected extension is able to reinstall itself after making a browser reset and you are left with an possibility of resetting the sync data settings for your browser. In order to do that, go to chrome.google.com/sync Click to open the Clear Data button.
Step 6: Use Malwarebytes to eliminate malware and browser hijackers.
In this process we perform a full scan using Malwarebytes Free to get rid of any malware, infections, or other potentially undesirable software that could be on your PC.
Malwarebytes is among the most popular and popular anti-malware applications for Windows and has excellent reasons. It has the ability to eliminate all kinds of malware, which other programs tend to ignore, costing users anything. In terms of getting rid of malware on a device, Malwarebytes has always been cost-free and we highly recommend it as a vital tool in fighting malware.
- Download Malwarebytes for Windows.
Download Malwarebytes by clicking on the website.
- Click twice on Malwarebytes’ setup files.
After Malwarebytes has completed downloading, double-click the MBSetup file to install Malwarebytes on your PC. Most of the time the downloaded files are saved in within the Downloads folder.
There may be an user account control pop-up that asks you if would like to let Malwarebytes alter your device. If so you need to choose ” Yes” to continue the installation of Malwarebytes.
- Follow the prompts on screen to install Malwarebytes.
Once the installation of Malwarebytes begins it will display you will see the Malwarebytes wizard for setup that can guide you through the process of installing. The Malwarebytes installer will initially inquire about the type of computer you’re installing the program on, select on either Personal Computer or Work Computer.
Then, you can click ” Install” to install Malwarebytes on your PC.
After your Malwarebytes installation is completed it will open to display the welcome to Malwarebytes page.
- Click on “Scan”.
Malwarebytes has been installed on your PC, to begin a scan, click at the ” Scan” button. Malwarebytes will update automatically the database for antivirus and begin checking your computer for malware software.
- The Malwarebytes scan will take a while to be completed.
Malwarebytes will examine your PC for browser hijackers as well as other malware software. The process could take several minutes, therefore we suggest that you take a break and check regularly the progress that the scanner is running to determine when it’s done.
- Click on “Quarantine”.
Once the Malwarebytes scan has finished scanning it will display a window which displays all malware, adsware or potentially unwanted software that it has identified. To eliminate the adware as well as other harmful programs that Malwarebytes has discovered you need to click”Quarantine. ” Quarantine” button.
- Restart your computer.
Malwarebytes will now eliminate all malware-related registry keys and files that it has identified. In order to complete the removal of malware, Malwarebytes may ask you to restart your computer.
Step 7: Utilize HitmanPro to check your computer for rootkits, malware and other threats.
In the next step, we’ll scan your PC with HitmanPro in order to verify that there are no malicious programs are running on your device.
HitmanPro is an alternative scanner for second opinions that employs a an innovative cloud-based method of malware scanning. HitmanPro examines the behavior of active files as well as files that are located in areas in which malware is typically found to identify suspicious activities. If it discovers suspicious files that aren’t yet recognized, HitmanPro sends it to its cloud servers to be examined through two most effective antivirus engines of today and that’s Bitdefender as well as Kaspersky.
While HitmanPro is a shareware application that costs $24.95 for a year on one PC there is no limitation in the number of scans. The restriction only comes into effect when you need to quarantine or remove identified malware through HitmanPro on your system. at that point, you are able to use the trial period of just 30 days to allow the cleaning feature.
- Download HitmanPro.
It is possible to download HitmanPro via the download link on website.
Install HitmanPro.
After HitmanPro has completed downloading, double-click “hitmanpro.exe” (for 32-bit versions of Windows) or “hitmanpro_x64.exe” (for 64-bit versions of Windows) to install the application on your PC. Most of the time downloads are saved in within the Downloads folder.
There may be an user account control pop-up that asks you if you would like to allow HitmanPro to modify your device. If that happens then you need to select ” Yes” to proceed with the installation.
Follow the prompts on screen.
When HitmanPro starts, you get the Start screen that is illustrated below. Click”Next” to continue ” Next” button to run the system scan.
You must wait until to wait for HitmanPro scan to be completed.
HitmanPro will begin to search your computer for malware.
Click on “Next”.
Once HitmanPro has completed the analysis, it will display an overview of the malware it found. Click”Next” to proceed ” Next” button to let HitmanPro eliminate the identified items.
Select “Activate free license”.
HitmanPro might now need to activate its free 30-day trial in order to eliminate the malware-infected files. To activate this trial simply click the ” Activate free license” button to activate the free trial of 30 days and delete all harmful files from your PC.
After the malware removal process is completed the system will show an image that displays the status of all the applications that were eliminated. In the screen, select the Next button, and when you are prompted, select the Reboot button. If HitmanPro isn’t prompting the user to restart, simply click the close button.
Step 8: Use AdwCleaner get rid of malicious and adware policies
In this last stage, we’ll install and download AdwCleaner to get rid of the harmful browser policy that was created by browser hijackers on your PC and eliminate harmful browser extensions.
