How to check if your PC is infected with Emotet malware

Emotet is a very bad strain of malware that has been around for years. It is a banking Trojan specializing in penetrating victims’ computers and stealing their financial information. Because it is so sneaky, it can be hard to find it hidden on your PC. Let’s explore how to check if your PC is infected with Emotet malware.

1. Using the EmoCheck tool

Fortunately, Japan CERT has made it easier to find Emotet. They created a tool called EmoCheck, which performs a quick and easy scan on your PC.

To use EmoCheck, first navigate to the project GitHub releases page. Find the last article on the page, then scroll down to find the download links. If you just want something that you can download and run, grab the x32 or x64 file depending on your type of operating system – 32 and 64 bit respectively.

Emotet control download

Once you’ve downloaded it, run it. You will see this screen:

Emotet Emocheck controlEmotet Emocheck control

Once you press a key, the window may disappear. If so, check where you downloaded the EmoCheck executable. You should see a new log file.

Emoticon check logEmoticon check log

Double click on it to see a report indicating if Emotet is on your PC. Hope he brings back a clear slate!

Emoticon verification reportEmoticon verification report

2. Look for strange services

Emotet works by creating a service with a random name. This, in turn, then attempts to create another service with another random name. As such, if you spot any weird service names, it’s worth doing a deep clean up of your operating system.

In Windows, you can check your services by pressing Ctrl + Offset + ESC for the task manager, then clicking on the “Services” tab.

Emotet verification servicesEmotet verification services

Look for any services that are just a random string of numbers. For example, the following image shows some examples of Emotet services found by Sophos.

Name of emoticon checker serviceName of emoticon checker service

If you find these entries, be sure to disconnect your PC from your network and scan it deeply with an antivirus program.

3. Keep an eye on your financial accounts

While waiting for a banking Trojan to steal money from you is never a good antivirus precaution, it can be a way to detect if something is lurking on your computer. As such, if you tend to ignore your bank account and throw away all of your statements before reading them, it’s a good idea to keep tabs more often.

Every week or so, be sure to go through all of your bank statements. If you see a purchase that you didn’t personally make, be sure to call your bank right away and ask them to cancel your card. Then disconnect your PC from the network, clean it with an antivirus, and change your online banking login details.

4. Download and scan with a decent antivirus

Speaking of antivirus, it’s always a good idea to both install a good security program and allow it to install its updates. Malware like Emotet tends to “evolve” and change code, so it’s a good idea to make sure your antivirus is up to date with all of the latest virus definitions.

If you are unsure whether your antivirus is up to the task of tracking down Emotet, be sure to read our selection of free and useful antivirus programs.

Stay safe from Emotet

Although Emotet is a pretty nasty strain of malware, there are ways to protect yourself from it. Now you know four ways to catch Emotet in the act and protect yourself before he does more damage. You can also start using Windows Defender to protect yourself, especially against ransomware.

Related:

Simon batt
Simon batt

Simon Batt is a computer science graduate with a passion for cybersecurity.

Is this article useful?

!function(f,b,e,v,n,t,s)
{if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′;
n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t,s)}(window, document,’script’,
‘https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘400239050508508’);
fbq(‘track’, ‘PageView’);

Leave a Reply