Remove “Drive by exploit” Bitcoin Email Malware

“Drive by exploit” Email in Depth

You will receive an Email explaining that you have been hacked and you must pay in Bitcoin:

Hi, I’m a hacker and programmer, I know one of your password is: *******************
Your computer was infected with my private malware, because your browser wasn’t updated / patched, in such case it’s enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more – Google: “Drive-by exploit”. 
My malware gave me full access to all your accounts (see password above), full control over your computer and it was possible for me to spy on you over your webcam. 
I collected all your private data, recorded few videos of you (through your webcam) and I RECORDED YOU SATISFYING YOURSELF!!! 
I can publish all your private data everywhere, including the darknet, where the very sick people are and the videos of you, send them to your contacts, post them on social network and everywhere else!
Only you can prevent me from doing this and only I can help you out, there are no traces left, as I removed my malware after my job was done and this email(s) has been sent from some hacked server… 
The only way to stop me, is to pay exactly 800$ in bitcoin (BTC). 
It’s a very good offer, compared to all that HORRIBLE shit that will happen if you don’t pay! 
You can easily buy bitcoin here: www.paxful.com , www.coinbase.com , or check for bitcoin ATM near you, or Google for other exchanger. 
You can send the bitcoin directly to my wallet, or create your own wallet first here: www.login.blockchain.com/en/#/signup/ , then receive and send to mine. 
My bitcoin wallet is:
Copy and paste it, it’s (cAsE-sEnSEtiVE) 
You got 3 days time. 
As I got access to this email account, I will know if this email has been read. 
If you get this email multiple times, it’s to make sure that you read it, my mailer script is configured like this and after payment you can ignore it. 
After receiving the payment, I remove all your data and you can life your live in peace like before. 
Next time update your browser before browsing the web! 

“Drive by exploit” Email  is a very dangerous software piece that was recently detected by a number of security experts and we are here to tell you the most important things you ought to know about this new threat so that you can successfully and effectively protect your computer against it. It is highly likely that the majority of the readers of this post are here exactly because of a recent infection with “Drive by exploit”. If this malicious software piece has somehow gotten inside of your computer as well, know that you should definitely not waste any time – quick action towards ridding your computer of the infection is the best course of action in such a situation. However, before we show you what you can try in order to eradicate this dangerous program, we should first tell you a bit more about the nature of this virus and what it may be used to do inside your system.

Is “Drive by exploit” dangerous?

“Drive by exploit” Malware is one of the infamous Trojan Horse infections – this means a couple of things. First and foremost, it means that you are lucky you’ve managed to spot that it has infected your computer. In many instances, the Trojans are able to infiltrate a system and operate inside of it without the computer’s user noticing anything. This may allow such an infection to carry out its harmful activities for days, weeks and months before its victim notices anything or before the malware’s task gets completed and there’s nothing much that the virus needs to do. However, since you are here, then you can at least take some precautions since you already know that your computer has been infiltrated by this Trojan.

However, what exactly is it that you are trying to prevent? What can this infection do to your computer? Well, this question may actually have many answers since the Trojans are oftentimes not limited to a single task or purpose. In many cases, a virus like “Drive by exploit”, Idle Buddy or “You got infected with my malware” can carry out several harmful processes in the system. For example, a Trojan may try to get hold of your sensitive banking details and social media data, it may monitor your activities on your machine and it may even use your webcam to spy on you while you are in your room! Also, Trojans are well known for establishing whole botnets of machines infected by them and then using those computers for shady tasks such as mass spam campaigns and DDoS attacks. A Trojan can also oftentimes have the ability to backdoor other infections inside the machine that it has infiltrated. And those are only a small part of all the possible ways in which such threats can be used. Sadly, due to insufficient data on “Drive by exploit” Bitcoin Email, we are still unable to tell you the specific goals for which “Drive by exploit” may get used. Regardless of its purpose, however, it is essential that you remove this infection as soon as you notice that it is in your system. You can find help on eliminating the nasty Trojan inside the following list of instructions.

SUMMARY:

Remove “Drive by exploit” Bitcoin Email Malware

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to “Drive by exploit”

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the “Drive by exploit”.

4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and “Drive by exploit” , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – “Drive by exploit”

Type each of the following locations in the Windows search box and hit enter to open the locations:

%AppData%

%LocalAppData%

%ProgramData%

%WinDir%

%Temp%

Delete everything you see in Temp linked to “Drive by exploit” Bitcoin Email. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.