L0rdix

L0rdix is a pretty unique infection, in a sense that it has been built to mine crypto-currency and, at the same time, steal data. While both of these activities can be linked to hundreds of malicious infections separately, our research team indicates that there are not many threats that can do both. It targets vulnerable Windows operating systems, and it might even invade those systems that have anti-malware software installed on them. Needless to say, that makes it particularly dangerous. That being said, the situation is not hopeless, and Windows users can definitely take actions to ensure that this devious and malicious Trojan cannot invade. First and foremost, it is crucial to rethink cyber security. Is the anti-malware tool installed on your system reliable and powerful? If you doubt it, find an up-to-date tool that will ensure full-time security and ensure that you do not need to remove L0rdix. Of course, if you discover that you need to delete this threat, we have a few tips for you.

At the time of research, L0rdix was actively sold on underground hacker forums, which means that many different variants of this malware could exist, and those controlling it could use it in all kinds of ways. Some attackers could use the Trojan to target specific companies and institutions, while others might go after regular Windows users with vulnerable systems. L0rdix is a 32-bit application that has been obfuscated using ConfuserEx, a well-known obfuscator for .NET applications. Although the code of this malware could be modified by those using it, the main functionalities that we have observed include evading analysis by detecting analysis tools. The infection can also collect information about the infected computer, including hardware, operating system, and antivirus-related information. The Trojan can even capture screenshots and send them to a remote C&C server. All data is encrypted using an AES encryption algorithm. Once basic information is recorded and shared with the attackers, commands can be sent from the C&C server, which might allow L0rdix to download, execute, and delete files, create and kill processes, open URLs, and even initiate DDoS attacks.

There is no doubt that stealing information is one of the most important tasks for L0rdix. According to our research team, this Trojan can extract information embedded within Amigo, Chrome, Comodo, Kometa, Opera, Orbitum, and Torch web browsers, and that includes saved login credentials (passwords and usernames), as well as web cookies that might contain sensitive information. Besides the theft of private data, L0rdix can also steal assets from crypto-currency wallets, which might include Bitcoin, Doge, Ethereum, Litecoin, Monero, and Ripple. Speaking of crypto-currency, we must not forget that the Trojan also has mining capabilities. A virtual miner is a tool that computes mathematical problems to earn crypto-currency. To facilitate the process, the CPU of the infected machine is drained, which, in most cases, affects the functionality of the machine itself. That means that your computer should start running slower, freeze, and, possibly, even crash. When analyzing the Trojan, it ran a malicious code through a legitimate process and it utilized a legitimate program (%WINDIR%\System32\attrib.exe) to enable mining.

It is hard to discuss the removal of L0rdix because this malware might have many different variants, and they all could act in different ways. The sample we tested created malicious files in the directories listed in the manual removal guide below. Also, scheduled tasks were created. Unfortunately, the names of the files and the tasks were random, and so detecting and deleting L0rdix can be very complicated. Of course, manual removal is completely optional, and users can always choose to employ anti-malware software. This software is designed to find and delete all malware components. However, you must remember that the devious Trojan might be capable of circumventing detection by antivirus tools, which means that the software you install must be top-notch. The best part about anti-malware software is that once it is done deleting existing threats, it can keep the operating system protected in the future. You just have to make sure that the tool is up-to-date. When it comes to updates, do NOT skip them when they come because that is how all security backdoors and vulnerabilities are patched up.

L0rdix Removal

1. Tap Win+E to launch Windows Explorer.
2. Enter %ALLUSERSPROFILE% into the quick access field.
3. Right-click and Delete malicious [unknown name].exe file.
4. Enter %APPDATA%\Microsoft\Network\ into the quick access field.
5. Right-click and Delete malicious [unknown name].exe file.
6. Enter %APPDATA%\Microsoft\Windows\ into the quick access field.
7. Right-click and Delete malicious [unknown name].exe file.
8. Enter %WINDIR%\System32\Tasks\ into the quick access field.
9. Right-click and Delete malicious [unknown name] tasks.
10. Enter %WINDIR%\Tasks into the quick access field.
11. Right-click and Delete malicious [unknown name] tasks.
12. Empty Recycle Bin and then conduct a full system scan using a legitimate malware scanner.
13. If malicious threats are detected, Delete them ASAP.