ZuluGuru777
asked on
any suggestions for removing trojan.emotet permanently.
our server and all computers have been hit by trojan.emotet virus. are there any available tools to remove the trojan. we have installed Malwarebytes 3 premium which detects and quarenteens the various out breaks. we clean up the exe's that are generated and remove registry settings for them but they come back each time.
Once identified the location of the trozon, its recommended to delete that folder.
Also try to delete internet temporary files.
Also try to delete internet temporary files.
Make sure your desktop shortcuts to iexplorer, firefox, chrome etc, are the default shortcuts and are not pointing to some other page on the internet that will reload the trojan when you launch them, this has happened to me before (other malware tho) after MB and ADW and others have claimed it is all clean (and it is), but the shortcut automatically takes you to those pages where the malware is loaded again.
Also the start folder was messed with, and it had a shortcut to the same address as the browsers, and this was not removed by any utility as it appeared to be a legitimate entry sine it had random name and cannot be identified to any known threat.
Also the start folder was messed with, and it had a shortcut to the same address as the browsers, and this was not removed by any utility as it appeared to be a legitimate entry sine it had random name and cannot be identified to any known threat.
Chances are that it has embedded itself thoroughly in the systems you've detected, and possibly others, and who knows where else. If you simply delete it, it will probably come back.
Shut down the network, erase each afflicted system's drive with Darik's Boot and Nuke or whatever you prefer, then restore from the most recent full backups previous to the infection ... and count yourself lucky that you have full backups, because otherwise it would be reload from scratch time. IMO once a system has been infected it can no longer be trusted no matter how "cleaned up" it was.
Shut down the network, erase each afflicted system's drive with Darik's Boot and Nuke or whatever you prefer, then restore from the most recent full backups previous to the infection ... and count yourself lucky that you have full backups, because otherwise it would be reload from scratch time. IMO once a system has been infected it can no longer be trusted no matter how "cleaned up" it was.
Author - try what I suggested because I have seen it work.
If not, and the virus comes back then I agree with the above that you must reinstall Windows
If not, and the virus comes back then I agree with the above that you must reinstall Windows
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
https://blog.malwarebytes.com/detections/trojan-emotet/
If it keeps coming back, download, install and run Process Explorer from Microsoft Systinternals.
Look under the Explorer tree left side for any alphanumeric processes. Kill these, do NOT restart. Run Malwarebytes again.