AdwCleaner is a popular and free scan-on-demand program that can identify and remove malware that the most well-known antivirus and anti-malware programs fail to discover. The on-demand scanner comes with several tools that can be utilized to treat the negative consequences of adsware. Browser hijackers and other malware.
Download AdwCleaner.
Download AdwCleaner via the website .
- Double-click the file that contains setup.Double-click on the file named “adwcleaner_x.x.x.exe” to start AdwCleaner. In the majority of cases the downloaded files are saved in that folder. Downloads folder.
AdwCleaner program is now running and you’ll be shown the license agreement for the program. Once you have read the agreement then click the I accept option if want to proceed. If Windows prompts you to choose what you would like to run AdwCleaner then you must let it start.
Enable “Reset Chrome policies” to remove malicious browser policies.
Once AdwCleaner has started at the left on the right side, click ” Settings” and then turn on ” Reset Chrome policies“.
Select”Scan” or “Scan” button.
On the left on the left side of the AdwCleaner window, click “Dashboard” and then click ” Scan” to conduct a computer scan.
Then wait to see if the scanning process of AdwCleaner end.
AdwCleaner will check your computer for any malware. The process can take up to a couple of minutes.
Select “Quarantine” to remove malware.
Once the AdwCleaner scan has completed, it will display the entire list of items it discovered. Click”Quarantine” to remove the ” Quarantine” button to delete the malicious software from your computer.
Click “Continue” to remove the malware.
AdwCleaner will remind for you to back up any files or data that are open because the program will require you to close any running applications before it can begin to cleanse. Click”Continue” ” Continue” button to complete the elimination process.
AdwCleaner will now remove all malware detected from your PC. Once the removal of malware is complete, you might be requested to restart your PC.
Your computer should now be free of the Counter.wmail-service.com Trojan and other malicious programs.
If your antivirus currently allows this malware on your PC It is recommended to look into buying the full-featured version Malwarebytes Anti-Malware to protect against such threats in the future.
If you’re still having issues with your computer after the above steps, you should follow the following instructions:
- Conduct a computer-based scan with Emsisoft emergency Kit
- For help, visit the Support for Malware Removal on Windows Forum.
How To Stay Safe Online and Avoid Malware
Here are 10 security tips that will help you keep malware out and secure your device
Utilize a reputable antivirus program and keep it updated.
It’s crucial to utilize an antivirus of high-quality and to keep it updated to stay on top of the most recent cyber-attacks. We’re hugely awestruck by Malwarebytes Premium and use it across all our devices, which includes Windows as well as Mac computers, as also the mobile phones we carry. Malwarebytes is a great complement to your standard antivirus and fills in any gaps in its defenses and giving you extra protection against shrewder security threats.
Make sure that operating systems and software are up-to-date.
Maintain the operating system as well as software up-to-date. When an update is made on your system, you can download it and install it as soon as you can. They usually contain security patches as well as vulnerability patches and other maintenance that is required.
Be aware when installing software and applications.
Be aware of the screen for installation and the license agreement while installing any software. Advanced or customized installation options usually reveal any third-party software being installed. Be careful at each step of the process and ensure you understand the terms you’re signing to before clicking “Next.”
Set up an advertisement blocker.
Make use of a browser-based content blocker like AdGuard. Content blockers can to block malicious advertisements as well as Trojans, phishing, and other unwanted material that an antivirus program can’t stop on its own.
Be aware of what you download.
The main goal for cyber criminals is lure users into downloading malware-based programs or applications that are laden with malware or attempt to steal data. The malware could be disguised as an application that is anything from a well-known game, to something that tracks the weather or traffic.
Be aware of people who are trying to scam you.
If it’s message, your phone or another application Be alert and be on guard for anyone trying to fool you to click on links or responding to messages. Be aware that it’s possible to impersonate phone numbers, and a known name or number does not guarantee that messages are more reliable.
Make backups of your information.
Backup your data regularly and ensure that the backup data is able to be restored. It is possible to do this by hand using an external HDD or USB stick, or by using an automated software for backup. This is the most effective way to combat ransomware. Do not connect the back-up drive with a PC if believe that the system is infected with malware.
Choose strong passwords.
Create unique and secure passwords for all your accounts. Beware of personal information and easily guessed terms in your passwords. Make sure you enable 2-factor authentication (2FA) for your account at all times.
Be cautious about when you click.
Be careful when clicking URLs or downloading attachments downloaded coming from unknown source. There is a chance that these could be containing malware or scams involving phishing.
Do not use software that is pirated.
Beware of Peer-to-Peer (P2P) software for file sharing cracks, keygens, keygens and other software pirated that could frequently compromise your privacy, data or both.
To stay safe from potential dangers when surfing the web It is essential to adhere to these basic safety guidelines. In doing this you will be able to protect yourself from a variety of unexpected surprises that could occur when surfing the internet.