Remove Trojan.ModifiedUPX virus (Removal Guide)

Photo of author

Written by: Stelian

Published on:

Trojan.Modified is a generic detection used by Malwarebytes Anti-Malware, Microsoft Security Essentials, Norton Antivirus and other antivirus products for a file that appears to have trojan-like features or behavior.

What is the Trojan.ModifiedUPX infection?

Trojan.ModifiedUPX is a is a broad classification used by Avast Antivirus, Microsoft Secuirty Essentials, Malwarebytes Anti-Malware and other antivirus engines a file that appears to have trojan-like features or behavior for software that exhibits suspicious behavior categorized as potentially malicious.
The Behavior Monitoring feature observes the behavior of processes as they run programs. If it observes a process behaving in a potentially malicious way, it reports the program the process is running as potentially malicious.

Due to the generic nature of this detection, methods of installation may vary. The Trojan.ModifiedUPX infections may often install themselves by copying their executable to the Windows or Windows system folders, and then modifying the registry to run this file at each system start. Trojan.ModifiedUPXwill often modify the following subkey in order to accomplish this:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Again, the generic nature of this detection means that the Payloads performed by Trojan.ModifiedUPX may be highly variable, and therefore difficult to describe specifically. Trojan.ModifiedUPX has been observed to perform any, or all, of the following actions:

  • redirect Web traffic
  • manipulate certain Windows or third-party applications including settings or configurations
  • drop or install additional malicious programs
  • download and run additional malicious programs

Please note that this list is not exhaustive.

Is Trojan.ModifiedUPX a False Positive ?

Files reported as Trojan.ModifiedUPX are not necessarily malicious. For example, users can be tricked into using non-malicious programs, such as Web browsers, to unknowingly perform malicious actions, such as downloading malware. Some otherwise harmless programs may have flaws that malware or attackers can exploit to perform malicious actions. Should you be uncertain as to whether a file has been reported correctly, we encourage you to submit the affected file to https://www.virustotal.com/en/ to be scanned with multiple antivirus engines.

How did Trojan.ModifiedUPX infection got on my computer?

The Trojan.ModifiedUPX virus is distributed through several means. Malicious websites, or legitimate websites that have been hacked, can infect your machine through exploit kits that use vulnerabilities on your computer to install this Trojan without your permission of knowledge.

Another method used to propagate this type of malware is spam email containing infected attachments or links to malicious websites. Cyber-criminals spam out an email, with forged header information, tricking you into believing that it is from a shipping company like DHL or FedEx. The email tells you that they tried to deliver a package to you, but failed for some reason. Sometimes the emails claim to be notifications of a shipment you have made. Either way, you can’t resist being curious as to what the email is referring to – and open the attached file (or click on a link embedded inside the email). And with that, your computer is infected with the Trojan.ModifiedUPX virus.

The threat may also be downloaded manually by tricking the user into thinking they are installing a useful piece of software, for instance a bogus update for Adobe Flash Player or another piece of software.

How to remove Trojan.ModifiedUPX virus (Removal Guide)

This page is a comprehensive guide, which will remove the Trojan.ModifiedUPX infection from your your computer. Please perform all the steps in the correct order. If you have any questions or doubt at any point, STOP and ask for our assistance.
STEP 1: Remove Trojan.ModifiedUPX Master Boot Record infection with Kaspersky TDSSKiller
STEP 2: Remove Trojan.ModifiedUPX virus with Malwarebytes Anti-Malware Free
STEP 3: Remove Trojan.ModifiedUPX trojan with RogueKiller
STEP 4:  Remove Trojan.ModifiedUPX infection with HitmanPro
STEP 5: Double check for any left over infections with Emsisoft Emergency Kit
STEP 6: Remove Trojan.ModifiedUPX adware with AdwCleaner

STEP 1:  Remove Trojan.ModifiedUPX trojan with Kaspersky TDSSKiller

As part of its self defense mechanism, Trojan.ModifiedUPX virus will install a ZeroAccess rootkit on the infected computer.In this first step, we will run a system scan with Kaspersky TDSSKiller to remove this rookit.

  1. Please download the latest official version of Kaspersky TDSSKiller.
    KASPERSKY TDSSKILLER DOWNLOAD LINK(This link will automatically download Kaspersky TDSSKiller on your computer.)
  2. Double-click on tdsskiller.exe to open this utility, then click on Change Parameters.
    Kaspersky TDSSKiller change settings
  3. In the new open window,we will need to enable Detect TDLFS file system, then click on OK.
    Kaspersky TDSSKiller Detect TDLFS file system
  4. Next,we will need to start a scan with Kaspersky, so you’ll need to press the Start Scan button.
    Kaspersky TDSSKiller start scan
  5. Kaspersky TDSSKiller will now scan your computer for Trojan Trojan.ModifiedUPX infection.
    Kaspersky TDSSKiller scan
  6. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.
    Kaspersky TDSSKiller results
  7. To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.A reboot will be require to completely remove any infection from your system.

STEP 2: Remove Trojan.ModifiedUPX virus with Malwarebytes Anti-Malware FREE

Malwarebytes Anti-Malware Free is a powerful on-demand scanner which will remove Trojan.ModifiedUPX malicious files from your computer.

  1. You can download Malwarebytes Anti-Malware Free from the below link, then double-click on the icon named mbam-setup.exe to install this program.
    MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK(This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free)
  2. When the installation begins, keep following the prompts in order to continue with the setup process, then at the last screen click on the Finish button.
    [Image: Malwarebytes Anti-Malware final installation screen]
  3. On the Scanner tab, select Perform quick scan, and then click on the Scan button to start searching for the Trojan.ModifiedUPX malicious files.
    [Image: Malwarebytes Anti-Malware Quick Scan]
  4. Malwarebytes’ Anti-Malware will now start scanning your computer for Trojan.ModifiedUPX virus as shown below.
    [Image: Malwarebytes Anti-Malware scanning for Luhe.Sirefef.A
  5. When the Malwarebytes Anti-Malware scan has finished, click on the Show Results button.
    [Image: Malwarebytes Anti-Malware scan results]
  6. You will now be presented with a screen showing you the computer infections that Malwarebytes Anti-Malware has detected. Make sure that everything is Checked (ticked), then click on the Remove Selected button.
    [Image: Malwarebytes Anti-Malwar removing Trojan.ModifiedUPX virus]
  7. Once your computer will restart in Windows regular mode, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats.

STEP 3: Remove Trojan.ModifiedUPX rootkit with RogueKiller

RogueKiller is a utility that will scan for the Trojan.ModifiedUPX rootkit, registry keys and any other malicious files on your computer.

  1. You can download the latest official version of RogueKiller from the below link.
    ROGUEKILLER DOWNLOAD LINK (This link will automatically download RogueKiller on your computer)
  2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds,  then click on the Scan button to perform a system scan.
    [Image: RogueKiller scaning for Trojan.ModifiedUPX virus]
  3. After the scan has completed, press the Delete button to remove Trojan.ModifiedUPX malicious registry keys or files.
    [Image: RogueKiller Detele button]

STEP 4: Remove Trojan.ModifiedUPX infection with HitmanPro

HitmanPro is a cloud on-demand scanner, which will scan your computer with 5 antivirus engines (Emsisoft, Bitdefender, Dr. Web, G-Data and Ikarus) for the Trojan.ModifiedUPX infection.

