> VilmaTech Blog > Active Trojan.Powelik on the Internet, How to Remove It When Security Tools Fail?

Active Trojan.Powelik on the Internet, How to Remove It When Security Tools Fail?

Recently, a Trojan horse program named Powelik has went crazily on the Internet and has successfully affected many computers after its stealthy infiltration without raising attention. The certified security team intends to decode the Trojan.Powelik in a more professional manner herein and offer practical solution as well as future prevention tips.

How Trojan.Powelik Enters Protected Computer?

As a Trojan horse, Trojan.Powelik is capable of packaging itself as a computer/browser friendly program featuring powerful functions. It then was put onto some phishing websites or advertising platforms to trick people into downloading. Or, the Trojan horse simply piggybacks on other types of computer threats for dissemination. There are cases when Powelik Trojan attacks loosely programmed website or applications to spread itself.

But there’s one way that Powelik Trojan lands onto a machine without tricks. That is Powelik Trojan hacks the backdoor of some installed program it uses for real-time improvement or rectification or capitalizes the bug/loopholes found on a compromised machine for infection. Therefore, it is kindly suggested not to download and install loosely programmed, freeware or shareware and to check computer security regularly for timely fix.


How Trojan.Powelik Survives Anti-virus Programs?

Once you learn Powelik’s payloads, you’ll learn how it dodges detection and escape from the automatic removal by the installed security tools:

  1. Powelik Trojan attacks kernel mode device drivers that directly tell how a program works.
  2. The cunning Trojan horse covers up its traces by confusing the man-made security tools with similar or the same file names as the system ones’.
  3. In need of more backup and cover ups, Powelik Trojan access them through gateway; so it inserts its codes into Dllhost.exe.

Even the security utilities are so intelligent that they have removed and exterminated many computer threats, they are not able to differentiate the real system files from the fake ones based on names instead of content. When the fake ones are inserted into Windows Protected Folders, the background processes and drivers concerned will turn to work for Trojan.Powelik.

This is why manual removal guide is highly recommended to defeat and remove Powelik Trojan horse. Stick to the steps below during the implement. Any slight mistake or deviation could result in undesirable result or permanent damage over time. If you are not that technically sound, contact technicians certified by VilmaTech Online Support with the live chat button below.

live chat


Manual Steps to Remove Powelik Trojan

Shut down System Restore function to prevent Powelik Trojan from accessing information from the past and remove its restore files.

1. shut down System Restore function.

  • Right click on “Computer” to select “Property”.
  • Hit System Restore tab to check tick “Turn off System Restore” option.
  • Press “Apply” button followed by “OK”.

2. remove restore files.

  • Press down Win key and R key together to enable Run dialogue.
  • Enter “CMD” and hit enter key to access DOS window.
  • Type “-h -r C:\_RESTORE” and hit Enter key for the computer to work automatically.
  • When done, please continue to type “DELETE _RESTORE” and hit Enter key.

Show hidden files and folders to sort out and remove the items generated on and after the detection of Trojan.Powelik.

1. show hidden items.

Windows 7/XP/Vista

  • Click Start menu to access Control Panel.
  • Select “user accounts and family safety” to enter and open up Folder Options.
  • Please then hit View tab to tick ‘Show hidden files and folders’ and non-tick ‘Hide protected operating system files (Recommended)’.
  • Press “OK” button will work.

Windows 8

  • Open up Windows Explorer from the Start screen and navigate to View tab.
  • Tick ‘File name extensions’ and ‘Hidden items’.
  • Press “OK” button will work.

2. navigate to the following directories respectively and remove the items according to the creation date.

C:\Users\[your username]\Documents\
C:\Program Files\

End the services related to Powelik Trojan.


  • Use Win+R key combination to access Run dialogue.
  • Enter “services.msc” and hit Enter key to right click on the enabled services.
  • Check “Path to Executable” and disable any pointing to the directories where failure happens to file removal.

(Tip: head back to the directories and remove the files you failed after ending the related services.)

Windows 8

  • Access Windows Explorer and open up Administrative Tools window.
  • Access the system service window through the Services icon.
  • Check “Path to Executable” and disable any pointing to the directories where failure happens to file removal.

(Tip: head back to the directories and remove the files you failed after ending the related services.)


Trojan.Powelik is a set of malicious program that can be only removed through manual method. The above thread should lead to success unless there are more damages done as listed below. In that case, one should follow further steps for complete removal for second infiltration. This is why VilmaTech Online Support experts always lay the significance on quick removal. If you are not able to deal with the residual damages on your own, you’d better get exclusive help according to your concrete situation from VilmaTech Online Support.

live chat


Damages by Powelik Trojan

  1. DDoS attack is formed to stop victims from getting help online.
  2. Very low bandwidth to ruin surfing experience.
  3. More unknown processes are running in the background to exhaust CPU.
  4. Additional threats are detected after the infiltration by Trojan.Powelik.
  5. Malfunctions happen.


Purpose of Powelik Trojan

Though damages are what have been done to the targeted computers evidently, what Trojan.Powelik aims is money procured by reselling confidential information, empty out the financial account with password stored in the compromised computer and introducing in additional computer threats. It is advisable to change your password you ever typed on the computer upon the complete and through removal of the Powelik Trojan.

Defrag After Removing Powelik Trojan

Running scans after the manual removal of Trojan.Powelik is still necessary for a thorough clean up. Yet some date files from Powelik Trojan may not be considered as vicious and usually speaking, they are scattered around to take up the limited space. To use your computer to its potential and regain high performance, it is wise to do defrag after the Trojan horse removal. Here’s the video to show how:


Comments are closed.

Latest Posts