Skip to main content
Published Jul 23, 2014 | Updated Jan 05, 2022

Trojan:Win32/Emotet

Detected by Microsoft Defender Antivirus

Aliases: W32/Trojan.ENPO-5670 (Command) Trojan-Ransom.Win32.Foreign.kurp (Kaspersky) winpe/Kryptik.CDSJ (Norman) TR/Agent.BDBT.1 (Avira) Trojan.DownLoader11.10009 (Dr.Web) Win32/TrojanDownloader.Agent.AOJ (ESET) W32/Agent.AOJ!tr (Fortinet) Troj/Ransom-AHN (Sophos) W32.Cridex.B (Symantec) TROJ_DLOADR.BDL (Trend Micro)

Summary

Microsoft Defender Antivirus detects and removes this threat.

Emotet is an advanced malware family that typically spreads through phishing emails with malicious attachments.

Emotet was initially designed as a banking trojan to steal user's banking credentials, enabling attackers to initiate fraudulent online fund transfers. Over time, Emotet has evolved as a commodity malware and is known for its malware-as-a-service model, facilitating the delivery of secondary malware such as Trickbot, Qakbot, or Ryuk ransomware.

Read the following Microsoft security blogs:

Microsoft Defender Antivirus  automatically removes threats as they are detected. If you have cloud-delivered protection, your device gets the latest defenses against new and unknown threats. If you don't have this feature enabled, update your antimalware definitions and run a full scan to remove this threat.

  • Run a full antivirus scan on the device.
  • Check the source of infection through the device timeline, as the trojan might have entered via direct link download in an email or via a malicious Office document.
  • Turn off Microsoft Office macros, and enforce “Protected View” if possible because this threat often takes advantage of the ability to socially engineer users into clicking "Enable Macros" or to not enable “Protected View” as a way to launch arbitrary code.
  • Remove admin privileges where possible, as this trojan often misuses administrative privileges to turn off antivirus software using native OS commands.

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

Follow us