Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • Slow internet connection
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Trickbot Virus

Trickbot Virus is a Trojan-type malicious application that can enter your computer secretly and conduct its malicious activity that involves injecting its malicious script (webinjects) into Autralian banking websites. Without a doubt, you must remove this malicious application is your PC happens to become infected with it because this malware can extract your login and password and steal your money. Before we get into the details surrounding this infection, we would like to note that it is not by any means a unique application. It is very similar to Dyre (also known as Dyreza), a previously released banking Trojan and made its developers more than 10 million dollars, but also got them arrested by Russian authorities. To learn more about Trickbot Virus, we invite you to read this short description.

To our knowledge, this malicious application is distributed like your average ransomware. Email spam is used to distribute the dropper file that is attached to a malicious email. This email can be disguised as a tax return form, receipt or something of this nature. The malicious email is supposed to give you the illusion that it is legitimate and when you try to open its file attachment, it will run a malicious script and drop Trickbot Virus onto your computer. Furthermore, this Trojan may be distributed using websites that host downloads of pirated software. It is likely that it is attached to the zipped software installer or is embedded in a fake keygen application. Whatever the case may be, this application is designed to infect a computer in a clandestine manner.

Our research has shown that Trickbot Virus is designed to drop itself in %APPDATA% and delete the original sample. The name of its main executable file should be trick.exe, but that may not always be the case. It is also set to drop several additional helper files named client_id and group_tag. These two files are generated locally and are used to identify the individual bot and its campaign. Research has shown that the contents of these files are not encrypted and featured text written in Unicode. Once those two files are in place, this Trojan will connect to its Command and Control server and download a file named config.conf. After that, the Trojan will create a folder named Modules and download encrypted files named injectDll32 and systeminfo32. Once all files are in place, this malicious application will run and connect to the myexternalip.com server to get the visible IP address.

Trickbot Virus was written in C++, and its primary purpose is to encrypt the files of the infected computer. While researching this infection, we found that it uses Microsoft CryptoAPI algorithm. It executes COM and TaskScheduler commands to keep the infected computer under control. In short, this malicious infection is designed to encrypt the files stored on the infected computer and probably demand the user to pay a ransom. We have found that this Trojan targets cibconline.cibc.com, anz.com, banking.westpac.com.au, ib.nab.com.au, and ibanking.stgeorge.com.au. All things considered, you should get rid of this Trojan from your computer as soon as possible.

In summary, Trickbot Virus is an application that targets banking websites and replaces them with a copy of its own making. Its purpose is to extract money from the users of the infected computer, and if your PC has been infected with Trickbot Virus, then we recommend that you remove it from your PC as soon as possible. You can use the removal instructions below or have our recommended antimalware tool SpyHunter delete it for you. Regardless of the method you choose, this program is highly malicious and should be dealt with as soon as possible.

How to delete Trickbot Virus

  1. Press Windows+E keys.
  2. Enter C:\Users\user\AppData\Roaming in the File Explorer’s address box and hit Enter.
  3. Find 6a7577ce0970dcbacd2009d632ce10ef3ceea784cd92f8bc9f2829bb2601a57a.exe
  4. Right-click it and click Delete.
  5. Enter %WINDIR%\System32\config\systemprofile\AppData\Roaming
  6. Find trick.exe (but the name can be random), client_id, config.conf, and group_tag
  7. Right-click them and click Delete.
  8. Then, go to C:\Windows\System32\config\systemprofile\AppData\Roaming
  9. Find the Modules folder and delete it.
  10. Finally, go to C:\Windows\System32\Tasks
  11. Find the filename Bot and delete it.
  12. Empty the Recycle Bin.
Download Spyware Removal Tool to Remove* Trickbot Virus
  • Quick & tested solution for Trickbot Virus removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.