In January, the FBI, along with other law enforcement agencies around the world has recalled that the Emotet malware was automatically has been removed from all the infected computers.
The law enforcement agencies that are involved in this operation were from the Netherlands, Germany, the United States, Great Britain, France, Lithuania, Canada, and Ukraine.
According to the report, the agencies have managed to seized control over several hundred botnet servers; not only this, but the agencies have also turned off their entire infrastructure and have stopped all its malicious activities.
The law enforcement officers have used all their access to the Emotet control servers; as per the report, this malware has come under the control of the German Federal Criminal Police Office.
How the Uninstaller of Emotet Malware Works?
After trying so hard, the law enforcement agencies managed to stop the malware. But now the question arises that how the Emotet uninstaller works?
Once the law enforcement has identified the malware, the German federal police agencies implemented a very new Emotet module in the form of a 32-bit EmotetLoader.dll.
After implementing the module to all infected systems, the experts affirmed that it would eventually uninstall the malware on April 25th, 2021.
Once the security analysts changed the system clock on a test machine, they detected that the uninstaller only deletes the associated Windows services.
However, the Emotet uninstaller autoruns the Registry keys and then exits the process, and they left all other things on the infected or compromised machines.
Federal Police (Germany) is Behind the Emotet Uninstaller Module
The federal police agency of Germany had created a situation that will make the malware Emotet to be quarantined in the computer systems that the Emotet malware has compromised.
While Europol claimed that the German Bundeskriminalamt (BKA) federal police agency was responsible for generating and pushing the uninstall module and creating such a situation.
Not only this but the US Department of Justice (DOJ) has also agreed and asserted that the Bundeskriminalamt pushed the uninstaller module on the systems that were compromised by Emotet malware.
Purpose and Recommendation
The infrastructure that was present behind the Emotet is already being controlled by law enforcement, so the bots are not able to implement any other malicious operation.
All the victims of Emotet malware have been suggested to update their system, as it replaces the former one. Once the victims are done with the update process, their system will eventually get aware of its installation paths and be able to clean the machine.
However, Foreign law enforcement has been working along with the FBI and has replaced the Emotet malware on servers that have been located in their jurisdiction with a file that was initially created by the law enforcement.