How to scan and clean a computer with Emsisoft Emergency Kit

Table of Contents

1. Introduction


2. Setup


3. Download Updates


4. Running a Full Scan


5. What to do if Malware is Found


6. Section Overview


7. Other Emergency Kit Goodies


8. Additional Recommendations

Introduction

The Emsisoft Emergency Kit is a bundle of 3 malware removal programs: Emsisoft Emergency Scanner, Emsisoft Commandline Scanner, and Emsisoft BlitzBlank. The free kit is meant to be used in emergency situations; for example, if you are disconnected from the Internet and need to run a malware scan, or if you have run a malware scan with another product and want a second opinion.

This tutorial provides step-by-step instructions on how to scan and clean your computer with the Emsisoft Emergency Scanner. It also provides a brief introduction to the Emsisoft Commandline Scanner and Emsisoft BlitzBlank.

Emsisoft Emergency Scanner Setup

If you have reached this tutorial through Emsisoft Emergency Scanner’s help link, the program is already setup and you may skip to Step 2.

Download:

If you don’t yet have the Emsisoft Emergency Kit, download it here.

Extract:

Once the kit has downloaded, open it. It will then automatically extract its contents to c:\eek\ and place a shortcut on your Desktop.

Run:

After extraction, simply double-click the Emsisoft Emergency Kit shortcut that appears on your Desktop, and select the Emsisoft Emergency Kit Scanner. If Windows issues an alert and asks for your permission to run the program, allow it to run.

Note: By downloading and extracting these files, you have not installed anything on your computer. If you wish to remove the Emsisoft Emergency Kit, simply delete its files and shortcut, and all traces of the program will be erased.

Download Updates

If you are connected to the Internet, you should update Emsisoft Emergency Scanner’s malware signatures before running a scan. In fact, if you’re opening the program for the very first time, it will prompt you to do so.

Select Yes, and the program will update when it launches. Next, you will be asked if you’d like to detect potentially unwanted programs, or PUPs. We recommend that you select Yes. For more on PUPs, see our knowledgebase article: What is a PUP.

You will now need to wait a few moments, while the updates download.

Once updating is complete, click the Scan tab in the Menu bar.

Run a Full Scan

Now you are ready to run a scan. Within the scan section, you will see 4 options: Quick Scan, Smart Scan, Full Scan, and Custom Scan. You’ll see that the program recommends running a Smart Scan, which is optimized to scan locations where malware typically infects. Smart Scans are good for most users, and they typically do not miss malware; however, if you want to be absolutely thorough you should run a Full Scan.

A Full Scan will take longer, but if this is the first time you are scanning your computer for malware it is the best option.

What to do if Malware is Found

The Full Scan will take some time. Hopefully when it is done, it will not have found any malware. Unfortunately, this is not always the case.

If malware is found during the scan, all detected files will be displayed and preselected in the results screen. At this point, you will be given the option to Quarantine Selected or Delete Selected. We recommend you select Quarantine Selected.

Quarantining the malware will completely disable it by wrapping it in an encrypted container. This will render the malware harmless, while allowing it to be analyzed by one of our technicians if needed or restored in the off chance it is a false positive. If you opt to Delete Selected, you will instead irreversibly delete the detected files – so only do this if you are absolutely certain they are malicious!

Very rarely, a scan may also detect a rootkit that cannot be automatically removed without damaging your system. If this occurs, you will be prompted to contact one of our malware removal experts in the Emsisoft support forum.

Section Overview

Once you have Quarantined any files detected by a Full Scan, your computer will be malware-free. Now you can explore the Emsisoft Emergency Kit Scanner in full, to become more familiar with the program.

Overview Screen

The Overview screen can be reached from any section, by clicking the Overview tab in the program Menu bar. Overview is Emsisoft Emergency Scanner’s “home base,” and it’s where all the magic begins.

Scan Screen

If you’ve gone through the tutorial, you’ll already be familiar with this one. You can access the Scan screen by clicking the Scan panel in the Overview screen or the Scan tab in the program Menu bar. In addition to a Full Scan, Emsisoft Emergency Scanner can run a Quick Scan, a Smart Scan, and a Custom Scan on specific files. See each scan’s description to figure out what you need.

