Vidar malware Removal Guide
What is Vidar malware?
Vidar is a dangerous data-stealer that collaborates with other threats to create a deadly malware mix
Vidar is a devastating type of computer infection that not only steals most sensitive information but also infects with GandCrab 5.0.4 ransomware
Vidar malware is a Trojan that belongs to an info-stealing type of computer threats. The virus is capable of harvesting a variety of information, including web browsing history, cookie IDs, cryptocurrency wallet data, comprehensive technical details of the device, messaging content, various credentials, screenshots, etc. Vidar was first discovered in late October 2018, although the closer analysis was performed in January when the virus was spotted being distributed together with the notorious GandCrab 5.0.4, although other malware can be downloaded as a secondary payload – it all depends on the configuration inputs used by hackers. Vidar malware mostly uses malicious advertisements in the combination of the Fallout or GrandSoft exploit kits to propagate and can be bought on the black market for around $700.
|Functionality||Steals a variety of sensitive information, delivers a secondary payload, communicates with C&C server|
|Distribution||Fallout and GrandSoft EK, malertising|
|Secondary payload||GandCrab 5.0.4 ransomware|
|First discovered||October 2018|
|Similar threats||AZORult, Zeus, Panda Banker, LokiBot Emotet|
|Termination||Use reputable security software like SpyHunter 5Combo Cleaner|
|Recovery||We recommend using ReimageIntego to to recover from virus damage|
Initially, researchers believed that Vidar malware was actually a string of Arkei virus. However, the in-depth analysis showed that it is in fact Vidar, which was closely related to the former, as differences between the two were relatively small. Nevertheless, the impact of the info-stealing capabilities is still huge, and those infected should immediately remove Vidar malware from their computers.
Vidar malware authors use exploit kits to infiltrate the virus into the system. The malicious ads are usually hosted on poorly-regulated torrent or video streaming websites. As soon as the victim clicks on the location-based ad, the Fallout or GrandSoft EK (however, the former is more popular – it accounts for more than 70% of total infections) is launched. If successfully exploited, users will find themselves infected with Vidar malware, along with GandCrab, or possibly other strings.
Once Vidar malware establishes itself on the system, it harvests a variety of information, such as:
- Cookie ID;
- Browser history of Google Chrome, Internet Explorer, Mozilla Firefox, Safari, Tor, etc.;
- Detailed technical data;
- Two-factor authentication software data;
- Loader settings;
- Crypto-wallet info;
- Notifications from various messaging apps;
- Various credentials, etc.
The aggregated data is then compiled into a file information.txt and sent off to a Command & Control server controlled by hackers. During the data-stealing process, Vidar malware launches several DLL files, including msvcp140.dll, mozglue.dll, softokn3.dll, vcruntime140.dll, and others.
Once Vidar virus completes the data-stealing procedure, it will then load GandCrab 5.0.4 ransomware which will encrypt all personal data and demand the ransom for file decryptor. Nevertheless, the official tool was released by BitDefender recently, and it can recover all the encoded data for free.
Due to the fact that ransomware is a rather “noisy” infection, it is practically impossible to fail to notice it; users will be concentrated on the secondary payload, not noticing that their credit card details, along with a large amount of other sensitive data are being stolen. For that reason, the damage Vidar malware can cause is probably as, or even more, destruction than that of a secondary payload.
Nevertheless, after Vidar malware removal, users should take extra steps to recover from the attack: change all passwords, contact the bank to check for illegal transactions, and also scan the device with such tools like ReimageIntego to make sure that no malicious components are left.
Vidar malware is a computer virus that was first spotted in October 2018 and initially thought to be Arkei - another data stealer it was based on
Update your software to avoid exploitation and install security application
Exploit kits are one of the more sophisticated malware infection methods used by cybercriminals. An exploit kit is basically a piece of software that serves hackers as a tunnel which allows exploitation of vulnerabilities in software like Adobe Flash, Java, Drupal, and even Windows operating system itself. All users have to do is visit a compromised site that hosts the kit, and the malicious payload will be delivered automatically via the flaw.
To avoid such course of events, users should always make sure that all their software is updated with the latest security patch, especially Windows updates, as they often include major patches for Adobe and similar vulnerable software. Thus, make sure your operating system is set to update itself automatically.
Other updates, such as Java or Adobe Flash can also be set to be updated automatically. Alternatively, users can download them from official sites. Be aware that hackers often abuse Flash player updates to install malware, so never download any fake updates that might pop-up on compromised websites.
Another way to protect yourself from exploits is by employing anti-exploit engines that can prevent the vulnerability from being abused. Many vendors include this functionality, so make sure you choose the one that has it.
Terminate Vidar malware together with its secondary payload immediately
Vidar, considering its sophisticated infection methods and the inclusion of the secondary payload, is possibly one of the most devastating infections. It can bring not only to stolen money from the bank account, but also identity theft, and personal file loss due to ransomware. The recovery process of such infection might be complicated, but first, you have to take care of Vidar malware removal.
To accomplish that, you need to make sure you download and install powerful security software that can remove Vidar virus, along with any other malware that could have been established with it. Download a security application and then enter Safe Mode with Networking, as explained below.
Once you terminate Vidar malware, make sure you use the decryptor by BitDefender if your files got locked by GandCrab.
Getting rid of Vidar malware. Follow these steps
Manual removal using Safe Mode
To remove Vidar malware, enter Safe Mode with Networking as follows:
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.
Step 1. Access Safe Mode with Networking
Manual malware removal should be best performed in the Safe Mode environment.
Windows 7 / Vista / XP
- Click Start > Shutdown > Restart > OK.
- When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list.
Windows 10 / Windows 8
- Right-click on Start button and select Settings.
- Scroll down to pick Update & Security.
- On the left side of the window, pick Recovery.
- Now scroll down to find Advanced Startup section.
- Click Restart now.
- Select Troubleshoot.
- Go to Advanced options.
- Select Startup Settings.
- Press Restart.
- Now press 5 or click 5) Enable Safe Mode with Networking.
Step 2. Shut down suspicious processes
Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Click on More details.
- Scroll down to Background processes section, and look for anything suspicious.
- Right-click and select Open file location.
- Go back to the process, right-click and pick End Task.
- Delete the contents of the malicious folder.
Step 3. Check program Startup
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Go to Startup tab.
- Right-click on the suspicious program and pick Disable.
Step 4. Delete virus files
Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:
- Type in Disk Cleanup in Windows search and press Enter.
- Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
- Scroll through the Files to delete list and select the following:
Temporary Internet Files
- Pick Clean up system files.
- You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):
After you are finished, reboot the PC in normal mode.
Remove Vidar malware using System Restore
System Restore might also be useful when dealing with malware infection:
Step 1: Reboot your computer to Safe Mode with Command Prompt
Windows 7 / Vista / XP
- Click Start → Shutdown → Restart → OK.
- When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
- Select Command Prompt from the list
Windows 10 / Windows 8
- Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
- Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
- Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
Step 2: Restore your system files and settings
- Once the Command Prompt window shows up, enter cd restore and click Enter.
- Now type rstrui.exe and press Enter again..
- When a new window shows up, click Next and select your restore point that is prior the infiltration of Vidar malware. After doing that, click Next.
- Now click Yes to start system restore.
Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Vidar malware and other ransomwares, use a reputable anti-spyware, such as ReimageIntego, SpyHunter 5Combo Cleaner or Malwarebytes
How to prevent from getting malware
Choose a proper web browser and improve your safety with a VPN tool
Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.
Lost your files? Use data recovery software
While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.
To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.