Emotet malware was automatically removed from infected computers as a result of an operation by European law enforcement officials.
Recall that in January of this year, law enforcement agencies in the Netherlands, Germany, the United States, Great Britain, France, Lithuania, Canada and Ukraine seized control of several hundred botnet servers, turned off its entire infrastructure and stopped malicious activity.
Today at 1:00 PM, our #Emotet-infected machine that had received the special law enforcement file triggered its uninstallation routine.
— Malwarebytes Threat Intelligence (@MBThreatIntel) April 25, 2021
The Dutch police, who have seized control of two central malware servers in the country have deployed a software update to eliminate the Emotet cyber threat.
The process involved sending a 32-bit EmotetLoader.dll payload over the same channels that were used to distribute the original malware to devices.
As part of the cleaning procedure, on April 25, 2021, the malware was removed from devices, including the autorun and process completion registry key.
Malwarebytes has confirmed the successful completion of the removal procedure. As we have shown results of searches Feodo Tracker Abuse.ch, currently none of Emotet servers are in the online mode.