Quarantine Screen

If you quarantine detected files after running a scan, you can safely access them from the Quarantine Screen. Access Quarantine by clicking the Quarantine panel in the Overview screen or the Quarantine tab in the program Menu bar. In Quarantine, you can re-scan files, save copies of files, submit files to Emsisoft for analysis, restore files, delete files, manually quarantine suspicious files, and save quarantine lists.

Logs Screen

Emsisoft Emergency Kit Scanner keeps Quarantine logs, Scan logs, and Update logs. All of this information is accessible through the Logs screen, which can be reach by clicking the Logs panel in the Overview screen or the Logs tab in the program Menu bar. Logs are good for personal reference (if you’re feeling geeky) and helpful to our analysts if you ever encounter a complication.

Settings Screen

Finally, we have the settings screen – accessible from the Settings panel in the Overview screen or the Settings tab in the program Menu bar. The Settings screen lets you define how the Emsisoft Emergency Kit Scanner will operate. Of particular note are Privacy Settings. Here you can opt-in to the Emsisoft Anti-Malware Network, which will give the program permission to collect anonymous information about malware it finds on your computer. Joining the network is completely optional, but it can help improve our products’ overall malware detection capabilities.

Other Emergency Kit Goodies

Emsisoft Commandline Scanner

The Emsisoft Emergency Kit also includes the Emsisoft Commandline Scanner,  a console application for professionals who don’t need a setup or graphical user interface. Emsisoft Commandline Scanner features are nearly identical to those of the graphical Emsisoft Emergency Kit Scanner, and experts have called its latest incarnation “one of the most sophisticated command line scanners around.” Emsisoft Commandline Scanner makes all features of the Windows scanner available at the command line, perfect for use in automated batch scripts. For more information, see product details.

 

Emsisoft BlitzBlank

Last but not least, all Emsisoft Emergency Kit downloads also include Emsisoft BlitzBlank, a small but effective tool that can completely remove malware files that actively oppose deletion. Emsisoft BlitzBlank is made for experienced users who deal with malware on a daily basis. It can delete files, Registry entries and drivers before Windows and all other programs are loaded. For more information, see product details.

 

Additional Recommendations

Copy onto a USB stick

If after cleanup and exploration you decide to keep the Emsisoft Emergency Kit around, we recommend copying the program onto a USB stick. This will ensure that the kit is fully accessible in any malware emergency. Placing the kit on a USB stick will also make it easier to share with friends.

Professional Licensing

The Emsisoft Emergency Kit is now also available for PROs!

PRO licensing starts at $99 per year, for up to 250 scanned PCs and includes a high-quality aluminum 16 GB USB flash drive, a free Emsisoft Anti-Malware license for 1 PC/1 year and free shipping. Larger license packages for 500, 1000, 2000 and more PCs per year are also available. See product details and purchase options.

Have a Great (Malware-Free) Day!

 

Related Posts:

• Emsisoft Emergency Kit 9 Beta available


• Emsisoft Commandline Scanner – a small tool with a…


• Emsisoft Emergency Kit 4.0 released!


• Highest CNET rating for Emsisoft Emergency Kit


• Linux Rescue CD: a help or a hinderance?

How to scan and clean a computer with Emsisoft Emergency Kit

Achieving Internet Simplicity

2014 has so far been a year of cyber security headlines.

Massive data breaches and hacks have occurred on what seems like a bi-weekly basis, and new revelations of governmentally funded intrusions seem to spring up just as quick. As this article is being written, the tech-headlines read that Vodafone allows the government to tap its communication systems. By the time this article is completed, another, equally panicked headline will undoubtedly emerge.

Many choose to tune out all the cyber-panic-noise. Some even go as far as ignoring cyberspace completely – and in truth, that is probably the most effective approach to cyber security of all.

Don’t want to worry about being hacked?

