Trojan:Win32/Dridex.NA!MTB removal instruction

Malware Removal

The Trojan:Win32/Dridex.NA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan:Win32/Dridex.NA!MTB virus can do?

  • Executable code extraction
  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • Queries information on disks, possibly for anti-virtualization
  • Installs itself for autorun at Windows startup
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Trojan:Win32/Dridex.NA!MTB?


File Info:

crc32: E472DA95
md5: 1082785e3304ebb4bdd4add5623fb35e
name: 1082785E3304EBB4BDD4ADD5623FB35E.mlw
sha1: b9c461bae25cc7ce131350d9a5a0b433b5daed27
sha256: 577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764
sha512: 16436efc6aa97769f3e4290387172a902e08af3eb98272517ff73de4938533af0352a4d1dc034ec43ab7291c0beca968b08023fb2b6d927d496644d6282ee01d
ssdeep: 12288:Bz4ubZCXMtdUKat+YH7/yJ2je3rojGvB/WaEYvWj:pjOMtd1a/yl3KOje
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright xa9 1997-2017 Simon Tatham.
InternalName: PSFTP
FileVersion: Release 0.68
CompanyName: Simon Tatham
ProductName: PuTTY suite
ProductVersion: Release 0.68
FileDescription: Command-line interactive SFTP client
OriginalFilename: PSFTP
Translation: 0x0809 0x04b0

Trojan:Win32/Dridex.NA!MTB also known as:

K7AntiVirusTrojan ( 005746321 )
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Banker1.36839
CAT-QuickHealBackdoor.Konus
ALYacTrojan.Mint.Zamg.O
CylanceUnsafe
ZillyaTrojan.Qshell.Win32.5
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
K7GWTrojan ( 005746321 )
Cybereasonmalicious.e3304e
CyrenW32/Trojan.SNHH-0017
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HHYV
APEXMalicious
AvastWin32:PWSX-gen [Trj]
CynetMalicious (score: 100)
KasperskyVHO:Backdoor.Win32.Androm.gen
BitDefenderTrojan.Mint.Zamg.O
NANO-AntivirusTrojan.Win32.Qshell.idhocd
MicroWorld-eScanTrojan.Mint.Zamg.O
TencentMalware.Win32.Gencirc.10ceac0b
Ad-AwareTrojan.Mint.Zamg.O
SophosML/PE-A + Mal/EncPk-APV
BitDefenderThetaGen:NN.ZexaF.34126.Jy1@aeoJo!hi
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Dropper.hh
FireEyeGeneric.mg.1082785e3304ebb4
EmsisoftTrojan.Mint.Zamg.O (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Qshell.id
AviraTR/Crypt.Agent.mfbto
Antiy-AVLTrojan/Generic.ASMalwS.3107576
MicrosoftTrojan:Win32/Dridex.NA!MTB
GDataTrojan.Mint.Zamg.O
TACHYONBackdoor/W32.Androm.579594
AhnLab-V3Trojan/Win.Dridex.R432381
Acronissuspicious
McAfeeGenericRXPM-KH!1082785E3304
MAXmalware (ai score=82)
VBA32BScope.Trojan.Jorik
MalwarebytesTrojan.MalPack.VAK
PandaTrj/GdSda.A
RisingTrojan.Generic@ML.87 (RDML:L0WEhjKO5u1x5cRjbyJAow)
FortinetW32/Kryptik.HIJR!tr
AVGWin32:PWSX-gen [Trj]

How to remove Trojan:Win32/Dridex.NA!MTB?

Trojan:Win32/Dridex.NA!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment