Msfeedssync.exe Virus Removal Guide (Is It a Legit File?)
My PC is infected with suspicious "msfeedssync.exe" file
recently after getting one software downloader my PC started running slowly and CPU usage skyrocketed.
The file "msfeedssync.exe" is using all the resources.
Could it be a virus? And how can I remove it?
What is msfeedssync.exe?
The exe that you see as msfeedssync.exe (Microsoft Feeds Synchronization) is a legitimate process/file which is part of Windows Internet Explorer. This process starts running from the task manager when it updates RSS feeds to the Internet explorer 7 and 8 browsers and then it enables automatic feeds synchronization feature. Moreover, the msfeedssync.exe file can be found in the “C:\Windows\System32” folder.
Did you know that the msfeedssync.exe file is necessary for Internet Explorer browsers to run properly and it should not be removed? If you do not want the process, then it is possible to disable the automatic Feeds synchronization without deleting the msfeedssync.exe file. A malicious msfeedssync.exe file could be called “msfeedsync.exe. Moreover, the malicious files disguised as legitimate ones are usually placed in incorrect folders. In this case, the true msfeedssync.exe file must be placed in the “C:\Windows\System32” folder only. To know the legitimate processes, you will see system icons. While for the illegitimate, malicious processes use other graphical icons.
In case that the legitimate processes have the symptoms of being a malicious process, it will be classified as a threat. Therefore, Trojans can result in serious computer infections, data loss, and other issues. With that said, it is recommended to perform a complete virus scan through the installed antivirus or anti-spyware software and check if it detects any possible threats. Unfortunately, antivirus software sometimes detects legitimate processes as threats.
These processes are known as false positive results where antivirus or antispyware programs might lead to removal of the legitimate process along with important system files. This case happens due to mistakes in databases. However, its name is often used by cyber criminals who attempt to disguise malicious processes and files as harmless.
|Threat Type||Trojan, Password stealing virus, Banking malware, Spyware.|
|Detection Names (msfeedssync.exe)||Avast (Win32:Vitro), BitDefender (Win32.Virtob.Gen.12), ESET-NOD32 (Win32/Virut.NBP), Kaspersky (Virus.Win32.Virut.ce), Full List (VirusTotal)|
|Malicious Process Name(s)||Microsoft Feed Synchronization, msfeedssync.exe (the process name depends on malware).|
|Additional Information||Presence of such process names in Windows Task Manager indicates malware infection only if the executable C:\Windows\System32 folder and/or the filename is different (e.g., msfeedsync.exe rather than msfeedssync.exe).|
|Symptoms||Trojans are designed to stealthily infiltrate the victim’s computer and remain silent and thus no particular symptoms are clearly visible on an infected machine.|
|Distribution methods||Infected email attachments, malicious online advertisements, social engineering, software cracks.|
|Damage||Stolen banking information, passwords, identity theft, victim’s computer added to a botnet.|
|Malware Removal (Mac)||To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using iolo System Mechanic.|
The detections of false positive are a common issue and criminals disguise as malicious files as legitimate and make them as inconspicuous as possible. However, there is a good reason to believe that a file or process is malicious and it should be removed immediately. Some of the samples of cases might be identified as threats such as the gwx.exe, csrss.exe, and Trojan.gen.npe.2.
How Did the msfeedssync.exe Get Inside Your Computer?
It so happens that the common ways of how it infiltrates your computer are through spam campaigns. What does it mean? The Trojans’ untrustworthy software downloads the sources and then it has cracking tools and fake software updaters. Moreover, Spam campaigns are used to cause computer infections when cybercriminals send malicious attachments (or web links) through emails. If people (recipients) open these files, they allow them to download and install malicious programs.
Remove Msfeedssync & Other Malware Automatically
It is important to know that emails include attachments and sent from unknown contacts as well as suspicious addresses should not be trusted, or attached files/links opened. Refrain from downloading software through third-party downloaders as well as from untrustworthy websites or other similar channels. Just use official pages and direct links while installing software should be updated at all times. Remember to use only tools and functions that are provided by official software developers. Do not use tools that supposedly activate software free of charge. They just cause malware installation. Lastly, make use of reputable antivirus or antispyware software and enable it always. If you want to check if your computer is already infected, it is best to run a scan with iolo System Mechanic to automatically eliminate infiltrated malware.
If you, however, feel tech-savvy enough you can try removing the virus manually.
Manual Removal of Msfeedssync.exe
Even though there is an easy way, you can still perform the manual removal by following the steps that we will provide in this tutorial.
Step 1. First thing to do is to determine the name of the malware that you are trying to remove.
Here is an example of a suspicious program running on a user’s computer:
Once you have checked the programs and saw this one, continue with the steps below:
Step 2. Download Autoruns
This program shows auto-start applications, Registry, and file system locations:
Then — Reboot your computer to Safe Mode with Networking
For Windows 7 /Vista /XP:
- Click Start>Shutdown>Restart>Ok
- Press F8 multiple times upon restarting
- A window will open, select Safe Mode with Networking
For Windows 10:
- Restart your computer then find the Boot Options menu to launch
- Select Troubleshoot
- Go to Advanced Options
- In case of a new page appearing, choose the Startup settings
- Select Enable Safe Mode with Networking
Also, you can Press the F4 key to boot into Safe Mode. For the other 2 options of Safe Mode.
Step 3. Extract data of the downloaded archive and run the Autoruns.exe file.
Step 4. Click Options at the top of autorun
- Uncheck Hide Empty Locations and Hide Windows Entries options
- Click the Refresh icon.
Step 5. Check the list provided by the Autoruns application and locate the malware filename that you want to eliminate.
Here, you must write the full path and name.
It is important to prevent removing system files so check everything. After locating the suspicious program, right click to the entry and then select delete.
Make sure that after the removal of the malware, you must check it by searching for the malware name on your computer. Be sure to enable the hidden files and folders before doing this process and then once you have found a filename of the malware, make sure to remove it.
Reboot your computer in normal mode. Following these steps should remove any malware from your computer.
Verdict — Protect Your Device From Data Loss
Once you recover the files on the infected machine, there is risk of getting them permanently damaged. Remember to be extra careful when opening sites especially when downloading files. Ransomware is a form of malicious software meant to lock and encrypt the victim’s computer and data then demand ransom to restore access. Make sure to install your operating system updates, and back up your data to an external hard drive to protect your system.