detection icon

Short bio

Trojan.ModifiedMS is Malwarebytes generic detection name for Trojansthat are present on affected Windows systems as altered Microsoft files.


The files detected as Trojan.ModifiedMS will be signed by the actual Microsoft Corporation, but are no longer the original files. A malicious payload will have been added to the file.


Malwarebytes protects users from Trojan.ModifiedMS by using real-time protection. At the moment there are no files detected as Trojan.ModifiedMS in the wild.

Home remediation

Malwarebytes can detect and remove Trojan.ModifiedMS without further user interaction.

  1. Please download Malwarebytesto your desktop.
  2. Double-click MBSetup.exeand follow the prompts to install the program.
  3. When your Malwarebytes for Windowsinstallation completes, the program opens to the Welcome to Malwarebytes screen.
  4. Click on the Get startedbutton.
  5. Click Scan to start a Threat Scan.
  6. Click Quarantineto remove the found threats.
  7. Reboot the system if prompted to complete the removal process.

Malwarebytes cannot always replace the removed file with the original, so users may want to run the Windows System File Checker after the removal has been completed.

Business remediation

How to remove Trojan.ModifiedMS with the Malwarebytes Nebula console

You can use the Malwarebytes Anti-Malware Nebula console to scan endpoints.

endpoint menu

Nebula endpoint tasks menu

Choose the Scan + Quarantine option. Afterwards you can check the Detections pageto see which threats were found.

Nebula detections

On the Quarantine pageyou can see which threats were quarantined and restore them if necessary.

Nebula Quarantaine