Remove Trojan.Win32.Runner.amo, Trojan.Win32.Runner.amo Manual Removal

By Expert Jeffrey Simon on Dec 25,2013

Reasons for Trojan.Win32.Runner.amo Affection

Hundreds of thousands of PC users are complaining about Trojan.Win32.Runner.amo issues and seeking help to remove it due to the fact that anti-virus programs helped to pick it up without the ability to remove it from computers. More PC users are falling into the victim group after being deceived by a link on Facebook which is supposed to direct to some famous sites. No matter how soon a target realize the link is a spam to close the entire browser (Internet Explorer, Google Chrome, Safari, Opera, Mozilla Firefox), an immediate alert will be given away warning about Trojan.win32.runner.amo affection.

Besides the above mentioned reason for Trojan.Win32.Runner.amo affection, there are other reasons that could contribute to its infiltration:

  1. Loose secure defense with either weak anti-virus programs or modified system configurations.
  2. Out-of-date installed programs or build-in applications, especially the ones associated with web.
  3. Loopholes/exploits left out by PC users.
  4. Previous infections that haven’t been completely removed yet.

Intrusive Trojan.Win32.Runner.amo

It can be a disaster to be infected with Trojan.Win32.Runner.amo. According to the detected file and directories by anti-virus program, trojan.win32.runner.amo has been found to attach vicious codes to C:\Drivers\, C:\Program Files\ and c:\windows\system32\driverstore\ as well as to generate files in the following places:

  1. %Temp%\Trojan.Win32.Runner.amo
  2. %AppData% Trojan.Win32.Runner.amo
  3. %LocalAppData%\Trojan.Win32.Runner.amo
  4. %LocalAppData%\Trojan.Win32.Runner.amo.exe
  5. %CommonAppData%\Trojan.Win32.Runner.amo


  • %Temp% refers to the Windows Temp folder;
  • %AppData% refers to current users Application Data folder.
  • %CommonAppData% refers to Application Data folder for All Users Profile.
  • %LocalAppData% refers to current users Local settings Application Data folder.
  • %CommonAppData% refers to Application Data folder in the All Users profile.)

It can be clearly told that Trojan.Win32.Runner.amo has put its vicious codes into the kernel part of a machine and affected drivers to manipulate build-in functionality, which is one of the reasons why installed anti-virus programs as well as other security utilities are failed in removing Trojan.Win32.Runner.amo. Rootkit technique, one of the commonly employed techniques by Trojan, is also adopted in the work of assisting pivotal part of Trojan.Win32.Runner.amo in escaping detections by cleansing logs.

Such invasive infiltration enables Trojan.Win32.Runner.amo to arouse problems as listed below:

  • Installed antivirus programs may work improperly.
  • Certain type of web sites, anti-virus related ones particularly are not able be opened.
  • Malicious codes and generated autorun.inf ( ) files are added into computer settings.
  • Termination of running applications might happen all of a sudden unreasonably.
  • Innumerable malicious spam emails with infected links or attachments might be received.
  • Windows OS can't be updated.
  • Error messages might be caught in sight.
  • Abnormal browser performance is detected including random pop ups, search redirect issue and the like.

One thing worth additional attention is that Trojan.Win32.Runner.amo is capable of opening up backdoor to mainly serve as a passage to transfer collected information stored on target machine. In passing it has been found to be detected by sniffers equipped on other infections and be utilized for other invasions. To sum up, trojan.win32.runner.amo is recommended to be removed as soon as possible so as to withhold as much damage as possible. Below is the manual method offered to help.


Recommended Instruction to Remove Trojan.Win32.Runner.amo

1. Run full scan to remove any possible items.  

2. Show hidden files and folders and remove related items by Trojan.Win32.Runner.amo.

Windows 8:

Open Windows Explorer from Start screen -> hit View tab to Tick ‘File name extensions’ and ‘Hidden items’ options -> Press “OK” button.

win8 hidden file  

Windows 7/XP/Vista: Access ‘Control Panel’ -> open ‘Folder Options’ -> tap View tab -> tick ‘Show hidden files and folders and non-tick Hide protected operating system files (Recommended)’-> Press “OK” button. After all the hidden files are shown, victims need to navigate to the following listed directories and remove System.exe:


3. Go to Registry Editor to remove added keys by Trojan.Win32.Runner.amo.

Windows 8:
Move mouse to borders of any direction -> enable search charm bar -> type ‘regedit’ -> hit Enter key.
Windows 7/XP/Vista:
Hold Win key and R key together -> bring up search box -> put in  ‘regedit’ -> hit Enter key.
  registry enditor2
When in,navigate to the below given registry to remove the key “System.exe” there:


Finally navigate to the below given registry to remove the keys HBmhly.dll、HBWOW.dll、HBJTLQ.dll、HBTL.dll、HBDNF.dll、HBQQXX.dll:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs

Instead of damaging target machine, Trojan.Win32.Runner.amo is mainly designed to steal victim’s account information, log-in information and the like to generate money for its writer backstage. To steal the information without too much disturbance, some configurations need to be modified. As a consequence, damages emerge. To remove Trojan.Win32.Runner.amo completely and regain a healthy computer, manual remove method is recommended given the fact that Rootkit technique is involved in the covering work. It should also come to your knowledge that failure can happen once additional vicious items are introduced in through backdoor formed by trojan.Win32.Runner.amo. If it is the case, it is wise to get tech support from online computer experts so that no delay will contribute to unexpected mechanical issues.


About Jeffrey Simon

Most Recent YooArticle from the Security Category

Most Related YooArticle from the Security Category

Most Viewed YooArticle from the Security Category