What is XSETUP.exe Trojan? And how does it function?
XSETUP.exe Trojan is a new Trojan horse infection discovered by security researchers. Its purpose is to connect to various third-party sites without users’ consents and ask them to subscribe to various services. And once you allow them, you will begin to notifications appearing out of nowhere as well as the increased amount of ads displayed on your browser.
As mentioned, the main goal of this Trojan horse is to get you to open it. Once opened, the Trojan will configure a Group Policy in Google Chrome so that it will be hard for you to delete the notifications it displays on your web browser. Its first notification aims to get you to grant it notification permissions on your browser. For instance, you will see the following message on your Google Chrome browser:
“[website] wants to:
Show Notifications.
Allow Block”
Once you click on the Allow button, the malware is triggered and will start to display more notifications which mostly are displayed by the XSETUP.exe Trojan and are mostly related to fake online dating sites that might be a phishing character. Clearly, the purpose of such sites is to obtain your personal information that might be stolen by the crooks behind XSETUP.exe Trojan.
In addition, the notifications might also display several other pop-ups that could redirect you to dangerous websites like:
- Scamming websites
- Websites that will phish for your important data
- Websites displaying tech support scams
- Websites that could directly infect your system
What’s more is that this Trojan could also perform other much more malicious activities like getting your files from your hard drive, take screenshots of your screen, log your keystrokes and even obtain information about the passwords you’ve saved in your computer.
How does XSETUP.exe Trojan proliferate?
XSETUP.exe Trojan proliferates via fake software or fake software updates that are found on malicious websites. More often than not, cyber crooks use this kind of tactic in spreading malicious threats like XSETUP.exe Trojan so you need to be careful when you install programs or updates especially if they came from unknown sources. It would be better if you download and install software or updates from a trusted and reliable source instead of third party ones.
Carefully follow the removal guide laid out below so you can remove the XSETUP.exe Trojan from your system successfully.
Step 1: Restart your PC and boot into Safe Mode with Command Prompt by pressing F8 a couple of times until the Advanced Options menu appears.
Step 2: Navigate to Safe Mode with Command Prompt using the arrow keys on your keyboard. After selecting Safe Mode with Command Prompt hit Enter.
Step 3: After loading the Command Prompt type cd restore and hit Enter.
Step 4: After cd restore, type in rstrui.exe and hit Enter.
Step 5: A new window will appear, and then click Next.
Step 6: Select any of the Restore Points on the list and click Next. This will restore your computer to its previous state before being infected with the XSETUP.exe Trojan. A dialog box will appear and then click Yes.
Step 7: After System Restore has been completed, open the Task Manager by pressing Ctrl + Shift + Esc at the same time. Proceed to the Processes tab and look for the malicious processes such as Win32/Prifou.exe, wscript.exe, UpdateTask.exe and other malicious components of XSETUP.exe Trojan and end them all.
Step 8: Open Control Panel by pressing Start key + R to launch Run and type appwiz.cpl in the search box and click OK to open the list of installed programs. From there, look for any malicious program that could be related to the Trojan horse and then Uninstall it.
Step 9: Tap Windows + E keys to open the File Explorer then navigate to the following directories and delete the malicious files created by XSETUP.exe Trojan as well as the installer for PriceFountain.
- %USERPROFILE%\Downloads
- %USERPROFILE%\Desktop
- %TEMP%
Step 10: Close the File Explorer.
Before you proceed to the next steps below, make sure that you are tech savvy enough to the point where you know exactly how to use and navigate your computer’s Registry. Keep in mind that any changes you make will highly impact your computer. To save you the trouble and time, you can just use [product-name] this system tool is proven to be safe and excellent enough that hackers won’t be able to hack into it. But if you can manage Windows Registry well, then, by all means, go on to the next steps.
Step 11: Tap Win + R to open Run and then type in regedit in the field and tap enter to pull up Windows Registry.
Step 12: Navigate to the paths listed below and delete all the registry values added by XSETUP.exe Trojan.
- HKLM\SOFTWARE\Policies\Google\Chrome\NotificationsAllowedForUrls
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Step 13: Close the Registry Editor and empty your Recycle Bin.
After you’re done with the steps given above, you need to continue the XSETUP.exe Trojan removal process using a reliable program like [product-name]. How? Follow the advanced removal steps below.
Perform a full system scan using [product-code]. To do so, follow these steps:
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the SafeMode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Box will show up.
- Type in the URL address, [product-url] in the Run dialog box and then tap Enter or click OK.
- After that, it will download the program. Wait for the download to finish and then open the launcher to install the program.
- Once the installation process is completed, run [product-code] to perform a full system scan.