If you have unprotected endpoints/machines, you can run Farbar Recovery Scan Tool (FRST) to look for possible Indicators of Compromise (IOC). Emotet cannot propagate without an admin password. If you have an active directory (AD) domain, change the account’s credentials as well as all local administrator account credentials from a known clean computer. It is essential to change account credentials for all user accounts on infected machines to stop propagation.
If a protected endpoint encounters one of the following real-time protection notifications, it may be an indication there is an infected machine on your network. If you have Malwarebytes Endpoint Protection or Malwarebytes Endpoint Security installed on all endpoints/machines that are connected to your network, you are protected. Malwarebytes products help to protect you from Emotet Emotet is commonly spread by email, both using infected attachments as well as by embedded URLs in the email that download this Trojan.ĭue to the way Emotet spreads through your network, any infected machine on the network will re-infect machines which have been previously cleaned when they rejoin the network. Emotet is a banking Trojan that can steal data by eavesdropping on your network traffic.