How to remove Lucifer trojan

What is Lucifer malware

Lucifer malware is a hybrid threat that combines the capabilities of cryptojacking and Distributed Denial of Service (DDoS) attacks. It targets Windows devices by exploiting a range of old and critical vulnerabilities to spread and perform malicious activities. The malware was first observed in late May 2020, with its campaign still active and evolving to include upgraded variants. To remove Lucifer malware, it is crucial to apply updates and patches to the affected software. This includes ensuring that all known vulnerabilities exploited by Lucifer are patched to prevent further infections. Security software capable of detecting and blocking exploit attempts from this malware family should be used. Palo Alto Networks Next-Generation Firewalls, for example, can detect and block these exploit attempts. Additionally, maintaining strong password policies and having a layer of defenses can help mitigate the risk posed by Lucifer. For systems already infected, using reputable antivirus or anti-spyware software to scan and remove the malware is recommended. It’s important to note that removing the malware will not decrypt files affected by any ransomware component of Lucifer. Restoring from backups, if available, is the only way to recover encrypted files.

How Lucifer malware infected your system

Lucifer leverages a variety of weaponized exploits against vulnerable Windows hosts. It scans for open TCP ports 135 (RPC) and 1433 (MSSQL) and attempts to gain access by trying commonly used credentials. It also uses Equation Group exploits, such as EternalBlue, EternalRomance, and the DoublePulsar backdoor, for intranet infections. The malware is capable of self-propagation through the exploitation of multiple vulnerabilities, including but not limited to CVE-2014-6287, CVE-2018-1000861, CVE-2017-10271, CVE-2018-20062, CVE-2018-7600, CVE-2017-9791, CVE-2019-9081, CVE-2017-0144, CVE-2017-0145, and CVE-2017-8464. Once a machine is infected, Lucifer proceeds to gain persistence by setting specific registry key values and begins its operation by launching several threads for its malicious activities.

1. Download Lucifer malware Removal Tool
2. Use Windows Malicious Software Removal Tool to remove Lucifer malware
3. Use Autoruns to remove Lucifer malware
4. Files, folders and registry keys of Lucifer malware
5. Other aliases of Lucifer malware
6. How to protect from threats, like Lucifer malware

Remove Lucifer malware manually

Manual removal of Lucifer malware by inexperienced users may become a difficult task because it does not create entries in Add/Remove Programs under Control Panel, does not install browser extensions, and uses random file names. However, there are pre-installed instruments in the Windows system, that allow you to detect and remove malware without using third-party applications. One of them is Windows Malicious Software Removal Tool. It comes with Windows Update in Windows 11, 10, 8. 8.1. For older operating system you can download it here: 64-bit version | 32-bit version.

Remove Lucifer malware using Windows Malicious Software Removal Tool

1. Type mrt in the search box near Start Menu.
2. Run mrt clicking on found item.
3. Click Next button.
4. Choose one of the scan modes Quick scan, Full scan, Customize scan (Full scan recommended).
5. Click Next button.
6. Click on View detailed results of the scan link to view the scan details.
7. Click Finish button.

Remove Lucifer malware using Autoruns

Lucifer malware often sets up to run at Windows startup as an Autorun entry or Scheduled task.

1. Download Autoruns using this link.
2. Extract the archive and run Autoruns.exe file.
3. In Options menu make sure there are checkboxes near Hide Empty Locations, Hide Microsoft Entries, and Hide Windows Entries.
4. Search for suspicious entries with weird names or running from locations like: C:\{username}\AppData\Roaming.
5. Right-click on suspicious entry and choose Delete. This will prevent the threat to run at startup.
6. Switch to Scheduled Tasks tab and do the same.
7. To remove files themselves, click on suspicious entries and choose Jump to Entry…. Remove files or registry keys found.

Remove files, folder and registry keys of Lucifer malware

Lucifer malware files and folders


{randomname}.exe


Lucifer malware registry keys


no information


Aliases of Lucifer malware

How to protect from threats, like Lucifer malware, in future

Standard Windows protection or any decent third-party antivirus (Norton, Avast, Kaspersky) should be able to detect and remove Lucifer malware. However, if you got infected with Lucifer malware with existing and updated security software, you may consider changing it. To feel safe and protect your PC from Lucifer malware on all levels (browser, e-mail attachments, Word or Excel scripts, file system) we recommend a leading provider of internet security solutions – BitDefender. Its solutions both for home and business users proved to be one of the most advanced and effective. Choose and get your BitDefender protection via the button below: