Last weekend (Oct 5-7 2018) a phishing attack was executed via an email that was sent in the name of the Icelandic police. This email was an attack vector for installation of the Remcos-shadesoul trojan, that can infect PCs running the Windows operating system. This tool, RemcosDetector, can detect whether the Remcos-shadesoul trojan has infected your computer.
If you received the email, followed the link and downloaded the file from the phishing site the email linked to, you can use this tool to detect whether your computer has been infected.
Usually we would not recommend running an .exe file directly from the internet. However, this tool detects whether three files are on the file system. The files we search for are the following:
- %userprofile%\AppData\Local\Temp\Windows 93.exe
- %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PrivatacyCleanzer.vbs
- %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UniMP Softwares.vbs
If this tool finds these files on your computer, we recommend you contact a certified service provider.
News about the phishing attack has been reported in the Icelandic media.