EmoCheck Finds if Emotet Malware Has Infected Your PC

As reported by Bleeping Computer, Japanese CERT has released an open-source tool to detect whether your Windows PC has been infected by the dangerous banking trojan called Emotet. This tool EmoCheck is available for both 32-bit and 64-bit versions of Windows and displays all the processes that are related to Emotet banking trojan.

EmoCheck is a CLI program and generates a report file that can be inspected later. You can download EmoCheck binary from its GitHub page (https://github.com/JPCERTCC/EmoCheck) and double-click on it to run it. It will display if there are any possible Emotet processes being run on your system.

EmoCheck does not detect the Emotet trojan based on virus signatures or its behavior, but using a possible combination of words used to generate the filename for Emotet malware. This leaves a small possibility that the processes being displayed in its report might not be actually Emotet related processes. Perhaps this is why the program does not automatically terminate these processes and leaves it up to the user to terminate them through Task Manager.


Since the source code of EmoCheck is available on GitHub and the program is coded in C++, it is fairly easy to add process termination lines in the source code itself. For the basic starters, you can add a line to call taskkill command with the PID of the suspected processes. This will save you from the trouble of manually ending and isolating all these processes. The program can be compiled using GCC.

In case, it detects some of the processes related to Emotet malware, you should immediately end those processes and then scan your system with a good antivirus product. There are many good antivirus vendors that also provide emergency scanning tools such as ESET Online Scanner, F-Secure Online Scanner, McAfree Stinger, Panda Cloud Cleaner or Comodo Rescue Disk. It is also suggested that you install a good antivirus software on your PC for continued protection in the future.