DanaBot

DanaBot appears to be a newly developed banking Trojan that is targeted mostly at users living in Australia. Our researchers report the malicious program could cause a lot of trouble since it was programmed to collect information related to the victim’s banking account or other sensitive data. Therefore, if you live where the malware is currently being distributed, we would advise you to be extra careful. Of course, to understand how to protect your system from such a threat one needs to know how it is being distributed. To learn how DanaBot could enter the computer and how it might work or what troubles it could cause, you should continue reading our article. At the end of it, we will place instructions prepared to explain to users how to get rid of this Trojan manually. Needless to say, if the task looks complicated and you doubt you can manage it might be easier to download a reliable antimalware tool.

To start with, it was confirmed DanaBot might be traveling via emails containing malicious URL addresses. Meaning, clicking on the harmful links sent by the malware’s creators may start the Trojan’s downloading. Such emails could claim to be from the user’s bank or other services the user might be using or be anyhow related to. No doubt, to make the emails look legitimate they may imitate the companies’ they are pretending to be style, show their logos, etc. What should raise the suspicion is the email may ask to open invoices or other documents by clicking given links. Thus, if you see an email asking you to interact with any links you should be extra cautious. For starters, we would advise contacting the company requesting it to find out whether it is not a scam. Obviously, one should contact the mentioned company by obtaining contacts from its official site or other trustworthy sources instead of depending on the phone numbers or emails given on the supposedly fake email message. Besides, to make the system less vulnerable to such attacks users could install reputable antimalware tools. To make sure they can detect the potential threats one should always keep the tool activated and up to date.

Unfortunately, if the user clicks on the malicious link, the Trojan might settle in in a couple of minutes without the user even realizing it. At first, it could drop its installer in the Downloads, Desktop, or Temporary files directories. For example, it might be a randomly named text document. What’s more, our researchers learned the malware may create a randomly titled folder and a DLL file as well (both of them should be placed in the %ALLUSERSPROFILE% directory). After settling in, DanaBot may hide in the background and steal various sensitive information. According to specialists, the cybercriminals may try to collect data that they could monetize later on instead of asking users to pay a ransom. In case, the malicious program manages to obtain the user’s login information, the hackers behind it may also steal various accounts. One way or the other its appearance on the system could cause multiple troubles depending on the data that gets taken. No doubt, DanaBot might be able to obtain a lot of sensitive data if it stays for long, which is why it is so important to erase it the moment you realize it infected the system.

There are two ways to get rid of the malicious program. It seems to us given the threat is still somewhat new and might be updated, it would be smartest to remove it with a reliable antimalware tool. In such case, the chosen tool may detect the files belonging to DanaBot automatically, and they could be erased at the same time by pressing the provided deletion button. However, if the user decided to eliminate it manually and it appears to be the malware have created more files than our instructions list it is possible the Trojan could recover or still pose a threat. Still, if you wish to erase the malicious program manually, you should take a look at the instructions located at the end of this article.

Remove DanaBot

1. Open File Explorer (Win+E).
2. Navigate to Desktop, Downloads, or Temporary Files.
3. Look for suspicious documents that could have .exe extensions.
4. Right-click such data and press Delete.
5. Go to %ALLUSERSPROFILE%
6. Find a folder with a random title, for example, E87RL53V.
7. Right-click it and pick Delete.
8. Then look for a DLL file with a random title, for example, 19357276.dll.
9. Right-click it and select Delete.
10. Close the Explorer.
11. Empty Recycle bin.
12. Restart the computer.