How to remove Aquabot

February 4, 2025

What is Aquabot

Aquabot is a sophisticated botnet variant derived from the notorious Mirai malware framework. It primarily targets Internet of Things (IoT) devices to orchestrate powerful distributed denial-of-service (DDoS) attacks. This botnet exploits multiple security vulnerabilities, including CVE-2024-41710, which is a command injection flaw affecting specific Mitel phone models. Aquabot’s operators continuously evolve its capabilities, adding features like ‘report_kill’, which communicates with the command-and-control server when the botnet process is terminated. This botnet is often marketed as a DDoS-for-hire service, providing cybercriminals with access to its network of compromised devices. By masking itself as legitimate processes, such as ‘httpd.x86’, Aquabot evades detection and termination efforts. The resurgence of such Mirai-based threats highlights the ongoing security challenges posed by inadequately protected IoT devices, often left vulnerable due to outdated software and default credentials.

Aquabot

How Aquabot infected your system

Aquabot, a botnet variant based on the notorious Mirai framework, infects computers by exploiting security vulnerabilities in connected devices. Attackers often target devices with outdated software or default credentials, making them susceptible to intrusion. The infection process typically begins with the deployment of a shell script that retrieves the malicious payload using commands such as ‘wget’, a method frequently aligned with publicly available proof-of-concept exploits. Once the malware is installed, it masks itself under legitimate process names, such as “httpd.x86”, to avoid detection and communicates with a Command-and-Control (C2) server. This communication allows the botnet to receive instructions and execute distributed denial-of-service (DDoS) attacks, adding compromised devices to its network to enhance its attack capabilities. The sophistication of Aquabot is further evidenced by its adaptability and the continuous evolution of its techniques, posing a persistent threat to vulnerable Internet of Things (IoT) devices.

Download Aquabot Removal Tool
Use Windows Malicious Software Removal Tool to remove Aquabot
Use Autoruns to remove Aquabot
Files, folders and registry keys of Aquabot
Other aliases of Aquabot
How to protect from threats, like Aquabot

Download Removal Tool

To remove Aquabot completely, we recommend you to use SpyHunter 5. It can help you remove files, folders, and registry keys of Aquabot and provides active protection from viruses, trojans, backdoors. The trial version of SpyHunter 5 offers virus scan and 1-time removal for FREE.

Download Alternative Removal Tool

Download Norton Antivirus

To remove Aquabot completely, we recommend you to use Norton Antivirus from Symantec. It detects and removes all files, folders, and registry keys of Aquabot and several millions of other malware, like viruses, trojans, backdoors.

Remove Aquabot manually

Manual removal of Aquabot by inexperienced users may become a difficult task because it does not create entries in Add/Remove Programs under Control Panel, does not install browser extensions, and uses random file names. However, there are pre-installed instruments in the Windows system, that allow you to detect and remove malware without using third-party applications. One of them is Windows Malicious Software Removal Tool. It comes with Windows Update in Windows 11, 10, 8. 8.1. For older operating system you can download it here: 64-bit version | 32-bit version.

Remove Aquabot using Windows Malicious Software Removal Tool

Type mrt in the search box near Start Menu.
Run mrt clicking on found item.
Click Next button.
Choose one of the scan modes Quick scan, Full scan, Customize scan (Full scan recommended).
Click Next button.
Click on View detailed results of the scan link to view the scan details.
Click Finish button.

Remove Aquabot using Autoruns

Aquabot often sets up to run at Windows startup as an Autorun entry or Scheduled task.

Download Autoruns using this link.
Extract the archive and run Autoruns.exe file.
In Options menu make sure there are checkboxes near Hide Empty Locations, Hide Microsoft Entries, and Hide Windows Entries.
Search for suspicious entries with weird names or running from locations like: C:\{username}\AppData\Roaming.
Right-click on suspicious entry and choose Delete. This will prevent the threat to run at startup.
Switch to Scheduled Tasks tab and do the same.
To remove files themselves, click on suspicious entries and choose Jump to Entry…. Remove files or registry keys found.

Remove files, folder and registry keys of Aquabot

Aquabot files and folders

{randomname}.exe

Aquabot registry keys

no information

Aliases of Aquabot

no information

How to protect from threats, like Aquabot, in future

bitdefender internet security

Standard Windows protection or any decent third-party antivirus (Norton, Avast, Kaspersky) should be able to detect and remove Aquabot. However, if you got infected with Aquabot with existing and updated security software, you may consider changing it. To feel safe and protect your PC from Aquabot on all levels (browser, e-mail attachments, Word or Excel scripts, file system) we recommend a leading provider of internet security solutions – BitDefender. Its solutions both for home and business users proved to be one of the most advanced and effective. Choose and get your BitDefender protection via the button below:

Download BitDefender

How to remove Hunter (Prince) Ransomware and decrypt .Hunter files

How to remove SpiderParadise Ransomware and decrypt your files

How to remove Hitler_77777 Ransomware and decrypt .[ID-random].[Telegram ID @Hitler_77777].XSHC files

How to remove Revenge Of Heisenberg Ransomware and decrypt your files

How to remove REDKAW Ransomware and decrypt .redkaw files

How to download video from Instagram on iPhone

Top 5 Antivirus programs for Mac in 2023

IObit Advanced SystemCare Review

Combo Cleaner Antivirus Review

CleanMyMac Review