Severity scale:  

Floxif virus. How to remove? (Uninstall guide)

removal by Linas Kiguolis - - | Type: Malware

Floxif malware was hiding in CCleaner

The illustration of Floxif trojan

Floxif is the name of a dangerous Trojan that has been noticed spreading with a corrupted version of a popular PC optimization program CCleaner.[1] T The malware was spreading between August 15 and September 12, 2017, and infected more than 2 million users. After the attack, the virus tracked various information about user’s device and sent it to the remote server.

Floxif Trojan was installed in the main program’s executable – CCleaner.exe. Therefore, the virus entered the system if a user downloaded CCleaner (5.33.6162) or CCleaner Cloud (1.07.3191) programs. However, the virus was executed only on a 32-bit Windows OS.

Researchers detected several versions of the Floxif virus. However, most of them act similarly. They might steal a bunch of information about a victim, including technical details about a targeted computer, such as:

  • the name of the targeted computer,
  • the list of installed programs,
  • the list of active processes,
  • MAC addresses of the first 3 network adapters,
  • unique computer’s ID.

Besides, so-called CCCleaner virus might also track personal victim’s information, such as login credentials or credit card data. Nevertheless, it operates as a keylogger; it might also install other malicious programs, such as ransomware, soon after connecting to its remote server.

Thus, it goes without saying that Floxif removal is crucial to protect your computer, data and sensitive information. Users, who installed CCleaner between August 15 and September 12, are advised to update the program and scan the device with reputable malware removal tool, such as Reimage. These steps will help to terminate the Trojan.

The activity of the Trojan.PRForm.A

As mentioned before, the trojan injected malicious code to the original CCleaner’s executable. Thus, when users downloaded this program, they installed malware as well. When Floxif CCleaner Trojan is installed, it immediately downloads a symsrv.dll file to this directory:

C:\Program Files\Common Files\System\symsrv.dll

Furthermore, it creates a specific Windows Registry sub-key:


Besides, it might also make other modifications in the registry in order to execute malicious tasks and hide in the system. Furthermore, Floxif connects to several Windows APIs and tries to delete important system files:

%Program Files%\Common Files\System\symsrv.dll.dat

As you can see, this dangerous Trojan horse cause numerous system changes and pose a danger to user’s privacy. Therefore, CCleaner users are urged to remove Floxif from the device immediately.

Distribution of the malicious programs went to the next level

Authors of the CCleaner 5.33 virus managed to hack the original program’s executable. Therefore, they injected malicious code to a legitimate program and managed to infected around 2.27 million people who installed a compromised version of the CCleaner which was available on the developers (Piriform) website since August 15th, 2017.

Besides, the latest research data reports that Floxif launched targeted attacks towards technology giants, such as Microsoft, Samsung, Sony, etc. It is reported that trojan affected about 20 computers[2] owned by these companies.

Security experts from Sweden[3] report that everyone who downloaded this program might have been infected with Floxif virus. Thus, users should update it to the latest version immediately. Scanning the system with professional antivirus is also recommended to make sure that any malicious components were not left on the system.

Crucial steps to take after Floxif Trojan attack

To remove Floxif from the device and protect your personal information from cyber criminals, you should complete these three important tasks:

  1. Update CCleaner to 5.34 version (or higher).
  2. Run a full system scan with reputable malware removal software.
  3. Change passwords.

Updating CCleaner to the latest version may not be enough. To perform proper Floxif removal, you should also check the device with professional security software, such as Reimage. This step is necessary because hackers might still have access to your computer or install malware. Once you run antivirus or malware removal tool, all dangerous components will be eliminated.

When the Floxif is removed entirely, you should also change social network, email, banking, and other accounts’ passwords. It’s unknown what sensitive data hackers managed to steal. Thus, you have to make sure that criminals do not have access to your accounts.


We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software you agree to our privacy policy and agreement of use.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
More information about this program can be found in Reimage review.

If you decided to select another anti-spyware, uninstall Reimage from your computer.
Press mentions on Reimage
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Malwarebytes.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

About the author

Linas Kiguolis
Linas Kiguolis - Expert in social media

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Linas Kiguolis
About the company Esolutions


Removal guides in other languages