BIOLOAD Removal Guide

Do you know what BIOLOAD is?

BIOLOAD is believed to be one of the newest malicious applications created by cybercriminals known as FIN7. Cybersecurity specialists say that this Trojan could be targeted at banking institutions and POS (Point of Sale) systems. As you see, FIN7 is a financially-motivated group of hackers, which means they are mostly after their victims’ money. No doubt, successful attacks on banking institutions and POS systems makes it worth their while. If you want to know how this sophisticated threat works and how it might get in, we encourage you to read the rest of this report. Also, we invite you to have a look at the removal guide available below that shows how one could delete BIOLOAD manually. However, we do not recommend using these instructions if you come across this malware. It is safest to delete such Trojans with reputable antimalware tools or with the help of professional cybersecurity experts.

Specialists say that BIOLOAD abuses a specific Windows process during which the operating system looks for a required DLL file and loads it into a specific program. To be more precise, the Trojan abuses this behavior to make a system load a malicious DLL file that is the threat’s launcher in disguise. This fake DLL file should be called WinBio.dll, while the original DLL’s title is winbio.dll. Also, the malware drops the malicious DLL in the same directory titled WinBioPlugins where the original winbio.dll should be. Since the malicious file uses capital letters, it should be higher on the list of files available in the WinBioPlugins folder and so when looking for winbio.dll the infected system should find WinBio.dll first, and launch it instead.

It is vital to stress that to implant the fake DLL file that we just described, the BIOLOAD creators would need either administrator access or a system account. Meaning, hackers behind this threat would need to obtain login credentials that would allow them to access targeted systems as administrators before their attacks. Thus, companies that want to avoid such Trojans have to make sure that their employees use unique and strong passwords as well as do not accidentally reveal such information. To ensure this, we recommend educating employees on cyber security so they would know how to identify and avoid attacks and scams. Of course, there are weaknesses that can be pointed out only by cybersecurity specialists. Consequently, to make sure that no one could hack into your systems you should employ specialists who could detect and help you remove the possible vulnerabilities of your system.

If BIOLOAD gets in, it might drop another malicious application titled Carbanak. It is a backdoor infection that can spy on an infected machine and gather various sensitive information that might be later used to hack into e-payment systems or other systems of a targeted company. The malware is capable of even more as it can perform various commands, such as erase data, reboot a system, download file, and other actions that may help attacks to perform a successful attack. For example, in 2013 Carbanak was used to spy on infected devices and collect information that would allow hackers access targeted systems same way as the targeted companies’ employees would. Knowing this, it is best to eliminate Carbanak before it manages to do anything. Of course, you should delete BIOLOAD too.

The removal guide placed below shows how to erase one of these threats. Besides, the task could be too challenging, which is why we advise using a reputable antimalware tool instead that could eliminate BIOLOAD and Carbanak too.


  1. Restart the computer in Safe Mode with Networking.
  2. Press Windows Key+E.
  3. Navigate to: %WINDIR%\System32\WinBioPlugIns
  4. Find a DLL file called WinBio.dll.
  5. Make sure that WinBio.dll is a malicious file, for example, by scanning it with a reputable antimalware tool.
  6. Right-click the malicious DLL file and select Delete.
  7. Close File Explorer.
  8. Empty Recycle Bin.
  9. Check your computer with a legitimate antimalware tool.
  10. Restart your computer.

In non-techie terms:

BIOLOAD is a sophisticated Trojan infection that might be used to attack banking institutions and POS systems. Cybersecurity specialists believe the malware belongs to a hacking group known as FIN7 because the malicious application seems to be very similar to the other threats created by the same cybercriminals. Also, it appears that BIOLOAD carries another infection known as Carbanak and drops it on its infected systems soon after entering them. Carbanak is the same malicious application that allowed hackers to steal around 1 billion US dollars from a hundred of different financial institutions and e-payment systems in 2013. Thus, cybercriminals are probably hoping this malware will help them steal a lot of money again. Naturally, if you do not want to be their next victim, you should do all that you can to protect your system and erase it at once if you notice it on your devices. As said above, our provided removal guide shows how one could delete BIOLOAD manually, but it would better to use a reliable antimalware tool instead that could take care of other possible threats too.