BIOLOAD Removal Guide

Researchers believe that BIOLOAD is one of the newest creations of a financially-motivated group of cybercriminals that are known as FIN7. Same as other hackers’ threats, the malware is a sophisticated tool that is used to attack various companies and not regular home users. It was first noticed in March and July 2019 and might still be active to this day. What makes it a complex and a difficult threat to detect is the way it infiltrates targeted systems. Specialists say that the malware does so by pretending to be a legitimate DLL file. To learn more about how BIOLOAD could enter a system and what it might do after it gets in, we advise reading our full article.

BIOLOAD gets in by placing a malicious DLL file called WinBio.dll. The name is very similar to a legitimate DLL file, which is called winbio.dll. The malware should place the fake file in the same location where the legit DLL should be. Since the malware’s file’s name is in capital letters, the infected system should find it first the next time it searches for winbio.dll. As a result, the infected device’s system should launch the malicious file instead of a legit DLL. This technique is called DLL search order hijacking, and it has been used with other FIN7 created threats too.

According to researchers, BIOLOAD is used to drop another malicious application on an infected device. The second threat is called CARBANAK. It has been used by FIN7 in the past to attack financial institutions and banks. With the help of CARBANAK, the hackers were able to spy on the targeted companies’ employees and learn how to access sensitive systems that would allow cybercriminals to transfer money from them. Thus, failing to protect systems from these malicious applications cost companies lots of money.

Naturally, since the malware masquerades as a legit file, it makes it difficult to detect. In fact, it might be impossible to do so until cybersecurity experts learn such a threat’s infiltration scheme, and antimalware tools get updated so they could recognize malicious files that pretend to be legit. What’s more, reports say that CARBANAK and later BIOLOAD versions have been updated so they would look for various antimalware tools running on infected devices to avoid detection.

All in all, the discussed FIN7 attacks show that the members of this hacking group are skillful. They not only managed to combine new (BIOLOAD) and old (CARBANAK) malicious tools once again, but also performed successful attacks. Therefore, it is likely that they will return with more sophisticated threats in the future. Consequently, ensuring cybersecurity for companies that might be targeted by these cybercriminals should be one of their top priorities. To do this, it is crucial to follow cybersecurity news and remove discovered weaknesses or take recommended precautions as fast as possible.

Lastly, even though we provide deletion instructions below this paragraph, we do not recommend removing BIOLOAD without the help of cybersecurity specialists and legitimate antimalware tools. That is because such malicious applications often go through changes, and we cannot guarantee that our provided steps will work. Plus, following our steps will not remove CARBANAK that could be hiding on a system.

Restart the device in Safe Mode with Networking

Windows 8 and Windows 10

1. Press Win+I or go to the Start menu and click the Power button.
2. Tap and hold Shift and click Restart.
3. Select Troubleshoot and choose Advanced Options.
4. Pick Startup Settings and press Restart.
5. Click the F5 key and reboot the system.

Windows XP/Windows Vista/Windows 7

1. Go to Start, press Shutdown options, and choose Restart.
2. Press and hold the F8 key when your computer is restarting.
3. Wait till the Advanced Boot Options window is loaded.
4. Select Safe Mode with Networking.
5. Press Enter and log on.

Remove BIOLOAD

1. Press Win+E.
2. Go to: %WINDIR%\System32\WinBioPlugIns
3. Search for a malicious DLL file called WinBio.dll.
4. Check if WinBio.dll is malicious file by scanning it with a reliable security tool.
5. Right-click the malicious DLL file and click Delete.
6. Exit File Explorer.
7. Empty Recycle Bin.
8. Restart your computer.