How to Remove TrustCop | TrustCop Removal Guide
TrustCop is another rogue antivirus application in the long line of the family that gave us SecureSoldier (SecureSoldier removal guide), SecureWarrior (SecureWarrior Removal Guide) and countless other renamings before that. They essentially all have the same look, feel and theming. The only thing that’s different is the name. They also all have fake scans of your system implying that you have dreaded viruses or other security problems and they can fix it if you pay. They are all based on falsified information. Read on for trustcop removal…
First off, you should get a copy of malwarebytes antimalware from the virus removal toolkit page. It really is one of the best free removal utilities out there. When I first ran across it I was skeptical because I had not heard of it before and I deal with a LOT of rogue software, but after a bit of due diligence it turned out to be one of the handiest removal tools in my arsenal.
Unfortunately many of todays malware (rogue antivirus included) are very clever about evading your traditional security software so, their running processes may prevent the installation or running of a tool like malwarebytes antimalware, in that case there are a couple of possibilities. 1) Rename the installer for mbam.exe to something different. myutility.exe …. whatever you like and try installing again. 2) boot into safe mode and try the installation. 3) get ready for hand to hand manual removal. One thing about it, it’s usually just enough to disable and kill off the running processes to be able to have a “beach head” on the system enough to get your security software running, but some people like proceeding with the manual method.
First off, here is the domain that is associated with TrustCop:
trust-cop.com
You should probably go ahead and block these even if you don’t have this pest. (If it’s easy to do as a network admin it may save you a lot of grief down the road and keep you from having to remove trustcop later…)
Also you should look for and kill off processes such as the following in the task manager:
ca85mxcq.exe
28a6d9wnlzader1957.exe
TrustCop.exe
uninstall.exe
Two of these have been randomized, but you can use the above information as a template to help you find the names on your system. If you are in doubt you can also do some detective work with the following information and look for patterns that can help you identify the names as they appear on your system.
The following dll names are randomized, but similar dlls on your system should be unregistered and deleted:
288995acktool3z1.dll
10134spamb9zb95.dll
1015zpyware2930.dll
The following files and folders are associated with Trustcop and should be deleted during your Trustcop Removal. (Note that there are some below that have been randomized as above, use what you find on your system to help fill in the randomized names and track them down on your system.):
%progfiles%\TrustCop Software
%progfiles%\TrustCop Software\TrustCop
%progfiles%\TrustCop Software\TrustCop\TrustCop.exe
%progfiles%\TrustCop Software\TrustCop\uninstall.exe
%win%\10134spamb9zb95.dll
%win%\1015zpyware2930.dll
%win%\10753tzo5931.bin
%win%\system32\288995acktool3z1.dll
%win%\system32\28935virus54z.ocx
%win%\system32\28a6d9wnlzader1957.exe
%docs%\All Users\Desktop\TrustCop.lnk
%docs%\All Users\Start Menu\Programs\TrustCop
%docs%\All Users\Start Menu\Programs\TrustCop\1 TrustCop.lnk
%docs%\All Users\Start Menu\Programs\TrustCop\2 Homepage.lnk
%docs%\All Users\Start Menu\Programs\TrustCop\3 Uninstall.lnk
%tmp%\ca85mxcq.exe
After a manual removal of trustcop, I would go back and run an update with malwarebytes antimalware and a full scan as well as an update and scan with a reputable antivirus product to make sure that your system really is free of this malware and any other that may have helped it gain a foothold on your system.