Short bio

Trojan.ModifiedMS is Malwarebytes generic detection name for Trojans that are present on affected Windows systems as altered Microsoft files.


The files detected as Trojan.ModifiedMS will be signed by the actual Microsoft Corporation, but are no longer the original files. A malicious payload will have been added to the file.


Malwarebytes protects users from Trojan.ModifiedMS by using real-time protection. At the moment there are no files detected as Trojan.ModifiedMS in the wild.

Home remediation

Malwarebytes can detect and remove Trojan.ModifiedMS without further user interaction.

  1. Please download Malwarebytes to your desktop.
  2. Double-click MBSetup.exe and follow the prompts to install the program.
  3. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  4. Click on the Get startedbutton.
  5. Click Scan to start a Threat Scan.
  6. Click Quarantine to remove the found threats.
  7. Reboot the system if prompted to complete the removal process.

Malwarebytes cannot always replace the removed file with the original, so users may want to run the Windows System File Checker after the removal has been completed.

Business remediation

How to remove Trojan.ModifiedMS with the Malwarebytes Nebula console

You can use the Malwarebytes Anti-Malware Nebula console to scan endpoints.

endpoint menu Nebula endpoint tasks menu

Choose the Scan + Quarantine option. Afterwards you can check the Detections page to see which threats were found.

Nebula detections

On the Quarantine page you can see which threats were quarantined and restore them if necessary.

Nebula Quarantaine

Select your language