emPSN - East Midlands Public Services Network 01604 879869
Back to Knowledge Base

Malware Removal – Emotet TrikBot

emotet is also known as: HPmal/Emotet-C, HPmal/TrikBot-G, Mal/EncPk-AN, HPmal/Crushr-AU, Troj/Inject-DTW, Troj/LnkRun-T

Emotet was originally designed as a banking trojan (stealing account credentials) but has evolved to supporting spamming on its own as well as the downloading of other malware.

Emotet is also an uploader. Traditionally the payloads have mostly been banking Trojans, with TrickBot being the most prevalent. Other payloads have included Qbot, Dridex, IcedID. There is also a connection between Emotet and a very dangerous targeted ransomware family called BitPaymer.

For more information on this botnet, and mitigation strategies, please see:

  1. US CERT
  2. Malwarebytes Emotet Introduction
  3. Emotet removal (Sophos)
  4. Emotet Removal (Malwarebytes)

Norton Power Eraser is a free tool and doesn’t require installation. It just needs to be downloaded and run. One of our team has tested the tool with Zeus, Ice-X, Citadel, ZeroAccess and Cutwail. It was able to detect and clean up the system in each case. It probably works with many other infections.

If Microsoft Windows Defender is available to you, use it!

Back to Knowledge Base