IcedID Banking Trojan Malware Removal

This page aims to help you remove the IcedID Banking Trojan Horse Malware. Our removal instructions work for every version of Windows.

If your computer has been infected by a Trojan horse virus known as IcedID, then this article is just for you. Here we will aim to explain all the possible consequences of an infection like this and what you can do to stop it. In addition, we think it very necessary to provide information that will prevent malware attacks like this in the future, and you will find our useful tips in the paragraphs below. And once you are done reading this article, you will reach our removal guide. We have designed specifically to aid you in locating and deleting all of IcedID’s files from your computer. Keep in mind that this process may require some in-depth computer knowledge on your part, so if you would feel more comfortable with it, you can make use of our professional removal tool. It will take care of the process automatically and with minimal interaction from you.

What you need to know about IcedID and Trojans in general

Trojans horse viruses are the most numerous virus category out there. Therefore, infections with Trojans are far more common than with any other malware type. There are a few reasons for this. For one, Trojan horses are extremely stealthy. They can enter your system and hide in it without you even realizing anything has happened. Moreover, they can remain hidden for up to several months or even years – depending on their purpose. And speaking of purpose, this is one thing that distinguishes viruses like IcedID from other malware types. They can be programmed to achieve a whole array of malicious tasks. And unfortunately, until there’s already evidence of the damage done, there’s no telling what a given Trojan can be programmed to do on your computer. With this in mind, it’s best to see to the removal of it as soon as possible.

IcedID Banking Trojan Horse Malware Removal



Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at:

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 


Hold together the Start Key and R. Type appwiz.cpl –> OK.


You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:



Type msconfig in the search field and hit enter. A window will pop-up:


Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

  • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.


Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

You may be wondering, nevertheless, what IcedID can possibly be doing on your PC. Now, while we couldn’t possibly recount every single thing that it could be assigned to accomplish, we can still list some of the most popular usages, so you will have some perspective as to the extent of damage that may result of an infection like this. Probably the most common usage is theft. Trojans can employ numerous tactics to get hold of valuable information in different shapes and forms. For example, the hackers may be after your logins and passwords, which they can take hold of thanks to a technique called keystroke logging. Alternatively, they can be after specific files from your computer, which can be copied and sent to the cybercriminals. And in certain especially elaborate cases, the Trojan can be even set to hijack your entire traffic and redirect it to the hackers’ servers. This way they can obtain all sorts of sensitive data, including financial details, etc.

Other possibilities include spying on you for whatever reasons. They can hack your webcam or your microphone to listen in on you and watch you. Trojans can even keep track of your location or they can employ some of the same tactics as described above to monitor your correspondences, for example. Alternatively, your computer can be turned into a bot with the intention of getting it to send out spam messages or mine cryptocurrencies. In addition, a virus like IcedID can easily just lay waste to your entire operating system, making it completely useless.

So with all of the above in mind, it’s really no joking matter that you have managed to get infected by one of the worst malware types out there. And for this infection to have occurred in the first place, there are likely some weak points in your system that made it possible. Typically, these are the lack of an antivirus program or one that hasn’t been updated in a long time. The same also goes for your OS – if you haven’t installed the latest updates on a regular basis, this too could have made your computer vulnerable. Therefore, once you have removed IcedID, we strongly recommend seeing to these matters as soon as possible. In addition, staying away from potential Trojan horse sources from now on can also go a long way. Don’t interact with spam emails, fake system update requests, popups and banners you see online and try to limit your access to potentially dangerous web locations.


Name IcedID
Type Banking Trojan
Danger Level High (Trojans are often used as a backdoor for Ransomware)
Symptoms Rarely any visible ones, but occasionally you may notice a significant system slowdown or frequent system crashes that could signalize an attack
Distribution Method With the help of spam emails, malvertisements, fake system update requests, contaminated websites and insecure web locations
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

If the guide didn’t help you, download the anti-virus program we recommended or ask us in the comments for guidance!

Leave a Comment