Then don’t go on the Internet. Simple as that. It may sound extreme, but some people do indeed live this way. They don’t fuss about Heartbleed, and they don’t run home from work to change their eBay password as soon as they possibly can when they hear about a massive breach. They simply don’t use computers, and they are fine.

Not using the Internet works quite well in terms of online protection – but if you are reading this article, chances are about 100% that this approach will not work for you. So, then, what will?

Here at Emsisoft, we think the answer for most everyday users is Internet Simplicity.

Internet Simplicity as a Mindset

For modern-day people living in a hyper-connected world, not going on the Internet at all would seem modern-day lunacy. For many working professionals, it would also be logistically impossible. Nevertheless, Internet Simplicity is still an achievable state and by no means an absolute one. You can make your Internet experience simpler, and as a result more private and secure, simply by reducing the number of “moving parts” in your “Internet system.”

One need not be a computer scientist or physicist to appreciate this logic – though many from such professions have expanded upon the topic of chaos at length. When it comes to Internet security, less can in fact be more; that is, if you are careful about what you remove and what you retain.

Internet Simplicity Techniques

Shed Some Layers

First things first: take a step back and look at everything you do on the web.

Consider how many profiles you may have created at who-knows how many websites, and think about all of the information you have shared when you created each one. Then, think about everything you may have done with each website, be it anonymous observation, personal communication, photo/video sharing, or financial transaction. Then, see if you can remember each username and password for each website. If you can do this last part off the top of your head, your Internet identity is probably insecure.

Anyone who can remember all of their usernames and passwords either a) already has very little interaction with the web, b) has an outstanding memory, or c) is reusing usernames and passwords that are probably easy to remember and therefore weak.

If you fall under category C – which, let’s be honest, most of us will – the first thing you can do to remedy your situation is get rid of some of those accounts. This may take some time, but in the long run it is totally worth it. Chances are that many of your online accounts have fallen to disuse, but that doesn’t mean that the personal data you have stored on them has disappeared. Disused accounts with weak passwords are open doors for hackers. To close these doors, simply delete the accounts you don’t need, or change their passwords to something more secure.

After you have “shed some layers,” there will simply be less of you available on the web to steal. Once you have done this, you could then consider using a password management application like KeePass to help consolidate your digital credentials. If, however, you’ve shed enough accounts, you will not need one. There is always also the trusty pencil and paper technique.

But Keep Some Layers Too

Ok, so you know how we just said to shed some layers? You’re going to want to keep some layers and maybe even add some layers too. This doesn’t mean adding more Internet entryways, though. It means increasing the complexity of your “lock.”

If that last paragraph seems a bit cryptic, well, then, that’s entirely fitting for a conversation about security. But consider the following:

• Do you use your real name on your Facebook, Twitter, or Google + profile?


• Do you maintain a “buffer” email?


• Do you have two factor authentication enabled on accounts that allow it?


• Do you minimize Ecommerce risk by placing an extra layer – such as PayPal or a credit card – between the merchant’s website and your cash?

All of these little extra layers are simple ways to enhance your online privacy and security, and none of them require any specific technical prowess at all.

Follow Brian Krebs 3 Basic Rules for Online Safety

After you have begun the process of shedding online accounts that you don’t need, and adding a few simple layers to your online lock, you should extend this process to all of the applications that are installed on your computer. Internet security expert, Brian Krebs, outlines this process best with his 3 Basic Rules:

1. If you didn’t go looking for it, don’t install it!


2. If you installed it, update it.


3. If you no longer need it, remove it.

Much like any online user account, any application that is installed on your computer and that connects to the Internet is a potential doorway into your PC. These doorways open when an application has a vulnerability, or a flaw in its code that can be exploited by a hacker to gain remote access to your PC. Some applications have more vulnerabilities than others, and it is generally wise to be careful about what you eat.

Limiting the amount of apps you use on your PC also has the added benefit of increasing system performance. This goes for legitimate applications that are simply superfluous to what you need to get done when you go on your PC as well as Potentially Unwanted Programs – a most devious class of applications that wastes space and that can dismantle your personal privacy by sharing information with money hungry third parties, or worse.

Respect Your Computer

If you are really worried about malware, and want to go above and beyond in terms of protection, then you can simply avoid behaviors linked to malware infection. For example, if you are using a computer to run your business, only use that computer for business related tasks and isolate it on a firewall.  Get your Internet entertainment on a different computer entirely. Not only will you be safer from malware, you will probably find that you’re more productive too.

Internet Simplicity Tools

This year’s increased attention on Internet security has no doubt produced an increased demand in Internet Security products. Once again, however, these products aren’t much good if they are overly complicated and difficult to use. More than enhanced Internet Security solutions, people want simplicity. In response, many companies are providing just that.

Here at Emsisoft, our response to Internet Simplicity demand is agreement. PCs are tools, the Internet is a means of connecting these tools, and these tools and this connection work best when things are kept simple and clean. More than agreement, however, we have been working on a simplified product: Emsisoft Anti-Malware 9.0. This new offering features our most user friendly interface yet, and it has been streamlined for seamless integration with Windows 8 & 8.1. For end users, this means ease of use without sacrificing protection and without needing an overly complex mechanism running on your machine.

But we’re not the only ones who have adopted Internet Simplicity.

Companies across the web are jumping complexity’s ship and swimming to Simplicity’s shore. After you have versed yourself in the techniques outlined above – removing what you don’t need, and keeping what you should – we recommend checking out some of the latest developments in securing a simpler web.

Google Mail End-to-End Encryption

Announced in early June, End-to-End will attempt to simplify email encryption between Gmail and non-Gmail accounts. According to Google’s latest Transparency Report, roughly 65% of email sent from Gmail accounts to accounts hosted by other email providers is not encrypted; and, roughly 50% of email sent from accounts hosted by other email providers to Gmail is not encrypted either.

DuckDuckGo Search Engine

As much as Google strives towards simplicity and transparency, many users have setbacks about the way the corporation tracks user Internet usage for profit. In response, a new breed of “privacy-centric” search engines have emerged. The current leader of this pack is DuckDuckGo. DuckDuckGo has been around for some time, but in a year where Internet privacy issues have become routine headlines, the service provider has attracted considerably more attention. In addition to privacy, many users also prefer its simplified search engine.

The Onion Router Network, or “Tor”

Though not the simplest application from a how it works perspective, Tor has come a long way in terms of user friendliness. Originally a research project headed by the U.S. Navy, Tor is now a downloadable Internet browser package that requires no more technical competence to use than Internet Explorer, Mozilla Firefox, or Google Chrome. As an added perk, Tor also ensures complete Internet anonymity – see more about Tor here.

Bottom Line – Security Should Be Simple

The Internet is the first thing that humanity has built that humanity doesn’t understand, the largest experiment in anarchy that we have ever had.

–Eric Schmidt, Executive Chairman of Google

Even if there were no malware and if online crime did not exist, the Internet would still be one of these most complicated creations you deal with on a daily basis.  Having to think (and worry) about Internet Security every time you go on the web does not help this situation at all. Furthermore, if the Internet is part of your daily workflow, you have probably at some point or another realized just how difficult it is to remain paranoid and efficient at the exact same time.

Security in all realms does its job best when you don’t even know its doing it. This is not to say that quality security systems let the bad guys through, but rather that quality security systems take care of the bad guys quietly, so as not to disturb the peace of mind of the individuals they are protecting. Life – and especially digital life – is complicated enough. Security solutions – and especially digital security solutions – should not be.

The tools and tips outlined above are a good place to start for anyone looking to untie what may be an overly tangled, insecure experience with the web. As new technologies emerge, be they malicious or legitimate, one of the most potent protective measures any web user can take is to remain ever-selective about which technologies they interact with, which ones they share information with, and, ultimately, which ones they allow to access their life through their computer.

If you’re reading this article, chances are good that you’ve already let Emsisoft into your life – so thanks! We hope you like our new, simple software and our new, simple shield. Despite the facelift (and the improved performance), we’re still the same company at heart, and as long as you’re using us we’ll continue to keep your web experience safe, simple, and secure.

