Severity scale:  

Remove Dridex virus (Virus Removal Instructions) - updated Jul 2019

removal by Julie Splinters - - | Type: Keyloggers

Dridex – a well-developed banking malware that also includes the keylogging feature

Dridex trojan
Dridex - malware that can avoid detection of antivirus engines

Questions about Dridex virus

Dridex, also recognized as Bugat or Cridex,[1] is a notorious piece of software that aims to steal banking details and track keystrokes of Windows users. Continuously, banking data theft has a big risk to be used for transferring money from victims' accounts to the crooks' and this way numerous users might experience huge monetary losses. It is known that the installation process of Dridex virus is based on harmless-looking Microsoft Word or Excel documents that appear clipped to misleading messages during email spam campaigns. 

Name Dridex
Type Malware
Modules  Trojan, worm, keylogger, botnet
Other names Bugat, Cridex
Target Windows users
Distribution Infectious Microsoft Windows or Excel documents, infected websites
Aim  To steal banking data and perform illegitimate money transfers
Detected as Win32:Trojan-gen, Trojan.GenericKD.41400500, Trojan.GenericKD.41400500 (B), Trojan.TR/AD.Dridex.nbtoz, Trojan.Packed2.41796
Active since 2014
Malware detection You can download and install software such as Reimage to detect malware traces and infected locations on your Windows computer

Dridex malware aims to operate in more than just one way on the infected computer system. Security experts have discovered that this notorious virus is capable of recording the victim's keystrokes and has gained the name of keylogger.[2] Tracking users key presses can relate to different types of illegitimate and dangerous activities.

For example, criminals who distribute Dridex banking trojan can use its key-logging feature for spying on sensitive login details, various account passwords, personal information, and the same credentials that we have talked about before. Collection of such data might relate not only in monetary losses but also to serious identity theft.

The antivirus avoidance feature is also the one belonging to Dridex trojan. Reports say that this malware might be hard to detect as it is good at hiding. However, some well-known anti-malware programs are still capable of spotting strings of this cyber threat and it can be found in these types of names:[3]

  • Win32:Trojan-gen.
  • Trojan.GenericKD.41400500.
  • Trojan.GenericKD.41400500 (B).
  • Trojan.TR/AD.Dridex.nbtoz.
  • Trojan.Packed2.41796.

Note that instant Dridex malware removal is a necessity once your anti-malware detects such threat names. Also, you can try using a program such as Reimage for searching for malware strings. It is very important to react fast as this trojan can inject other dangerous infections remotely and cause severe damage to your computer. This tactic is known as “injection attack”.

Dridex malware
Dridex is a dangerous malware that has been active since 2014

Nevertheless, Dridex is capable of disabling Windows Script Host objects by using the Application Whitelisting tool and its WMIC vulnerability. Additionally, this dangerous form of computer virus brings infectious VBS content to the system which is carried through XLS-based scripts. As you can see, it is very important to take quick actions after spotting the first signs of malware. Performing Dridex removal should be your first priority now.

There are many more activities that the virus might be capable of but they might not be identified yet. For example, Trojan viruses often overuse CPU and GPU power which causes regular system crashes. They also might end up placing infectious processes and files all over the system. So, remove Dridex and avoid possible computer and software corruption.

The name of Dridex has been known since 2014

Dridex has become a notorious celebrity already in 2014 when countless corporate users worldwide reported their stolen passwords of bank accounts. As a result, they suffered huge financial losses. Due to the complex and exquisite structure as well as distribution methods, the malware has succeeded in causing the entire chaos in the IT world.

Dridex virus techniques helped it to stand its ground among other aggressive computer threats and remain invincible. While the malware mainly targeted North America and Western Europe, now it moves further east. The Baltic states are the next target of this malware. Ordinary users are likely to become its victims as well.

Dridex virus

Talking about nowadays, the year of 2019, there were numerous reports coming out that Dridex has been avoiding antivirus detection and infecting computer systems worldwide without big effort. Nevertheless, experts revealed that the malware has expanded its distribution plot from email spam to misleading FTP pages.[4]

Information on other characteristics of the malware

Alternatively known as Worm.Win32.Cridex or Cridex, the threat is able to steal log-in data and passwords by making several significant modifications in the browser. Since it operates both, as a trojan and as a computer worm, it managed to escape detection of a security program in the past. Regarding its characteristics of a worm, it might infect a system via a link encountered in file sharing domain.

