How to Remove Cridex Malware

Home ยป Trojan ยป How to Remove Cridex Malware
Updated
March 17 2026
Author
Brandon Skies

If you noticed anything named Cridex on your PC, this is a red flag. It could be a process, a file, or even an app that appears in the Installed apps section of your Windows settings, but no matter where you see it, treat it as something that should be removed.

Reports across security forums link Cridex to Trojan Horse behavior, and based on our personal research, we can confirm this is definitely a rogue piece of software, similar to Dridex, Alumics Service, and other threats covered on our site.

It often pretends to be a harmless utility, but that’s what lets it slip in through bundled installers attached to otherwise legitimate apps, emulators, or game mods.

We tested that SpyHunter successfully removes Cridex* and we recommend using it. It will block Cridex from reinstalling itself and it will make sure your device is clean from any malware.

SpyHunter Logo Try Free For 7 Days*

Buy now15% OFF if you buy straight without trial.

Advanced Anti-Malware Protection

Blocks Harmful Websites

Custom Malware Fixes Just For You

Prevents Re-installation

OFFER*Source of claim SH can remove it. Trial w/Credit card, no charge upfront; full terms.

As soon as it enters the system, it can launch unauthorized tasks that chew CPU and RAM, tweak system settings, or quietly harvest credentials or other sensitive data. The specific purpose of the malware can differ from instance to instance, but it’s always going to be something you don’t want to allow in your PC.

Even if currently there seems to be no issue, the longer Cridex stays, the more potential problems it could cause, so we strongly advise you to use the guide below and/or the attached professional removal tool – SpyHunter 5 – and get rid of this malware.

Cridex Trojan Removal Guide

Start with Windowsโ€™ built-in uninstall path before you begin chasing folders and leftovers by hand. If Cridex is listed in Apps & Features, removing it first is quick, low risk, and often clears the main entry along with related components. Even when remnants remain, this reduces clutter and makes the deeper checks easier to validate.

Uninstall the Cridex app from Apps & Features

15 mins
    Uninstall the Cridex app from Apps & Features1

  1. 1
    1.1
    If Cridex shows in your installed apps list, begin there. Open the Start Menu, open Settings, and go to the page that lists installed applications.
  2. 2
    1.2
    In Settings, select Apps. Scroll through the list or use search and filters (name, size, install date) to narrow down entries added recently.
  3. 3
    1.3
    Change the sorting to Installation date so newer entries appear at the top. This makes it easier to connect a program to the moment the problems began.
  4. 4
    1.4
    When you spot something you did not install intentionally, select it, click Uninstall, and follow the prompts. Let the removal finish so related components are not left behind.
  5. 5
    1.5
    When it completes, open C:\Users\YourUsername\AppData\Local\Programs. Look for folders or executables that match what you removed and note anything that clearly does not belong.
  6. 6
    1.6
    If a related folder is still present, delete it manually. Restart Windows afterward to clear file locks and confirm the unwanted entry does not reappear on startup.

After the reboot, verify the entry is gone and keep an eye out for the same behavior returning. If something still launches or the symptoms persist, that is common with more stubborn threats; continue with the steps below to find leftover files and disable relaunch methods that a basic uninstall does not remove.

SUMMARY:

File Cridex
Type Trojan
Removal Tool

anti-malware offerOFFER Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.

How to Remove Cridex Completely

Checking what is currently running can expose file paths, parent processes, and triggers that keep malware active. With Cridex still on the system, you can often see where it launches from and which folders it depends on, which reduces guesswork and helps you remove persistence points instead of only chasing symptoms after each restart.

1. Prepare Windows for a deeper cleanup

15 mins
    Prepare Windows for a deeper cleanup1

  1. 1
    1.1
    folder options htr
    Turn on hidden items so you can track leftovers linked to Cridex. In the Start Menu, search for Folder Options, open it, switch to the View tab, and select Show hidden files, folders, and drives. Hidden directories often store stash files.
  2. 2
    1.2
    If Windows refuses deletions because files are “in use”, install LockHunter. It adds a right-click option to reveal what is holding the lock and can remove stubborn executables or DLLs.

If you prefer not to add extra tools, you can still do most checks by hand. When Windows insists a file is busy, this utility can help release the lock so deletion completes cleanly instead of turning into a repeated reboot-and-try-again loop.

LockHunter is free, does not require registration, and typically installs in a couple of minutes.

Stop Suspicious Cridex Processes in Task Manager

Stopping a single executable rarely solves the whole problem because persistent threats can add startup entries, helper components, and scheduled triggers that relaunch the main process. The steps below help you pinpoint the running file tied to Cridex, remove the folder it runs from, and then end the task so it cannot immediately respawn while you continue cleanup.

2. End Cridex suspicious processes and remove their files

15 mins
    End Cridex suspicious processes and remove their files1

  1. 1
    2.1
    To locate components of Cridex, start with what is running right now. Press Ctrl + Shift + Esc to open Task Manager, then review active processes and their resource usage.
  2. 2
    2.2
    If Task Manager opens in the compact view, click More details. The expanded list shows background processes and other fields that make odd entries easier to spot.
  3. 3
    2.3
    example suspicious process
    Sort by CPU or Memory and watch for unfamiliar names or steady spikes. Malware often uses plain, generic process names to blend into normal activity.
  4. 4
    2.4
    Right-click the entry that looks wrong and choose Open file location. The folder path and nearby files usually make it clearer whether the process is tied to legitimate software.
  5. 5
    2.5
    Try deleting the folder that contains the suspicious file. If Windows blocks removal, open LockHunter, choose What’s locking this file?, release the lock, and delete the file and its folder from within the utility.
  6. 6
    2.6
    Go back to Task Manager and click End task for that same process. Stopping it after the file is removed lowers the chance of an immediate relaunch while you continue the checks.

