The Dridex Virus/Malware Trojan suddenly made a splash on the malware scene recently. This article helps with the removal of Dridex Virus/Malware Trojan from your PC in the most efficient manner.
In case you missed the big news more than £20m were stolen from British bank accounts, leading many to question PC security measures against malware. Further reports state that over $10 million in the US were also lost to the Dridex Virus/Malware Trojan since it first appeared on the scene. A later man-hunt conducted by joint USA (FBI) and UK authorities managed to apprehend some of the culprits, but not all of them. All of these problems could have been easily reverted if people whose computers where infected by this Trojan managed to remove it in time.
|Name||Dridex Virus/Malware Trojan|
|Danger Level||High (Capable of mass stealing from bank accounts)
|Symptoms||Invisible macros created after opening infected email attachment.|
|Distribution Method||Mainly through emails, sporadic reports of other methods.|
In an age where world economy is almost completely reliant on computers, it is evident that loopholes are way too many for any normal system to be flaw-free. You might have noticed me saying “any normal system.” What comprises a super high-level security system is a very vague subject, which is the entire reason for the emerging PC security sector. There are as many opinions as firms that provide such services out there, but one thing is for certain – every security is cracked at some point. Most often, however, it is not the security that falters, it is some action performed by the human user that invalidates the security protocols set up to protect him.
In this particular case the Dridex Virus/Malware Trojan used use an especially elaborate scheme involving spam email attachments. These are fake emails that imitate real legitimate companies which send you invoices and attachment files supposedly by mistake. The basic scheme is to involve your curiosity by making you believe it’s the real deal. Once you open the invoice attachment to the email however, you are infected with the Dridex Virus/Malware Trojan. Note that whatever tricks the hackers use to make you believe the email is legitimate the file inside will always end in .exe in order to be able execute the virus. Office files and other documents are never .exe files, only programs are. Trojans, unlike normal programs cannot be easily uninstalled.
These “techniques” for infecting users are called “macros” and they prove a very valuable point. Most of these malware can not latch on to you unless you interact with them in some way. How, what and when is always different, but in the most basic level these things need YOU to get in. There have been numerous attempts to embrace a philosophy of prevention – when anti-virus programs annoyingly block your access to certain websites with the words these websites are unsafe. Browsers like Chrome, Firefox or IE have some in-built protection against such sites – the most dangerous ones are “blacklisted” and you’ll get a warning if you are redirected to such a site.
Most users never fully realize what is really stake at this point. Once inside, the macro created by Dridex Virus/Malware Trojan starts to simply record. Unlike a typical Adware it will not create any pop-ups, Ads or give any other indication of its presence – it will simply lurk hidden. It records your browsing habits, activities, and eventually when the time is right, it sends the information to whoever created it. The issue is that the information it provides is not limited to web browsing, but also to any passwords and personal credentials you input after the infection spreads. This means that prolonged exposure to the Trojan also maximizes the damage it inflicts. Removing Trojans should be the top priority of any user.
1: Enter Safe Mode.
2: Uninstall the virus from your Add/Remove Programs.
3: Permanently delete Dridex Virus/Malware Trojan from Task Manager’s processes.
4: Uninstall the virus from Regedit and Msconfig.
Remove Dridex Virus/Malware Trojan
Things readers are interested in:
The first thing to do is a reboot in Safe Mode. If you already know how to do it, just skip this and proceed to Step 2. If you do not know how to do it, continue reading:
For Windows 98, XP, Millenium and 7:
Restart your computer. To be sure you don’t miss the time when you need to press it, just spam F8 as soon as the PC starts booting. Then choose Safe Mode With Networking.
For W8 and 8.1:
Click the Start button, then Control Panel —> System and Security —> Administrative Tools —> System Configuration.
Then check the Safe Boot option and click OK. Click Restart in the pop-up.
- Open the Start menu.
- Click the power button icon in the right corner of the Start menu to show the power options menu.
- Press and hold down the SHIFT key on the keyboard and click the Restart option while still holding down the SHIFT key.
W10 will perform the reboot. Next do the following:
Click the Troubleshoot icon, then Advanced options —> Startup Settings. Click Restart.
After the reboot click on Enter Safe Mode With Networking (Fifth Option).
Hold the Start Key and R together. Write appwiz.cpl in the field, then click OK.
You are now in the Control Panel. Search around for Dridex Virus/Malware Trojan and suspicious-looking programs. Uninstall it/them. Also, be extremely careful. Viruses often spend one last ditch effort to trick you into installing more of their kind. If you see a screen like this when you click Uninstall, choose NO:
Hold the Start Key and R again – but this time copy + paste the following and click OK:
A .txt file will open – don’t type or change it. If you are hacked and someone has access to your PC, there will be a bunch of other IPs connected to you at the bottom. This is what a hosts file looks like:
If there are a bunch of strange IPs connecting to you below “Localhost” you may be hacked, and it’s best to ask us in the comments for directions.
Open the Task Manager by right clicking on the Taskbar and choosing Start Task Manager.
Once it opens, choose the Processes Tab. Look at all of the processes in front of you and try to determine which ones are a virus. Google them or ask us in the comments and we will provide the best assistance we can.
A BIG WARNING HERE! READ THIS BEFORE PROCEEDING!
This is perhaps the most important and difficult step, so be extremely careful. Doing this can damage your PC significantly if you make a big mistake. If you are not feeling comfortable, we advise you to download a professional Dridex Virus/Malware Trojan remover. Additionally, accounts connected to your credit cards, or important information, may be exposed to the virus.
If you do not remove the virus completely it could leak the information to its creator, so be careful!
Right click on each of the virus processes separately and select Open File Location. Also, End the process after you open the folder. Just to make sure we don’t delete any programs you mistakenly took for a virus, copy the folders somewhere, then delete the directories you were sent to.
Take a look at the following things:
Type msconfig in the search field and hit enter: you will be transported to a Pop Up window.
Go in the Startup tab and Uncheck entries that have “Unknown” as Manufacturer.
Type Regedit in the windows search field and press Enter.
Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If you can’t find them this way, look in these directories, and delete/uninstall the registries manually:
- HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious, but bear in mind they are always different.
HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random
If these things fail to help you find Dridex Virus/Malware Trojan you need to resort to a professional scanner – obviously this is a malware that was created to steal your credentials and credit cards – meaning the people who created it spent a lot of resources to make it as dangerous as possible.
Remember to leave us a comment if you run into any trouble!
Did we help you? Please, consider helping us by spreading the word!