  1. You can download HitmanPro from the below link:
    HITMANPRO DOWNLOAD LINK (This link will open a web page from where you can download HitmanPro)
  2. Double-click on the file named HitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows). When the program starts you will be presented with the start screen as shown below.
    HitmanPro scanner
    Click on the Next button, to install HitmanPro on your computer.
    HitmanPro installation
  3. HitmanPro will now begin to scan your computer for Trojan.ModifiedUPX trojan.
    HitmanPro detecting for Trojan.ModifiedUPX virus
  4. When it has finished it will display a list of all the malware that the program found as shown in the image below. Click on the Next button, to remove Trojan.ModifiedUPX virus.
    HitmanPro scan results
  5. Click on the Activate free license button to begin the free 30 days trial, and remove all the malicious files from your computer.
    [Image: HitmanPro 30 days activation button]

STEP 5: Double check for any left over infections with Emsisoft Emergency Kit

  1. You can download Emsisoft Emergency Kit from the below link,then extract it to a folder in a convenient location.
    EMSISOFT EMERGENCY KIT DOWNLOAD LINK ((This link will open a new web page from where you can download Emsisoft Emergency Kit)
  2. Open the Emsisoft Emergency Kit folder and double click EmergencyKitScanner.bat, then allow this program to update itself.
    EmergencyKitScanner.bat file
  3. After the Emsisoft Emergency Kit has update has completed,click on the Menu tab,then select Scan PC.
    Emsisoft Emergency Kit scan tab
  4. Select Smart scan and click on the SCAN button to search for “Antivirus Security 2013” malicious files.
    Emsisoft Emergency Kit smart scan
  5. When the scan will be completed,you will be presented with a screen reporting which malicious files has Emsisoft detected on your computer, and you’ll need to click on Quarantine selected objects to remove them.
    Emsisoft Emergency Kit removing malware

STEP 6: Remove Trojan.ModifiedUPX adware with AdwCleaner

The AdwCleaner utility will scan your computer for Trojan.ModifiedUPX malicious files that may have been installed on your computer without your knowledge.

  1. You can download AdwCleaner utility from the below link.
    ADWCLEANER DOWNLOAD LINK (This link will automatically download AdwCleaner on your computer)
  2. Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.
    [Image: AdwCleaner Icon]
    If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
  3. When the AdwCleaner program will open, click on the Scan button as shown below.
    [Image: Adwcleaner Scan]
    AdwCleaner will now start to search for Trojan.ModifiedUPX malicious files that may be installed on your computer.
  4. To remove the Trojan.ModifiedUPX malicious files that were detected in the previous step, please click on the Clean button.
    [Image: AdwCleaner removing infections]
    AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button.

Your computer should now be free of the Trojan.ModifiedUPX infection. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes Anti-Malware to protect against these types of threats in the future, and perform regular computer scans with HitmanPro.
If you are still experiencing problems while trying to remove Trojan.ModifiedUPX from your machine, please start a new thread in our Malware Removal Assistance forum.

10 Rules to Avoid Online Scams

Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.

  1. Stop and verify before you click, log in, download, or pay.

    warning sign

    Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).

    If you already clicked: close the page, do not enter passwords, and run a malware scan.

  2. Keep your operating system, browser, and apps updated.

    updates guide

    Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.

    If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.

  3. Use layered protection: antivirus plus an ad blocker.

    shield guide

    Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.

    If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.

  4. Install apps, software, and extensions only from official sources.

    install guide

    Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.

    If you already installed something suspicious: uninstall it, restart, and scan again.

  5. Treat links and attachments as untrusted by default.

    cursor sign

    Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.

    If you entered credentials: change the password immediately and enable 2FA.

  6. Shop safely: research the store, then pay with protection.

    trojan horse

    Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.

    If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.

  7. Crypto rule: never pay a “fee” to withdraw or recover money.

    lock sign

    Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.

    If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.

  8. Secure your accounts with unique passwords and 2FA (start with email).

    lock sign

    Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.

    If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.

  9. Back up important files and keep one backup offline.

    backup sign

    Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.

    If you suspect infection: do not connect backup drives until the system is clean.

  10. If you think you are a victim: stop losses, document evidence, and escalate fast.

    warning sign

    Move quickly. Speed matters for disputes, account recovery, and limiting damage.

    • Stop payments and contact: do not send more money or respond to the scammer.
    • Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
    • Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
    • Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
    • Scan your device: remove suspicious apps or extensions, then run a full malware scan.
    • Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
    • Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.

These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.