Loyphish – Malicious Software

PWS:HTML/Loyphish.G, more commonly referred to as Loyphish, is a type of attack that involves visiting a phishing page, which is a malicious webpage used to steal your login credentials. It belongs to be a member of the PWS:HTML/Phish family. In most cases it disguises itself as a legitimate banking webpage and attempts to trick you into completing a login attempt. While you may think you are submitting your sensitive data to your respective bank, you have actually submitted your information to a remote attacker. Attackers use images, logos, and verbiage to persuade you into thinking you are visiting the bank’s authorized website. The webpage itself can be really annoying. It pops up often when you browse or use a search engine to find information. In short, you cannot use the Internet normally. In addition, there are a lot of threats in its webpage;  threats that will be installed onto your computer when you visit the webpage. So please keep in mind, PWS:HTML/Loyphish.G is definitely a virus with a high level of risk. It needs to be removed immediately before it installs more and more threats onto your computer.

Having an understanding the major types of malware in use can help you make informed decisions about acquiring tools to protect your computer. To prevent infection from any of these threats, be sure to use up-to-date antivirus software and ensure your firewall is enabled on your computer. Be sure to install the latest updates for all of your installed software and always keep your operating system current. Finally, be cautious when visiting unknown websites and opening email attachments.

Solution

Details for a Solution – Remove PWS:HTML/Loyphish.G Manually by Yourself

Step one– Boot your computer into Safe Mode With Networking.

To perform this procedure, please restart your computer. -> As your computer restarts but before Windows launches, tap “F8″ key constantly. -> Use the arrow keys to highlight the “Safe Mode with Networking” option and then press ENTER. -> If you don’t get the Safe Mode with Networking option, please restart the computer again and keep tapping “F8″ key immediately.

Step two – open your Task Manager by pressing Ctrl+Alt+Delete keys and then stop the PWS:HTML/Loyphish.G process:

[random name].exe of PWS:HTML/Loyphish.G

Step three– delete the following files created by PWS:HTML/Loyphish.G in Local disk C hard drive:

%UserProfile%\[random].exe
%ProgramFiles%\Internet Explorer\Connection Wizard\[random]
%Windir%\Microsoft.NET\Framework\[random].exe
%System%\[random].exe
%Temp%\[random].bat

Step four – open your Registry Editor program by navigating to Start Menu, type in Regedit, and then click OK. When you have been in Registry Editor, please delete the following registry entries associated with PWS:HTML/Loyphish.G:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\[random]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\[random]
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\[random]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\svflooje\Enum\[random]

Name*

Email*

;

References:

Armendariz, T. (Aug. 25, 2017).  Top Malware Threats and How to Protect Yourself. Retrieved from https://www.lifewire.com/top-malware-threats-153641

Facinelli, M. (Oct. 14, 2012). Manually Remove PWS:HTML/Loyphish.G – to Get Rid of PWS:HTML/Loyphish.G Infection Completely. Retrieved from https://blog.teesupport.com/manually-remove-pwshtmlloyphish-g-to-get-rid-of-pwshtmlloyphish-g-infection-completely/