Dridex virus detection

This article will show you how to scan a Windows computer for the Dridex computer virus.

Running the detection tool

The helpful folks over at lexsi.com have developed a Dridex detection tool which you can download and use for free.

 About this tool
Automatically identifying Dridex on a computer can be difficult, so this tool is provided as is and with no guarantee. This tool scans your computer for Dridex symptoms and alerts you if it finds anything suspicious - it does not clean or remove the virus from your computer should you be infected.
  1. Download the Dridex detection and cleaning tool (currently version 3) to your Documents or Desktop.
  2. Extract the .zip folder using the password from the Lexsi website (found under the Detection heading). You should now see a new file named DridexDetector.exe - but don't run it just yet.
  3. You must now now restart your computer in safe mode.
  4. Once in safe mode, go to the DridexDetector.exe file and right-click it, and then select Run as administrator.
  5. If User Account Control pops up, click Yes.
  6. The scan will now run - this should only take a few seconds.
  7. If you see [ Found ] in the results then your computer is infected.
  8. If you see [ Not Found ] your computer should be clean.

What to do if your computer is infected

For non-University supplied computers

Currently the only guaranteed way to remove the Dridex virus is to format the hard disk of the infected computer and perform a fresh install of Windows.

Do NOT use System Restore, this simply reinstalls the Dridex virus.

For University-supplied computers

Please alert your Department's IT support contact.

Additional information

Still need help?

Submit a support ticket →