Do you know what L0rdix is?
L0rdix is a Trojan designed both for data stealing and cryptocurrency mining. According to our computer security specialists, such combination is quite unusual as most of the malicious application alike either steal information or mine cryptocurrencies. Thus, the threat might be extremely dangerous, and if you find it on your system, we recommend not to waste any time and erase L0rdix as soon as possible. The removal guide available below this report will show how you could delete the Trojan manually, but we have to warn you the instructions may not work for everyone. That is because it is very likely there could be lots of different versions of the malware and so it might be safest to get rid of it with a reputable antimalware tool. For more information on this threat, we encourage you to read the rest of our text.
Since L0rdix is being sold on underground hacker forums, which mean sit could have lots of versions, the Trojan could be spread through lots of different channels. The most popular ways to distribute threats alike are probably infected email attachments, malicious pop-ups or software installers, fake updates, and other data downloaded from the Internet. Usually, it comes from Spam emails and untrustworthy file-sharing web pages. Consequently, You should be careful with data from unreliable sources if you do not want to infect your computer accidentally. To identify files that could be malicious software installers you should scan questionable data with an antimalware tool of your choice before opening it. Also, it would be a good idea to keep the chosen security tool up to date so it could detect newer threats too.
L0rdix might settle in by creating files in the %ALLUSERSPROFILE%, %APPDATA%\Microsoft\Network, and %APPDATA%\Microsoft\Windows directories. Of course, since there might be many version of it, the locations and file names could vary, even though our computer security specialists noticed the same pattern in two samples. The first thing it should do after installing itself is to check if the computer’s owner is a regular user or a researcher. The Trojan does so by looking for processes of tools that are popular among researchers. Next, L0rdix should gather information about the infected device and send it to its remote server. Later, it can also transmit other information or data found on the device to the same server. For example, the threat can steal login credentials from Google Chrome, Opera, and other browsers. Plus, it can take screenshots, download files, and so on.
Connection to the remote server may also allow L0rdix to use the victim’s computer for DDoS attacks, infect it with other threats, load websites, execute CMD commands, and so on. All the cybercriminals need to do is give the Trojan a specific command. Restarting the system cannot help as the malicious application restarts with the operating system, which means the only way to stop it is to eliminate it for good. As explained earlier this you can do manually with the removal guide available below, although it is advisable to use a reputable antimalware tool instead since the instructions may not work for everyone.
- Press Windows Key+E.
- Navigate to these locations:
- Look for malicious .exe files called syscall.exe, srcc.exe, and audiohq.exe (names might be random).
- Press Ctrl+Alt+Delete.
- Go to Task Manager.
- Look for processes with the same names (syscall.exe, srcc.exe, and audiohq.exe).
- Right-click these processes and select End Task to kill them.
- Exit Task Manager and go back to the locations listed in the second step.
- Find files named syscall.exe, srcc.exe, and audiohq.exe or similarly again, right-click them and select Delete.
- Check these locations:
- Search for tasks created by the malware, right-click them and select Delete.
- Close File Explorer.
- Empty Recycle Bin.
- Restart the system.
- Check the computer with an antimalware tool to make sure the Trojan is gone.
In non-techie terms:
L0rdix can cause a lot of problems if it enters your system. It can steal various information from your browser and even use your device’s resources to mine cryptocurrencies. Our researchers also say it is even possible the malware could use infected computer to perform the so-called DDoS attacks on various systems. Naturally, if you do not want your device to become a tool of cybercriminals and let hackers steal your sensitive information, you should try to avoid the threat and waste no time if you find it on your system. However, removing it from the computer might not be an easy task. Our computer security specialists say it is currently being sold on the dark web, which means there could be lots of versions of it and each of them could create different files on the infected device. The instructions above show how to get rid of a version that we tested, so if you receive another variant, they may not work for you. This is why it might be best to use a reputable antimalware tool if you want to erase the Trojan for good.