Once Dridex malware successfully settles on the computer, its trojan features get activated. Likewise, the malware meddles with your browser settings by redirecting you to the fake version of your bank instead of leading to the original site. As a result, it is able to track and record all your passwords and spy on your activity by taking secret screenshots of your computer screen.

Moreover, when Dridex botnet takes control of the device, you might notice occasional system errors and notifications to reboot the system. When the required information is collected, it is transferred to hidden hackers‘ servers. As a result, victims might suffer financial losses overnight or within a couple of hours.

The operation and transmission techniques of Dridex malware

Its distribution and operation ways are worth mentioning as they assisted the malware in to remain active for such a long time. The first signs of Dridex banking trojan were already spotted in 2014. Due to the botnet (the network of machines and devices which manage the distribution of the malware), the malware successfully infiltrated thousands of computers.

Dridex banking trojan
Dridex is a notorious form of malware that travels through infectious MS Word Documents or Excel files

Ordinary users may not be familiar with Dridex as it mainly targeted banks and financial institutions. Its success also lies in spreading the menace via macros embedded in spam messages. In order for victims to activate the threat, the hackers label the emails as invoices or financial report files. If the targeted operating system automatically enables the macros, the malware sets out to perform its misdeed. 

After the infiltration, the malware causes real havoc: it creates backdoors to secretly install other malignant files. Moreover, the malware has joined forces with multiple ransomware developers. It has been observed that such virus as Bart also facilitated the distribution of Dridex and Locky ransomware.[5] That is how this dangerous malware has also earned the name of Dridex ransomware.

Ensuring proper cybersecurity is a crucial step to take

Security experts from[6] warn users that taking recommended precautionary measures should be a crucial step for each person that uses a computer, laptop, or similar device. Malicious infections are ready to sneak into the system through different types of ways such as email spam campaigns, infected networks, malicious links, fake software updates, etc.

Talking about spam emails, the malicious payload will supposedly come inserted into a Microsoft Word document or into an EXE file. If you ever find such components clipped to an email, use a reputable anti-malware program to scan the entire content and identify rather it is harmful or safe to open.

Continuously, you should always have trustworthy antivirus protection working along your side while completing browsing work. Try avoiding all rogue-looking networks as they supposedly lack protection. These types of websites usually appear to be based on piracy, gambling, online-gaming, or porn-watching.

Dridex termination steps

Trojans and computer worms are surely highly destructive and frustrating viruses. In order to remove Dridex virus completely, update your anti-virus and install an additional security application, such as Reimage. This anti-spyware software is specifically created to confront such malware as this banking trojan.

In addition, it will help you block other samples of this category as well as ransomware threats. Manual Dridex removal is not recommended as detecting its executables might be a futile activity. Your cautiousness also plays a great role in increasing cybersecurity. However, what you can do on your own is rebooting your computer to Safe Mode or performing a System Restore.

These two below-provided features allow disabling malicious processes that might be ongoing on your machine and reversing previous changes that were made during the activation period of Dridex malware. However, do not feel too relaxed after the cyber threat vanishes as you need to ALWAYS follow security recommendations if you want to keep your device/machine protected from hazardous infections such as Dridex in the upcoming future.

do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with SpyHunter 5.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

To remove Dridex virus, follow these steps:

Remove Dridex using Safe Mode with Networking

Use these instructing steps to reboot your machine to Safe Mode with Networking and disable malicious processes:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Dridex

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Dridex removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Dridex using System Restore

Reverse all suspicious changes that were done to your computer by Dridex malware. Reboot your machine with System Restore:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Dridex. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Dridex removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Dridex and other ransomwares, use a reputable anti-spyware, such as Reimage, SpyHunter 5Combo Cleaner or Malwarebytes

About the author

Julie Splinters
Julie Splinters - Malware removal specialist

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Julie Splinters
About the company Esolutions


Removal guides in other languages

  1. ArthuryGibs says:
    September 23rd, 2016 at 6:42 am

    You shouldt really mess up with it.

  2. Nowayyy000 says:
    September 23rd, 2016 at 6:43 am

    Do malware removal utilities really help?

  3. peggy says:
    September 23rd, 2016 at 6:44 am

    It couldnt become worse…

Your opinion regarding Dridex virus