Remove Dridex

Jean Sugoi Adware No comments

Dridex is a malware known for being behind the theft of millions of euros in no less than 10 different countries around the world since October 2014. Dridex was developed in Eastern Europe attacking both the general public as much as enterprises. The United States of America and the United Kingdom are on the top of the list of countries affected by Dridex. 

dridex

Dridex works as any other malware out there spreading itself with attached files in phishing e-mail messages. Usually the attached file is an Office file containing malicious VBA macros. Opening the door for this malware is as simple as opening the attached file, the macros will make sure the malware is downloaded. As soon as the malware is installed is able to steal bank data from the affected user. This kind of malware is often developed with great care not to raise suspicious, even its messages are written in good English, including the subject and the text. Usually the text is related to some alleged charging issue, in an attempt to make the user open the file.

However Dridex goes beyond being a simple malware, it has a whole network of infected PCs and servers, which are used to send over the stolen information. These servers have been confiscated by the authorities in an effort to dismantle the network. It was a joint effort by the FBI and the NCA (National Crime Agency), the European agency working against cyber-crime, that manage to dismantle Dridex‘s network as announced on October 13, 2015. The presumed administrator of this network is Moldavian citizen Andrey Ghinkul aka “Smilex”, and was arrested earlier in the summer. He might be extradited to the United States to be prosecuted.

If you wish to protect yourself from this kind of problem, you must:

  • Restrain yourself from opening attached documents whose sender you don’t know or those you never asked for.
  • Deactivate macros execution on all office software
  • Keep your OS and antivirus updated.

If you suspect you might be affected by Dridex or are actually sure of it, you can use our guide to remove it.

You should know that Dridex is considered as a parasite by 49 security software.
File information
File name:
czqwu4q8.exe

Common path:
C:\Users\user\AppData\Local\Temp\czqwu4q8.exe

Analysis date:
20 October 2015

Scanner detections:
49 / 54

Scan engine
Detection
Malwarebytes
Trojan.Dridex
ESET-NOD32
Win32/Dridex.P
BitDefender
Trojan.GenericKD.2676340
Kaspersky
Trojan.Win32.Yakes.lsuv
Symantec
Trojan Horse
Panda
Trj/Genetic.gen
DrWeb
Trojan.Dridex.190
Comodo
UnclassifiedMalware
Avira
TR/Agent.130639
AVG
Generic36.BWZI
Bkav
HW32.Packed.1AE7
TotalDefense
Win32/Remex.ZBAJ!suspicious
MicroWorld-eScan
Trojan.GenericKD.2676340
nProtect
Trojan/W32.Agent.130639.C
CAT-QuickHeal
Backdoor.Drixed.r4
McAfee
Generic BackDoor.u
Zillya
Trojan.Dridex.Win32.232
K7AntiVirus
Riskware ( 0040eff71 )
K7GW
Riskware ( 0040eff71 )
TheHacker
Trojan/Dridex.p
Arcabit
Trojan.Generic.D28D674
Agnitum
Trojan.Yakes!5BP1dnmr3GA
Cyren
W32/DridLd.ZMYI-7619
TrendMicro-HouseCall
TSPY_DRIDEX.XYUO
Avast
Win32:Dridex-AM [Cryp]
NANO-Antivirus
Trojan.Win32.Yakes.dvthso
Tencent
Win32.Trojan.Yakes.Aiia
Ad-Aware
Trojan.GenericKD.2676340
Sophos
Troj/Dridex-GL
F-Secure
Trojan.GenericKD.2676340
VIPRE
Trojan.Win32.Generic!BT
TrendMicro
TSPY_DRIDEX.XYUO
McAfee-GW-Edition
BehavesLike.Win32.Backdoor.ch
Emsisoft
Trojan.Win32.Dridex (A)
F-Prot
W32/DridLd.CA
Jiangmin
Trojan/Yakes.bkib
Antiy-AVL
Trojan/Win32.Yakes
Microsoft
Backdoor:Win32/Drixed
ViRobot
Backdoor.Win32.Agent.130639[h]
AhnLab-V3
Backdoor/Win32.Drixed
GData
Trojan.GenericKD.2676340
ALYac
Trojan.GenericKD.2676340
AVware
Trojan.Win32.Generic!BT
VBA32
Trojan.Yakes
Baidu-International
Trojan.Win32.Yakes.lsuv
Rising
PE:Malware.RDM.00!5.6[F1]
Ikarus
Trojan.Win32.Dridex
Fortinet
W32/DRIDEX.GL!tr
Qihoo-360
HEUR/QVM07.1.Malware.Gen

Show the other 45 anti-virus detections


How to remove Dridex ?

This page is a comprehensive guide, which will remove Dridex from your computer. Please perform all the steps in the correct order.

Remove Dridex with MalwareBytes Anti-Malware

Malwarebytes Anti-Malware is an important security program for any computer user to have installed on their computer. It is light-weight, fast, and best of all, excellent at removing the latest infections like Dridex.

Remove Dridex with malwarebytes anti-malware

  • Download MalwareBytes Anti-Malware :
    Premium Version Free Version (without Real-time protection)
  • Double-click mbam-setup-consumer.exe and follow the prompts to install the program.
  • Once installed, Malwarebytes Anti-Malware will automatically start and you will see a message stating that you should update the program, and that a scan has never been run on your system. To start a system scan you can click on the Fix Now button.
  • Malwarebytes Anti-Malware will now check for updates, and if there are any, you will need to click on the Update Now button.
  • Malwarebytes Anti-Malware will now start scanning your computer for Dridex.
  • When the scan is done, you will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected. To remove the malicious programs that Malwarebytes Anti-malware has found, click on the Quarantine All button, and then click on the Apply Now button.
  • Reboot your computer if prompted.

Remove Dridex with HitmanPro

HitmanPro is an anti-virus program that describes itself as a second opinion scanner that should be used in conjunction with another anti-virus program that you may already have installed.

Remove Dridex with HitmanPro

  • You can download HitmanPro from the below link:
    Download HitmanPro
  • Double-click on the file named HitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows).
  • Click on the Next button, to install HitmanPro on your computer.
  • HitmanPro will now begin to scan your computer for Dridex malicious files.
  • When it has finished it will display a list of all the malware that the program found as shown in the image below. Click on the Next button, to remove Dridex virus.
Your computer should now be free of Dridex. If you are still experiencing problems while trying to remove Dridex from your computer, please start a new thread in our support page. Someone will give you free assistance very fast !
Click here to go to our support page.

This guide helped you?

This site is completely free, thank you for supporting us!
Share this article and let others know this article will help them. Click the buttons below!
Remove Dridex 3 / 5 (2 votes)

Removal Instructions in other languages

Supprimer DridexEliminar Dridex

Leave a Reply