IcedID Trojan


IcedID is a malicious piece of code that seeks to sneak inside the system without being detected. IcedID is known as a Trojan horse and is kept accountable for online crimes such as data theft, money fraud and extortion, personal abuse, and more.

IcedID Trojan

Multiple antivirus programs detect the IcedID Malware

IcedID has been recently added to the well-known Trojan horse malware category. Therefore, since this is a very new threat, there is a high chance that even advanced and trusted antivirus programs may not detect it when the computer is attacked. The main explanation why some protection programs may let such new threats to sneak through lies in the way malware is generally identified.

The IcedID Trojan

The IcedID trojan is mostly distributed with another trojan called Emotet. Criminals send thousands of email messages that encourage users to open attached files (usually Microsoft Office documents) that are infected with the IcedID trojan.

A typical antivirus software will utilize the virus definitions of its database to detect new security risks, such as Trojans, Spyware, Ransomware, etc. Normally the antivirus developers update the database every time a new virus type is developed. Such updates, however, don’t happen immediately, as it takes some time for the security researchers to thoroughly study a new virus and include it in the virus databases. Until then, the security software would probably not stop the newly published threat. In other words, the attacks of recent Trojans such as IcedID may remain invisible until the antivirus gets its updates. Many people may not even know that they have been compromised. Besides, some Trojans may have the ability to deliberately block the antivirus on the computer to prevent their detection and stop the victim from using new or updated security software that can remove it.

One possible way to detect a threat like IcedID is to closely pay attention to every unusual system activity, error or problem that occurs because, sometimes, these things may serve as red flags to a hidden malicious activity in the background of the OS. In some situations, a virus like IcedID may cause very severe disruptions which cannot be easily overlooked. Such are the infamous Blue Death Screen crashes and common system problems of no specific reason such as unusual errors, sudden shut downs of programs and processes, higher than normal CPU or RAM usage, unknown tasks in the Task Manager, etc. All these could potentially be linked to the presence of a Trojan virus. That is why, if we can give you one general piece of advice it would be to carefully investigate and remove all malfunctions of the Operating System with the help of reliable optimization and malware-removal tools.

In most cases, however, the Trojan will be almost invisible and its victims may not have a clue about the danger that is lurking on their device until they face a major system disruption or become a victim of a cybercrime. Ideally, a full computer scan with trusted security software should be performed, because, more frequently than not, Trojans may invite other malware such as Spyware, Ransomware and other viruses inside the infected computer without your knowledge. As far as the removal of IcedID is concerned, below you can select between the manual removal guide or a tested tool for professional Trojan horse removal.


Name IcedID
Type Trojan
Danger Level High (Trojans are often used as a backdoor for Ransomware)
Symptoms Generally, Trojans can’t be detected due to symptoms but sometimes, they may trigger system issues that may indicate their presence.
Distribution Method Trojans may be distributed in spam messages, different legitimate-looking emails and attachments, pirated content, torrents and more.
Detection Tool

Remove IcedID Trojan

If you are looking for a way to remove IcedID you can try this:

  1. Click on the Start button in the bottom left corner of your Windows OS.
  2. Go to Control Panel -> Programs and Features -> Uninstall a Program.
  3. Search for IcedID and any other unfamiliar programs.
  4. Uninstall IcedID as well as other suspicious programs.

Note that this might not get rid of IcedID completely. For more detailed removal instructions follow the guide below.

If you have a Windows virus, continue with the guide below.

If you have a Mac virus, please use our How to remove Ads on Mac guide.

If you have an Android virus, please use our Android Malware Removal guide.

If you have an iPhone virus, please use our iPhone Virus Removal guide

IcedID Trojan

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

IcedID Trojan


Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous.

IcedID Trojan

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

IcedID Trojan
Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at:

Scan Results

Virus Scanner Result
IcedID TrojanClamAV
IcedID TrojanAVG AV
IcedID TrojanMaldet

After you open their folder, end the processes that are infected, then delete their folders.

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.

IcedID Trojan

Hold together the Start Key and R. Type appwiz.cpl –> OK.

IcedID Trojan

You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:

IcedID Trojan

IcedID Trojan

Type msconfig in the search field and hit enter. A window will pop-up:

IcedID Trojan

Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

  • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.

Hold the Start Key and R copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

IcedID Trojan

If there are suspicious IPs below “Localhost” – write to us in the comments.

IcedID Trojan

Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


About the author


Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment