Monday 26 March 2018, Poradnik bezpieczeństwa

TrickBot virus – theft of cryptocurrencies

Lost24

According to the IBM X-Force, the number of attacks with the TrickBot virus has recently significantly increased. The main goal of TrickBot are cryptocurrencies and cash funds accumulated on bank accounts.

The virus infection occurs by installing an application from a suspicious source or via a link received in an SMS message. The infection connects a number of Internet-connected computers into one network, establishes communication with command and control (C&C) servers, and initiate malicious activity, such as distributed denial-of-service (DDoS) attacks.

The malicious Trojan appears to be capable of extracting login information, which might allow it to hijack online banking accounts. If that is done successfully, the infection can then perform illicit transactions and use the victim’s virtual identity in other malicious ways.

The X-Force research team strongly advises using anti-malware software capable of eliminating malware automatically. However, if you want to delete the virus manually, please use the instructions given below:


1. Hold down Win+E.
2. File Explorer’s address box, type C:\Users\{User name}\AppData\Roaming and hit Enter.
3. Locate 6a7577ce0970dcbacd2009d632ce10ef3ceea784cd92f8bc9f2829bb2601a57a.exe
4. Right-click it and click Delete.
5. Type %WINDIR%\System32\config\systemprofile\AppData\Roaming and hit Enter.
6. Locate trick.exe, client_id, config.conf, and group_tag
7. Right-click them and click Delete.
8. Go to C:\Windows\System32\Tasks
9. Locate the filename Bot and delete it.
10. Then, go to C:\Windows\System32\config\systemprofile\AppData\Roaming
11. Locate the Modules folder and delete it.
12. Empty the Recycle Bin.