With the rising popularity of online banking services, the theft of financial credentials has become a popular criminal activity on the web. Aside from stealing access codes for personal bank accounts, hackers are now wanting to steal the details on credit cards and other payment modes.
One popular method that these cybercriminals use today is the so-called Dridex virus. What is it?
What is the Dridex Virus?
Dridex is a banking malware entity that uses macros in Microsoft Office to attack victims. Once a computer is infected, the cybercriminals behind the attack can steal banking information and other sensitive information on the system.
According to experts, Dridex has been derived from the Zeus Trojan horse malware. It was initially spread in late 2014 via spam email campaigns, which sent more than 15,000 emails per day. The cyberattacks targetted users in the United Kingdom, though.
What Does the Dridex Virus Do?
So, what does this virus do on your PC?
Dridex arrives on a computer via a malicious spam email that contains a Microsoft Word document attachment. Once the user downloads and opens the document, the macro embedded in the file triggers the download of the Dridex virus, allowing it to steal banking credentials and allow cybercriminals to perform fraudulent activities.
How Do You Know If Your PC Is Infected?
Here are some of the obvious symptoms of the Dridex virus:
- Poor Network Speed – Because the virus attempts to access your network resources to download a malicious program, you may likely experience a slow internet speed.
- Changes in the Registry – The virus may attempt to add new yet unnecessary registry entries. It may also modify the existing ones.
- Slow System Performance – Due to malicious programs installed by the virus, you may experience a slow system performance.
- Altered Browser Settings – The Dridex virus may modify your browser settings, pushing pop-ups to appear on your active browser.
How to Get Rid of the Dridex Virus?
Knowing what the Dridex virus can do, it is definitely worth knowing how to get rid of it. Good thing is that it is easy to do it on your Windows device. The removal method involves the use of Task Manager. Here’s a step-by-step guide on what to do:
- Launch Task Manager by pressing the CTRL + Shift + ESC keys together. You may also bring the cursor to the task bar, right-click on any empty space, and then select Task Manager.
- Go through the list and right-click on any suspicious-looking files.
- Select Open File Location.
- A new window will appear with the file on it. Right-click on the file and hit Delete.
Alternatively, you can follow these steps:
- Open Task Manager.
- Navigate to the Startup tab.
- Click on the suspicious processes and click the Disable button located at the bottom-right corner of Task Manager.
If none of the above worked, your last resort is to use a third-party malware detection and removal tool. Download and install one first. After that, run a quick scan. Once it finds a potential threat, you will be alerted and you get to decide whether to quarantine the threat or have it removed completely.
How to Protect Your System from Banking Threats
After removing the virus, the last thing you should do is to prevent future infections. Here are some tips we recommend:
- Keep your operating system updated. An outdated OS version is often an easy target for cybercrimes.
- Avoid opening spam emails. Even if these emails appear genuine, never fall for fraudulent tricks.
- Be on the lookout for third-party installations. They may come bundled with malicious applications that are a major source of infections.
- Use an antivirus tool. This way, your PC remains safe and protected as you surf the web.
- Run periodic scans to keep your files and data safe. If possible, have a backup of your files on an external drive or the cloud.
There are plenty of banking malware entities out there, so you should never be too careful. And remember, think before you click.