As for newcomers – well, if you’ve read this far, then you’re already on the right track: research everything before putting it on your PC. That includes your antivirus, and by extension that also includes Emsisoft! For more about our company, our software, and our vision of a Malware-Free World, look no further than our recently revamped About page, Who is Emsisoft?

 

Have a Great (Malware-Free) Day!

Related Posts:

• Protecting Yourself from Heartbleed


• Hacking Identity Theft: Entry points, tools and prevention


• Emsisoft Security Warning: 16 Million Email Accounts hacked…


• 2013: The Year We Were “Snowden”


• The World Cup and Malware

Achieving Internet Simplicity

Warning: Over 130,000 PCs infected by unimpressive Rovnix Trojan

As of late, the info-sec headlines have been dominated by zero days, data breaches and ransomware – both PC-based and mobile. This doesn’t mean that more traditional threats have fallen to disuse, though, or that they are any less dangerous. In fact, recent reports have indicated a significant spike in Rovnix trojan infections, a malware about which there really isn’t anything special at all.

Independent researchers report that over the last few months, they’ve witnessed approximately 130,000 Rovnix infections on Windows-based PCs, in the UK, Germany, Italy, the US, and Iran. As a trojan spread by email spam, Rovnix is the type of malware that displays annoying/scary symptoms, in an attempt to steal credit card information from infected users. Symptoms can range from pay-per-click pop-up ads, to a faked blue screen of death, to the prototypical ‘Your Computer is Infected’ scareware window. The malware is also designed to offer a solution to all of these problems, in the form of – you guessed it –  a fake security product. Users who enter payment information effectively share it with cybercriminals, receiving nothing in return, and participating in what’s pretty much the automated equivalent of the Tech Support Scam.

In all, Rovnix is not particularly inventive, and yet it has still managed to infect a large number of users and prove profitable for the criminals who spread it. Why is this the case? Most likely because outside the world of info-sec headlines, most people do not even know that threats like Rovnix exist. Cybercriminals leverage this lack of knowledge to make large profits, with little effort, and though it may be blasé to those in the know, malware like Rovnix may actually be the greatest threat to everyday Internet users around the world.

With un-inventive threats like Rovnix, prevention doesn’t necessarily hinge on anti-malware being able to detect it – it hinges on user awareness. To help stop such threats, let your friends know: The Internet is a Dangerous Place! Once they realize what they are actually dealing with every time they go online, they may be interested to know that Emsisoft handles 300,000 new threats like Rovnix every single day, and that independent tests confirm that Emsisoft Anti-Malware is one of the few security products available that can block absolutely everything.

Have a great (malware-free) day!

For more on Rovnix, see this recent article from TechWorld.

Anyone who thinks they may be infected by Rovnix should contact Emsisoft Support.

 

Related Posts:

• Banking Trojan Alert: MS Word macros spreading Dridex


• Alert: CHASE Phishing Emails Steal Credentials, Serve Dyre…


• Android Outbreak: Koler ransomware has learned how to worm


• Using Gmail Drafts to… Command and Control your…


• Emsisoft Alert: Netflix Tech Support Scam

Warning: Over 130,000 PCs infected by unimpressive Rovnix Trojan

Small business owners beware, phone system hacks can cost you

 

Anyone already running an anti-malware is well aware of the risks of running a business with, and through, computers. But what about your phone system? A recent article from The New York Times has exposed an old scam made new by Internet-connected calling systems, and it cost small businesses around the world $4.73 billion, last year alone. “Phone hacking,” as it’s called, involves cybercriminals leasing premium rate phone numbers and getting as many people to call in as they can. Each call earns the crooks a small commission, whether it’s from a real human or not, and so to maximize earnings organized criminals hack in to small businesses’ phone systems. Once access is obtained, the phones – which in many office environments now perform calling through a high-speed Internet connection – can be commanded to call the criminals’ premium rate lines, at the victims’ expense. To avoid detection, criminals will typically target businesses during off-hours, such as nights and weekends.

What makes this a concern for small business owners in particular is that many local carriers providing Internet-based phone services are not required by law to offer anti-fraud protection. This means that if their customers get hacked, their customers have to foot the bill – which can be as much as $200,000 from just one weekend of fraudulent activity.

How can you stay protected? Experts currently recommend turning off automated call forwarding if possible and adopting the use of strong passwords for both voicemail access and for placing international calls. Adopting an active awareness of all the ways your business can be breached – beyond just malware – helps too. For more on this topic, we recommend Emsisoft’s Hacking Identity Theft I and II.

 

For the original story, see Phone Hackers Dial and Redial to Steal Billions.

Have a great (fraud-free) day!

Related Posts:

• Phone fraud: Scammer uses Microsoft’s name to install…


• Google Maps Hackers Sinking Businesses to the Bottom of the…


• Warning: Don’t Get Vished


• Metadata and Mobile Security


• Emsisoft Alert: Netflix Tech Support Scam

Small business owners beware, phone system hacks can cost you

Warning: All unpatched Drupal 7 sites assumed to be compromised

Attention Drupal users: Drupal has published a Highly Critical Security Advisory.

If you use Drupal 7 to manage your website and you did not update to version 7.32 within a few hours of the latest Drupal vulnerability disclosure on October 15th, you should assume your website has been compromised by hackers and take immediate action. If you have not yet updated to v7.32, applying the update now will not guarantee that attackers haven’t installed a backdoor in your website. Furthermore, if the update has been applied – and your website administrator was not the one who applied it – this may actually indicate compromise, as hackers will do this to prevent their competition from compromising your site as well.

For comprehensive protection, Drupal recommends recovering your website from backups or rebuilding it entirely, as soon as possible. Step-by-step instructions can be found here.

More information on this threat

In the hours that followed Drupal’s October 15th vulnerability disclosure, hackers launched an automated attack that scanned the web for Drupal 7 sites that had not yet applied the patch. When a website was found, attackers would then install a backdoor to allow for future, remote access. Backdoor access to a website not only compromises administrator and user information, but it can also be sold for the purposes of hosting illegal content and spreading malware. Approximately 1.1 million people currently use Drupal, to develop and manage hundreds of thousands of websites.

More general information on what to do if your Drupal site is hacked can be found here.

Have a nice (malware-free) day!

 

Related Posts:

• Alert: If you’re running WordPress, it’s time to


• Alert: All in One SEO WordPress Plugin Vulnerable


• Covert Redirect Security Flaw in Sites Using OAuth and…


• Zero Day Alert: Unpatched Vulnerability in Internet Explorer


• Warning: Dropbox and Box File Sharing Security Bug

Warning: All unpatched Drupal 7 sites assumed to be compromised

Using Gmail Drafts to… Command and Control your Computer?

For those who (over) think before they email, the Drafts folder can be both blessing and a curse. Anyone who has ever accidentally sent an unfinished draft to a coworker, new contact, or friend will probably even go one further: unfinished drafts that reveal what you’re thinking before the thought is polished and ready to be sent can be embarrassing and unprofessional. Thanks to the unending nefariousness of malware writers, the email drafts folder can now also be considered dangerous.

Researchers have uncovered a variant of the Icoscript RAT that uses Gmail draft folders to issue commands to and collect data from infected computers. Many types of malware do this latter part – that is, connect to a “command and control” server,  to provide updates and steal information – but the use of draft emails to make this happen adds a new layer of stealth to the process.

According to reports, attackers are able to pull this off because they can use the remote access trojan to open an invisible instance of Internet Explorer on the infected computer. Windows is built to allow programs to do this, to perform behind the scenes information gathering. With Icoscript, attackers are leveraging this capability to log into an anonymous Gmail account and issue C&C commands through an unsent draft. Conversely, the malware is also designed to place stolen data in drafts for cybercriminals to collect. In effect, attackers have created a malware communication channel, with a trusted program, where nothing is ever actually sent. This makes the malware much harder to detect than programs that perform C&C communication through other protocols, on many of which strange activity will be detected by anti-malware.

