Newly Released Emocheck Tool Can Detect Systems Infected With Emotet Trojan

A new utility tool called EmoCheck has been released by Japan CERT. It will allow Windows users to easily check if they are infected with the Emotet trojan.

Emotet trojan is one of the most actively distributed malware. It primarily spreads via phishing emails with malicious Word document attachments. These emails pretend to be invoices, shipping notices, account reports, holiday party invites and even information about trending things. The emails are designed in such a way that the victim gets enticed and is tricked into opening the attachment.

Once installed, the trojan utilizes the infected computer to send further spam to potential victims and download other malware onto the computer.

How EmoCheck works?

EmoCheck utility can be downloaded from the Japan CERT GitHub repository. Once downloaded, the tool scans the system for the Emotet trojan and alerts the user if it is found. It also informs under what process ID is the trojan running and the location of the malicious file.

This information will also be saved to a log file located at [path of emocheck.exe]\yyyymmddhhmmss_emocheck.txt. The user can remove the trojan by terminating the processes from Task Manager.