Trojan: Win32 / Tnega

Trojan: Win32 / Tnega is a Windows Defender detection that targets the Tnega family malware.

How to remove Trojan: Win32 / Tnega from your PC

What is Trojan: Win32 / Tnega?

Trojan: Win32 / Tnega has been a very active trojan family for the past few months.
It can cause the following symptoms:

  • The trojan horse can corrupt or delete all your important hard drive files
  • The Trojan can download other computer threats to your PC
  • The malware monitors the activities of victims online and can steal your sensitive information.
  • It disables system security measures like task manager or your antivirus
  • It performs various malicious activities in your system context
  • Some of these malicious software have the ability to spy on and steal data (files, passwords, etc.). These are the Trojan.PWS et TrojanSpy: Win32 / Stealer
  • A trojan horse may allow remote control of the infected device, sometimes including:
    • Control the mouse remotely
    • Activating the webcam and viewing
    • Take screenshots
    • Access files on the disc
    • Access the Windows registry

To monetize, the cybercriminal can install:

  • Installer adware (adware). Pop-up ads continuously open on the PC
  • Run a Bitcoin Trojan in order to mine cryptocurrency. Mining tools use system resources to perform calculations which can slow down the PC
  • Execute ransomware in order to encrypt documents and ask to pay a sum of money to recover access to your data

Symptoms may be:

  • It will make your system very slow and unstable
  • It will lead to severe corruption of your important applications including anti virus program

The malware joins the infected PC in a botnet.
This is a network of infected device controlled by a botmaster.
The latter can hire infected PCs to perform all kinds of malicious operations.

Threat typeTrojan / Trojan horse
Threat familyTnega
Threat detectionsTrojan: MSIL / Tnega
Trojan: Win64 / Tnega
TrojanDropper: Win64 / Tnega (Malware that installs it in the system)
Assumed functionalitySteal bank details / bank website credentials
Download and install other malware
Join the infected device in a botnet
Symptoms of the diseaseNo specific symptoms, the malware tries to be discreet
But it will steal data, identifiers including passwords
Damage to the systemNone in particular
Trojan Tnega sheet
How to remove Trojan: Win32 / Tnega from your PC

How Trojan: Win32 / Tnega got installed on your PC?

In general, this trojan is diffused by cracks or keygen.

It has been observed that Tnega can be downloaded and run on your computer by the Wacatac trojan horse.
However, we find a TrojanDropper specific which diffuses the latter, its name is Trojandropper: Win64 / Tnega.
The latter can also be detected by Trojan.MSIL.Agent ou Trojan.Bingoml.
It contains in its code the Tnega trojan horse that it will install in the system.

Typically, we find the following diagram:

  • The user receives the TrojanDropper for example by email or downloads it from an unsafe site
  • It runs the Trojan Dropper on the system
  • The latter copies the Trojan file to a specific location on the system, for example the Windows folder, AppData, ProgramData or the Startup folder.
  • Then it creates a key in the registry to run when Windows starts up in order to make it active each time the OS is launched. For example, it creates a Run key or a Windows service
  • Then the Trojan performs the operations for which it was designed

How to remove Trojan: Win32 / Tnega from your PC

Remove Trojan: Win32 / Tnega with MBAM

  • Download then install Malwarebytes Anti-Malware
  • Let yourself be guided to carry out the first configurations
  • Then Launch a quick scan by clicking on the button Analyze
  • At the end of the scan, delete all the threats detected
  • Finally restart your PC if MBAM asks for it
Remove viruses with Malwarebytes Anti-Malware

Malwarebytes Anti-Malware in video:

Remove Trojan: Win32 / Tnega with RogueKiller

  • Download then install RogueKiller
  • Start a PC virus scan by clicking on the button Analyze
Remove viruses with RogueKiller / Remove malware with RogueKiller
  • Let the scan run, it will take some time
  • Finally remove all detected threats
Remove viruses with RogueKiller / Remove malware with RogueKiller

Remove Trojan: Win32 / Tnega with NOD32

  • Download then run esetonelinescanner.exe
  • Then let yourself be guided to perform the analysis online then enable PUA detection (Potentially unwanted application)
Perform a NOD32 online scan to remove viruses
  • Then the analysis of NOD32 is carried out, again, it will take a long time, be patient
  • Finally place all the detected elements in quarantine

NOD32 scan in video:

Need personalized help?

Nothing works ?
Need personalized help?
Go to the forum by creating your own topic, we will help you!
=> Malekal Forum - Virus Removal Help


How to protect your PC from viruses

You can delete the programs used, if you wish you can keep Malwarebytes Anti-Malware to perform regular scans.
Remove AdwCleaner and ZHPCleaner, there is no point in keeping them for regular analyzes.

It is strongly advised to change all your passwords (Facebook, online games, emails etc).

Here are some tips to keep your computer safe and prevent malware.
To secure your computer, especially update all your software (Adobe Flash, Java etc): Secure your computer and protect your PC from viruses.