Those who have discovered this clever little draft trick – that’s also sometimes used by people who have affairs to exchange messages on a shared email -  stress that “there’s no easy way to detect its surreptitious data theft without blocking Gmail altogether.” For end users, this means that protection hinges on prevention. Icoscript may be good at hiding itself, but it still has to work its way onto your machine. If you’re using an anti-malware that processes roughly 225,000 new malware samples every single day, and you’re well-versed in all the ways cybercriminals use to trick people into installing their creations, it is very unlikely that this will occur.

You will still need to be careful about spilling your heart out in an email draft, though

Have a nice (malware-free) day!

For more information on Icoscript’s use of Gmail Drafts, see this article from Wired.

For a technical analysis, see Icoscript: using webmail to control malware by Paul Rascagnères.

 

 

Related Posts:

• 5 Million Gmail Usernames and Passwords Compromised


• New Sefnit Variant Adopts SSH to Commit Click Fraud


• ALERT: Google Drive Phishing Scam


• Zberp Banking Trojan: A Hybrid of Carberp and Zeus


• Emsisoft Malware Library

Using Gmail Drafts to… Command and Control your Computer?

Banking Trojan Alert: MS Word macros spreading Dridex

Within the last week, there have been a number of reports indicating an ongoing Dridex spam campaign primarily targeting people who bank in the United States and the UK. Like most banking trojan spam, the attack utilizes a malicious attachment; however, in a shift of strategy, Dridex’s distributors are now using Microsoft Word documents containing VBA macros to serve the malware and infect their victims.

What is a banking trojan?

The Dridex banking trojan is the type of malware that’s designed to steal your banking credentials, so that they can be used to log into your account and transfer your funds to criminals. Dridex essentially does this by ‘grabbing’ information you submit to certain websites. These websites are pre-specified by attackers, and they typically include those of popular banks. In any given distribution campaign – where a banking trojan is for example included in a malicious attachment and spammed to thousands of email addresses – these banking websites will vary, depending on the country in which the majority of targets reside.

How do you get Dridex?

This latest campaign began one week ago, when independent researchers noticed a number of fake Microsoft Word invoices, containing malicious VBA macros. These macros are small programs that instruct your computer to download Dridex from a legitimate website that has been compromised by the attackers. Once Dridex is installed, it can harvest credentials from any type of website you log into; however, in practice, banking credentials are most often collected.

How can I keep Dridex off my computer?

The first wave of this latest Dridex campaign saw a large amount of emails containing a fake MS Word invoice from Humber Merchants. This invoice had file name 15040BII3646501.doc, which downloaded Dridex from http://gpsbah[.]com/images/1[.]exe. To date, Emsisoft Anti-Malware is one of only a few products that prevents this variant of Dridex from executing.

For additional protection, users can also disable Microsoft Word macros, as this type of attack is relatively common and about a decade old. For MS Word 2013:

1. Open Word, click File, then click the Options tab


2. Click the Trust Center tab, then click the Trust Center Settings button


3. Click the Macro Settings tab, select the desired Disable all macros option, and click OK.

As always, caution when handling unsolicited emails with attachments and links can help prevent infection too.

What should I do if I have a banking trojan infection?

If you think you may have become infected by Dridex, DO NOT log into any account – financial or otherwise – via the compromised computer. For assistance, contact our experts at Emsisoft Support as soon as possible. Malware removal is always free, even if you aren’t an Emsisoft customer yet.

Have a great (Dridex-free) day!

For more information on Dridex, see this article from Palo Alto Networks.

 

 

Related Posts:

• Alert: CHASE Phishing Emails Steal Credentials, Serve Dyre…


• ALERT: Watch out for new Emotet Banking Malware!


• Alert! Monster.com Serving Gameover Zeus


• Malware Alert: Dyre steals Salesforce login credentials, and


• Attack of the Qbot: 6 years, 800,000 online banking…

Banking Trojan Alert: MS Word macros spreading Dridex