How to Check If Your PC Is Infected with Emotet Malware

Emotet Check Featured Picture

Emotet is a really nasty strain of malware that’s been making the rounds for years. It’s a banking trojan that specializes in sneaking onto victims’ computers and stealing their financial information. Because it’s so sneaky, it can be hard to find it lurking on your PC. Let’s explore how to check if your PC is infected with Emotet malware.

1. Using the EmoCheck Tool

Fortunately, Japan CERT has made checking for Emotet easy. They’ve created a tool called EmoCheck, which does a quick and simple scan on your PC.

To use EmoCheck, first head over to the project’s GitHub releases page. Find the latest post on the page, then scroll to its bottom to find the download links. If you just want something you can download and run, grab the x32 or x64 file depending on your operating system type – 32- and 64-bit respectively.

Emotet Check Download

Once you download it, run it. You’ll see this screen:

Emotet Check Emocheck

Once you press a key, the window may vanish. If it does, check where you downloaded the EmoCheck executable to. You should see a new log file.

Emotet Check Log

Double-click it to see a report on whether Emotet is on your PC. Hopefully, it reports a clear slate!

Emotet Check Report

2. Look for Weird Services

Emotet works by creating a service with a random name. This, in turn, then tries to create another service with another random name. As such, if you spot some weird service names appearing, it’s worth doing a deep scrub of your OS.

For Windows, you can check your services by pressing Ctrl + Shift + ESC for the task manager, then clicking the “Services” tab.

Emotet Check Services

Look for any services that are just a random string of numbers. For instance, the following image shows some example Emotet services found by Sophos.

Emotet Check Service Name

If you find these entries, be sure to disconnect your PC from your network and give it a thorough scan with an antivirus program.

3. Keep an Eye on Your Financial Accounts

While waiting for a banking trojan to steal money from you is never a good antivirus precaution, it can be a way to detect if something’s lurking on your computer. As such, if you tend to ignore your bank account and throw out all your statements before reading them, it’s a good idea to keep tabs more often.

Every week or so, be sure to go over all of your bank statements. If you see a purchase that you personally did not make, be sure to phone your bank immediately and get them to cancel your card. Then, disconnect your PC from the network, scrub it with an antivirus, and change your online banking login information.

4. Download and Scan With Decent Antivirus

Speaking of antivirus, it’s always a good idea to both install a good security program and allow it to install its updates. Malware such as Emotet has a tendency to “evolve” and change its code, so it’s a good idea to ensure your antivirus is updated with all the latest virus definitions.

If you’re not sure if your antivirus is up to the task of tracking down Emotet, be sure to read our picks of free and useful antivirus programs.

Staying Safe From Emotet

While Emotet is a pretty nasty strain of malware, there are ways you can protect yourself from it. Now you know four ways to catch Emotet in the act and protect yourself before it does more damage. You may also want to start using Windows Defender to protect yourself, especially from ransomware.

Related:

Simon Batt Simon Batt

Simon Batt is a Computer Science graduate with a passion for cybersecurity.

3 comments

    1. Unlikely, there doesn’t appear to be any reported infections. But it does in fact infect Macs… so in theory it could infect Linux computers.

      Simply searching online would give you the information that you seek.

  1. Thanks for the great tip about emochek tool!

    I did not have it on my computer, thank God and Simon.

    I recommend reading all instructions BEFORE downloading.

    The download is not that easy to find on the GitHub page.

    Look for a GREEN button that says “Download” on one of the several dropdown options on the dropdown menu. It is not on the first page you arrive at.

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.