How to remove BlackMoon

What is BlackMoon

BlackMoon is a notorious banking trojan that has been targeting users since its emergence in 2014. Its primary objective is to steal sensitive payment-related data, particularly the login credentials of online banking accounts. Over the years, this malware has evolved significantly, adapting its methods of infiltration and attack to remain effective. It typically achieves its malicious goals by injecting harmful code into web browsers, altering website appearances, and redirecting users to phishing sites that mimic legitimate ones. Initially, it focused on customers of South Korean banks, but its reach has since expanded. BlackMoon also poses risks to other types of accounts, including those for money transfers, e-commerce, and social media. The presence of BlackMoon on a device can lead to severe privacy breaches, financial losses, and potential identity theft. Users are advised to employ robust cybersecurity measures to protect themselves from this sophisticated threat.

How BlackMoon infected your system

BlackMoon, a notorious banking trojan, primarily infiltrates computers through sophisticated phishing and social engineering tactics. Cybercriminals often disguise this malware in seemingly legitimate email attachments or links, enticing users to unknowingly initiate its download. Additionally, BlackMoon spreads via backdoor or loader-type trojans, which stealthily introduce the malware into the system. Drive-by downloads, a method where malicious software is automatically downloaded to a device without the user’s consent or knowledge, also play a significant role in its distribution. Unsuspecting users who download software from untrustworthy sources, like freeware sites and peer-to-peer networks, further facilitate its spread. Once embedded, BlackMoon can inject malicious code into browsers, aiming to harvest sensitive login credentials and financial information.

1. Download BlackMoon Removal Tool
2. Use Windows Malicious Software Removal Tool to remove BlackMoon
3. Use Autoruns to remove BlackMoon
4. Files, folders and registry keys of BlackMoon
5. Other aliases of BlackMoon
6. How to protect from threats, like BlackMoon

Remove BlackMoon manually

Manual removal of BlackMoon by inexperienced users may become a difficult task because it does not create entries in Add/Remove Programs under Control Panel, does not install browser extensions, and uses random file names. However, there are pre-installed instruments in the Windows system, that allow you to detect and remove malware without using third-party applications. One of them is Windows Malicious Software Removal Tool. It comes with Windows Update in Windows 11, 10, 8. 8.1. For older operating system you can download it here: 64-bit version | 32-bit version.

Remove BlackMoon using Windows Malicious Software Removal Tool

1. Type mrt in the search box near Start Menu.
2. Run mrt clicking on found item.
3. Click Next button.
4. Choose one of the scan modes Quick scan, Full scan, Customize scan (Full scan recommended).
5. Click Next button.
6. Click on View detailed results of the scan link to view the scan details.
7. Click Finish button.

Remove BlackMoon using Autoruns

BlackMoon often sets up to run at Windows startup as an Autorun entry or Scheduled task.

1. Download Autoruns using this link.
2. Extract the archive and run Autoruns.exe file.
3. In Options menu make sure there are checkboxes near Hide Empty Locations, Hide Microsoft Entries, and Hide Windows Entries.
4. Search for suspicious entries with weird names or running from locations like: C:\{username}\AppData\Roaming.
5. Right-click on suspicious entry and choose Delete. This will prevent the threat to run at startup.
6. Switch to Scheduled Tasks tab and do the same.
7. To remove files themselves, click on suspicious entries and choose Jump to Entry…. Remove files or registry keys found.

Remove files, folder and registry keys of BlackMoon

BlackMoon files and folders


{randomname}.exe


BlackMoon registry keys


no information


Aliases of BlackMoon

How to protect from threats, like BlackMoon, in future

Standard Windows protection or any decent third-party antivirus (Norton, Avast, Kaspersky) should be able to detect and remove BlackMoon. However, if you got infected with BlackMoon with existing and updated security software, you may consider changing it. To feel safe and protect your PC from BlackMoon on all levels (browser, e-mail attachments, Word or Excel scripts, file system) we recommend a leading provider of internet security solutions – BitDefender. Its solutions both for home and business users proved to be one of the most advanced and effective. Choose and get your BitDefender protection via the button below:

Download BitDefender