We tested that SpyHunter successfully removes Cridex* and we recommend using it. It will block Cridex from reinstalling itself and it will make sure your device is clean from any malware.

SpyHunter Logo Try Free For 7 Days*

Buy now15% OFF if you buy straight without trial.

Advanced Anti-Malware Protection

Blocks Harmful Websites

Custom Malware Fixes Just For You

Prevents Re-installation

OFFER*Source of claim SH can remove it. Trial w/Credit card, no charge upfront; full terms.

Delete Remaining Cridex Trojan Files

Many infections stay persistent by dropping small launchers and helper files into common system and user folders, then wiring them to start at logon. The goal in this stage is to remove relaunch points and leftovers so Cridex cannot quietly rebuild itself after you delete a single file. Check the locations below carefully and delete only items you cannot identify.

3. Remove Cridex startup items and leftover folders

15 mins
    Remove Cridex startup items and leftover folders1

  1. 1
    3.1
    Start with Startup folders that can relaunch Cridex: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup and C:\Users\YourUsername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup. Remove unfamiliar shortcuts or executables.
  2. 2
    3.2
    In each Startup folder, keep desktop.ini and delete other suspicious entries. If Windows blocks removal, use LockHunter to unlock and delete the item.
  3. 3
    3.3
    Next, check C:\Program Files and C:\Program Files (x86). Delete newly created, empty, or oddly named folders that do not match software you intentionally installed.
  4. 4
    3.4
    Also review user locations: C:\Users\YourUsername\AppData\Local\, C:\Users\YourUsername\AppData\Local\Programs, and C:\Users\YourUsername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs. These paths often hold launchers, updater stubs, or scripts.
  5. 5
    3.5
    delete temp files
    Clear temporary data: open C:\Users\YourUsername\AppData\Local\Temp, press Ctrl + A to select everything, delete the contents, and then empty the Recycle Bin.

Remove Cridex Scheduled Tasks

Scheduled tasks are a common way for unwanted software to restore itself after you delete files, because Windows can run them at logon, on a timer, or on other triggers. Review each taskโ€™s actions to see what will execute and from where, then remove the pieces so Cridex does not come back after the next restart.

4. Remove Cridex tasks that relaunch the infection

15 mins
    Remove Cridex tasks that relaunch the infection1

  1. 1
    4.1
    task scheduler
    Open Task Scheduler to find triggers that can bring Cridex back. Search for it in the Start Menu, launch it, and expand the Task Scheduler Library to review tasks in your account and system folders.
  2. 2
    4.2
    Double-click a task to open Properties, then check Actions to see the exact file that runs and whether it uses parameters.
  3. 3
    4.3
    Pay extra attention to tasks that point into user folders like AppData or Roaming, especially when the task name is unfamiliar. These are common hiding places for unwanted payloads.
  4. 4
    4.4
    If a task is clearly unwanted, copy the full path shown under Actions, then delete the task from Task Scheduler so it cannot run again.
  5. 5
    4.5
    Go to the copied path and delete the referenced executable or script. Removing both the task and its payload prevents relaunches after reboot.
  6. 6
    4.6
    Repeat this review across every folder under the Task Scheduler Library, including installer-created subfolders. Persistence is often tucked behind generic names.

Clean the Windows Registry from Cridex

Even after files and tasks are removed, Registry data can remain as startup hooks or references pointing to old paths. The aim here is to remove only entries you can confidently tie to the infection while leaving legitimate vendor keys intact. Move slowly, double-check each value, and remove targeted leftovers so Cridex does not regain persistence.

5. Remove Cridex registry leftovers carefully

15 mins
    Remove Cridex registry leftovers carefully1

  1. 1
    5.1
    Open Registry Editor to review autostart data that can keep Cridex active. Press Win + R, type regedit, and press Enter.
  2. 2
    5.2
    Press Ctrl + F and search for the exact program name you removed earlier. This often reveals orphaned keys, including services or shell entries.
  3. 3
    5.3
    When you find a match, select the key in the left pane and delete it. Continue with F3 until there are no further results across the Registry.
  4. 4
    5.4
    Repeat the same search and removal process for any other suspicious programs you identified during earlier steps. Clearing leftover keys reduces the chance that helper components can restore parts of the infection.
  5. 5
    5.5
    Run one more search for the exact threat name. Removing a leftover value that points to a missing file can prevent components from being recreated at startup.
  6. 6
    5.6
    Check these common autostart and policy locations:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
  7. 7
    5.7
    In each location, inspect the right pane for values that point to unknown executables or unusual directories. Delete only the specific value so you do not disrupt legitimate components.

Restart Windows to finish. After the reboot, confirm startup looks normal, check that nothing unexpected relaunches, and verify browsers and installed apps behave as usual. If symptoms continue, an offline scan can help detect hidden components and confirm no scheduled tasks or startup values remain.

blank

Brandon Skies

Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

Is Your PC Secure?

Protect your PC & prevent malware with SpyHunter (Try Free For 7 Days*)

Download SpyHunter Now
(Windows)