Dridex is a malware known for being behind the theft of millions of euros in no less than 10 different countries around the world since October 2014. Dridex was developed in Eastern Europe attacking both the general public as much as enterprises. The United States of America and the United Kingdom are on the top of the list of countries affected by Dridex.
Dridex works as any other malware out there spreading itself with attached files in phishing e-mail messages. Usually the attached file is an Office file containing malicious VBA macros. Opening the door for this malware is as simple as opening the attached file, the macros will make sure the malware is downloaded. As soon as the malware is installed is able to steal bank data from the affected user. This kind of malware is often developed with great care not to raise suspicious, even its messages are written in good English, including the subject and the text. Usually the text is related to some alleged charging issue, in an attempt to make the user open the file.
However Dridex goes beyond being a simple malware, it has a whole network of infected PCs and servers, which are used to send over the stolen information. These servers have been confiscated by the authorities in an effort to dismantle the network. It was a joint effort by the FBI and the NCA (National Crime Agency), the European agency working against cyber-crime, that manage to dismantle Dridex‘s network as announced on October 13, 2015. The presumed administrator of this network is Moldavian citizen Andrey Ghinkul aka “Smilex”, and was arrested earlier in the summer. He might be extradited to the United States to be prosecuted.
If you wish to protect yourself from this kind of problem, you must:
- Restrain yourself from opening attached documents whose sender you don’t know or those you never asked for.
- Deactivate macros execution on all office software
- Keep your OS and antivirus updated.
If you suspect you might be affected by Dridex or are actually sure of it, you can use our guide to remove it.
You should know that Dridex is considered as a parasite by 49 security software.
Show the other 45 anti-virus detections
How to remove Dridex ?
Remove Dridex with MalwareBytes Anti-Malware
Malwarebytes Anti-Malware is an important security program for any computer user to have installed on their computer. It is light-weight, fast, and best of all, excellent at removing the latest infections like Dridex.
- Download MalwareBytes Anti-Malware :
Premium Version Free Version (without Real-time protection) - Double-click mbam-setup-consumer.exe and follow the prompts to install the program.
- Once installed, Malwarebytes Anti-Malware will automatically start and you will see a message stating that you should update the program, and that a scan has never been run on your system. To start a system scan you can click on the Fix Now button.
- Malwarebytes Anti-Malware will now check for updates, and if there are any, you will need to click on the Update Now button.
- Malwarebytes Anti-Malware will now start scanning your computer for Dridex.
- When the scan is done, you will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected. To remove the malicious programs that Malwarebytes Anti-malware has found, click on the Quarantine All button, and then click on the Apply Now button.
- Reboot your computer if prompted.
Remove Dridex with HitmanPro
HitmanPro is an anti-virus program that describes itself as a second opinion scanner that should be used in conjunction with another anti-virus program that you may already have installed.
- You can download HitmanPro from the below link:
Download HitmanPro - Double-click on the file named HitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows).
- Click on the Next button, to install HitmanPro on your computer.
- HitmanPro will now begin to scan your computer for Dridex malicious files.
- When it has finished it will display a list of all the malware that the program found as shown in the image below. Click on the Next button, to remove Dridex virus.
Click here to go to our support page.