Severity scale:  

Remove HSBC virus (Removal Guide) - updated Jul 2019

removal by Ugnius Kiguolis - - | Type: Malware

HSBC virus – a spam campaign that includes TrickBot Trojan virus and NanoCore RAT

HSBC virus

HSBC virus is spam which is spread via misleading email messages that claim to be from HSBC Bank. There are different types of scamming letters and most of them claim that the payment process has failed and to fix things users need to download the attached file or provide some particular information. These malicious documents can come in names such as BACs.doc, Incoming_CHAPS_Form.doc, report11052018.xls, Paymentreceipt.xlsx, swift_274456.iso which includes swift_274456.exe. For example, the BACs.doc delivers TrickBot trojan and the swift_274456.iso payload carries NanoCore RAT which can initiate malicious activities when planted on a machine.

Name HSBC email virus
Type Spam tool/malware/trojan
Danger This spam campaign distributes Trojan viruses via dangerous attachments
Related files BACs.doc, Incoming_CHAPS_Form.doc, report11052018.xls, Paymentreceipt.xlsx, swift_274456.iso which includes swift_274456.exe
Malware TrickBot and NanoCore RAT
Detection Use Reimage Reimage Cleaner Intego antivirus for completing a full malware scan
Disabling Check at the bottom of the article for system reboot options

HSBC email virus can come in more than one message as there are several examples sent by the cybercriminals who are trying to misuse the bank's official name. There have been numerous reports about scams spreading via the HSBC name. One researcher discovered the illegitimacy of a scam message by highlighting the entire text and spotting the in-betweens (the hidden words).[1]

Another spam message reached the surface as an Importance Notice from HSBC. The email urged users to validate account details by clicking a hyperlink below that asked: “Get Started?”. Researchers discovered that after clicking the given link, you are taken to a fake website named that imitates an HSBC form.[2] This type of HSBC virus asks to log into personal banking through which credentials might be stolen.

Pyranet IT solutions have also released a report in the past about an ongoing HSBC email virus spam campaign and described in details all the steps on how not to mix fake messages with original ones. One of the ways is to identify the domain the message takes you to. Anything not related to the official HSBC website needs to be marked as suspicious and should be closed immediately.[3]

HSBC spamHSBC email virus is a spam campaign that sends fake bank messages and distributes Trojan viruses

HSBC virus even has been spread via SMS. The message claims that your account has been locked and to unlock it, you should click on the reactivation hyperlink.[4] Be aware as this is another type of spam content. Erase these types of messages and avoid clicking on the link as you might be redirected somewhere malicious or asked to enter your credentials/personal information. 

As long as HSBC email virus has numerous variants, you can receive any type of email. One of the most popular messages that might be sent by hackers for malicious purposes looks like this:

Subject: Important : Troubles processing BACs payment
Good Morning,
We’re having troubles processing your request, we encountered an error processing your BACs payment.
What we need you to do
1. The documents are delivered through secure email via an attached file from HSBC. Please be aware this may be delivered to the spam folder.
2. When you open the document a message will appear saying the document requires phone verification. When you click the Send Code button, a code will be sent to your mobile phone.
3. Key that code in to the Code box on screen and select OK. You will now be able to complete the fields in the document as required.
4. Please note that the signature you upload needs to be a clear, current version of your standard signature which once added to the bank mandate can be used to authorise such account transactions as the paying away of funds.
5. Please ensure when you complete the form, that full names including any middle names are included.
6. When the final signatory has completed and signed the documents they will then be returned to me via secure email.
Yours sincerely
James Holand

Transaction Processing Specialist | Operations BACs, Faster Payments, CDD |


If you ever spot some spam related to the HSBC organization, you need to remove HSBC virus from your email box immediately. Also, you should use an anti-malware tool such as Reimage Reimage Cleaner Intego to scan the entire system for possible malware traces. You need to still be careful as some suspicious threats might have entered your system through the email spam.

HSBC virus removal is also a necessity if you want to avoid possible trojan infections that these messages are capable of bringing. If at any case a dangerous virus has found a way to your system, you should look at the end of the article and discover ways how to disable malicious processes on your infected machine.

Although HSBC email virus is just a spam campaign and if you ignore its messages, you should not experience any damage, but by entering its links or downloading specific attachments you might have to face very dangerous consequences. This might relate to permanent data loss, exposure of personal information, and swindle of banking details.

HSBC email virusHSBC email virus is spam that distributes TrickBot Trojan virus and NanoCore RAT

The operation process of Trojan viruses

As you already know, HSBC email virus is capable of distributing trojan infections. These infectious pieces of software enter the system unknowingly throughout malicious attachments or hyperlinks. Once installed on the machine/device, alterings of system settings, registries, and files begin.

Some trojans are capable of providing remote access to the criminals that have created them. This is one of the most dangerous activities as by gaining remote access, the crook can modify anything in the victim's computer or steal any type of personal information. Such Trojan viruses are also known as RATs.[5]

Besides data collecting activities, trojans that get delivered by HSBC virus or similar spam campaigns are sadly-expected to overuse system resources. These symptoms show up in the Central Processing Unit and Graphics Processing Unit. If the power reaches 90% and more, such intense work can be very harmful to the computer.

Malware distributes through spam campaigns all the time

According to computer specialists from,[6] various malware forms, including Trojan viruses, ransomware, botnets, cryptocurrency miners, and similar, find there way into the system silently. This mostly happens when the potential victim opens a spam message and attachment or file that comes with it.

Always be careful while managing your inbox. Messages which fall straight into the spam section need to be eliminated without any doubts. Furthermore, always check for possible grammar mistakes, identify the sender, and any hyperlinks if there are some. For file scanning, use a reliable anti-malware program.

Delete HSBC email virus before any problems occur

If you have been dealing with this spam campaign, you need to make sure that HSBC virus removal is performed before anything bad happens. Use automatical software for the process and also download a scanning tool such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner, or Malwarebytes to find out if your computer system is clean and safe from malware after all.

However, if you remove HSBC virus and some malicious activities do reach the surface, you can disable all threatening processes by following the below-provided boot options. System Restore and Safe Mode with Networking are the methods that might help you to deactivate malicious components and stop them from performing further tasks.


do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove HSBC virus, follow these steps:

Remove HSBC using Safe Mode with Networking

If some type of malware has infiltrated your computer system, perform the below-given guidelines to activate Safe Mode with Networking and disable the threat:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove HSBC

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner Intego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete HSBC removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove HSBC using System Restore

Using System Restore on your infected computer might allow you to stop various malicious processes from being carried on further:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of HSBC. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner Intego and make sure that HSBC removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from HSBC and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions


  1. Tony Lynch says:
    November 14th, 2013 at 4:14 am

    I have just been infected on my laptop with a HSBC attack, the attachment reads Payment Advice-advice Ref: [G75189414758] /Priority Payment/customer Ref: [632585632U9I]
    This happened 14TH. November 2013, will your fix remove this virus?

Your opinion regarding HSBC virus