The PsiXBot malware is a key-logger or a backdoor Trojan that first came to the attention of cybersecurity researchers in 2017. Since its inception, the malware has evolved considerably from a simple Trojan to a full-blown malware entity that is able to load and execute code and with the ability to compromise entire networks.
What Does the PsiXBot Malware Do?
The PsiXBot malware is mainly distributed through a dropper such as the SmokeLoader Trojan. Once inside the victim’s computer, it will check whether the victim’s system language is Russian and if it is, it will terminate itself. This gives the indication that it is looking for targets outside of the Russian Federation. It also means that it is likely controlled by Russian cybercriminal groups.
The malware payload is deployed under %AppData%\Local\Microsoft\[filename].exe after which PsiXBot contacts its control and command center (C&C) which appears in the malware code as an array of bit names with weird naming such as mygranny.bit.
What the PsiXBot bot does on your computer is to forage for system details, such as the user name, system information, hard drive space, .Net framework version, user permission level, present antivirus software, and the OS version.
After sending these, it sits idle waiting for further commands from its masters. Depending on the goals of the cybercriminals, the PsiXBot virus will download additional modules that provide increased capabilities. Some of these capabilities allow it to execute code in the victim’s computer, steal passwords and credentials, and to log keystrokes.
These capabilities make it a very dangerous malware because if cybercriminals get credentials relating to banks and other sensitive accounts, they can use these to perpetrate financial and identity fraud. On the other hand, given that PsiXBot is a known malware loader, it can be used to download malware entities such as ransomwares that could also cause significant financial damage to the victim.
How to Remove PsiXBot Malware
Is there a way of removing the PsiXBot malware? With a powerful anti-malware solution such as Outbyte Anti-Malware, you can not only remove the PsiXBot malware, but also avoid secondary infections. The matter of secondary infections is especially concerning because PsiXBot is one of those persistent malware entities that keeps on resurfacing. So, if you are going to rely on one of those ‘free’ anti-malware software, it won’t be long before another more potent infection finds its way into your device.
To completely remove the PsiXBot malware, it is essential that your run your Windows PC on Safe Mode with the option of networking.
The Safe Mode option will limit the influence of other apps, except those that are default to the Windows OS, thus making it easier to troubleshoot PC issues.
The following steps will get you to the Safe Mode with Networking option on both Windows 10 and 7 devices:
- Open the Run utility app by pressing the Windows + R keys on your keyboard.
- On the Run utility, type ‘msconfig’ command into the command line and hit the Enter key.
- On the app that appears, go to the Boot tab and tick Safe boot under Network.
- Now, restart your computer.
Your device will restart in Safe Mode with networking and you can now launch the anti-malware or download it from the internet.
After the antivirus is done isolating and removing the virus and all its malicious code, launch a PC cleaner app that will remove all junk files in the %Temp% and downloads folder as it is very likely that the initial installer still exists somewhere among the files. A PC cleaner also comes with the added advantage of repairing broken, corrupt, or missing registry entries.
Windows Recovery Tool
For a malware entity that is as sophisticated as the PsiXBot Trojan, you should complement the efforts of the anti-malware as well as those of the PC repair software with at least one Windows recovery tool.
Windows recovery tools allow you to modify the Windows OS, apps, and files on your computer such that everything is as close to its default state as possible. For this PsiXBot malware removal guide, we are going to suggest you use either of the following Windows recovery tools:
System Restore restores the performance of your computer to a previous ‘state of performance’. So, if you have a restore point which was usually created when you are convinced that everything was running smoothly, you can use it as soon you start experiencing PC issues caused by malware entities or otherwise.
Here is how to use System Restore on a Windows device:
- On the Taskbar search, type ‘create a restore point’.
- Selecting the first result of this search which should take you to the System Properties app.
- Go to the System Protection tab and select System Restore.
- If there are restore points on your device, you should see them. Select the one that you want to use.
- Click to Scan for affected programs.
- Click Close > Next > Finish.
Reset this PC
The other Windows recovery tool that we recommend is the Reset this PC. This recovery tool gives you the option to either keep your files and folders or remove everything.
- Go to Settings > Change PC settings >Update and recovery > Recovery.
- You will see two options: Refresh your PC without affecting your files, or Remove Everything. If you choose the latter, know that there is no way to recover your files unless you have a backup somewhere.
- Click Get Started.
- Finish the process by following the instructions on the screen.
How to Avoid the PsiXBot Malware
Fine! You have now removed the PsiXBot malware. What’s next? Obviously, you would want to avoid the vectors that led to the infection in the first place.
PsiXBot is mainly spread through phishing campaigns that come in the form of fake invoices that are uploaded in legitimate file hosting platforms such as Dropbox. In some cases, compromised machines are used to spread the malware to an entire network. Knowing this, you can use the following tips to keep safe:
- Verify the authenticity of any invoices, payment files, or payment-related emails that you receive.
- Clean your computer of any personal data such as payment information, passwords, and other login credentials.
- Use a VPN to hide your IP address as that way, it is much harder for cybercriminals to craft a personalized attack.
- If you are part of an office that shares computers and other network resources, make sure that everyone is on the same page when it comes to cybersecurity.
- Most importantly, scan your computer often with a reliable anti-malware solution such as Outbyte Antivirus because even if a malware entity has somehow disabled your anti-malware defenses, you will know right there and then.