Malware

Troj/Emotet-COJ removal tips

Malware Removal

The Troj/Emotet-COJ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Emotet-COJ virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Deletes its original binary from disk
  • Attempts to remove evidence of file being downloaded from the Internet
  • Installs itself for autorun at Windows startup
  • Created a service that was not started

How to determine Troj/Emotet-COJ?



File Info:

crc32: EEEFEEBA
md5: 1629a361efd24d41f1445bd4a681d06a
name: 1629A361EFD24D41F1445BD4A681D06A.mlw
sha1: 67633a6741eab0fab24c8afc988623aaa4040fb7
sha256: 95569eba1495c0e763c8c301a875f207fd7b44c1b37c56ac3c4441aca68cef6b
sha512: 478b1412ff39bf3a6b5393b86a61527381012ba51d617203b087b17bb570cf9aa04c969a82e54d192c28b3faad29116c34636188e3f28d95b6c269588584a81c
ssdeep: 3072:/t0kQHEE+CXFaWoBclgQ0S7kNNcaxVTOVi6WXJs+u:wENVW0BS7qcaxKizG
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright xa9 2003 Ariel Productions
InternalName: Advanced Window System
FileVersion: 1, 0, 0, 1
CompanyName: Ariel Productions
PrivateBuild: 
LegalTrademarks: UltimaX, Ariel Productions - All Rights Reserved
Comments: Programmer - James Dougherty
ProductName: Ariel Productions Advanced Window System
SpecialBuild: 
ProductVersion: 1, 0, 0, 1
FileDescription: Advanced Window System
OriginalFilename: Advanced Window System.exe
Translation: 0x0409 0x04b0

Troj/Emotet-COJ also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.Emotet.1027
MicroWorld-eScanTrojan.Agent.EWTQ
McAfeeEmotet-FSD!1629A361EFD2
MalwarebytesTrojan.Emotet
K7AntiVirusRiskware ( 0040eff71 )
K7GWTrojan ( 00577e111 )
Cybereasonmalicious.1efd24
CyrenW32/Emotet.ATB.gen!Eldorado
APEXMalicious
KasperskyHEUR:Trojan-Banker.Win32.Emotet.pef
BitDefenderTrojan.Agent.EWTQ
NANO-AntivirusTrojan.Win32.Emotet.hvsoti
AvastWin32:BankerX-gen [Trj]
RisingTrojan.Kryptik!8.8 (TFE:6:NyO8o4egHmT)
Ad-AwareTrojan.Agent.EWTQ
TACHYONTrojan/W32.Agent.155648.CEZ
EmsisoftTrojan.Emotet (A)
F-SecureTrojan.TR/AD.Emotet.gfy
VIPRETrojan.Win32.Generic!BT
FireEyeTrojan.Agent.EWTQ
SophosTroj/Emotet-COJ
GDataTrojan.Agent.EWTQ
JiangminTrojan.Banker.Emotet.oov
AviraTR/AD.Emotet.gfy
Antiy-AVLTrojan[Banker]/Win32.Emotet
GridinsoftRansom.Win32.Wacatac.oa!s1
ArcabitTrojan.Agent.EWTQ
ViRobotTrojan.Win32.Emotet.155648.W
ZoneAlarmHEUR:Trojan-Banker.Win32.Emotet.pef
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Emotet.R351948
VBA32BScope.Trojan.Zenpak
ALYacTrojan.Agent.Emotet
MAXmalware (ai score=83)
ESET-NOD32Win32/Emotet.CB
TrendMicro-HouseCallTrojanSpy.Win32.EMOTET.SMD4.hp
TencentMalware.Win32.Gencirc.10ce0574
FortinetW32/Emotet.1028!tr
AVGWin32:BankerX-gen [Trj]
PandaTrj/Genetic.gen
MaxSecureTrojan.Malware.11417434.susgen

How to remove Troj/Emotet-COJ?

Troj/Emotet-COJ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment