Aliases: No associated aliases
Windows Defender Antivirus detects and removes this threat.
This threat is distributed from spammed fake invoice email messages with a .pdf file attachment. The .pdf file attachment has a link that points to a JS file, which, when you are socially-engineered to click, downloads and executes the banking trojan. Downloading the banking trojan in your PC opens the gate for the malicious perpetrator to steal your banking information.
Learn how artificial intelligence in Windows Defender AV protects you from this threat before it even reaches your computer: How artificial intelligence stopped an Emotet outbreak
For information on defending enterprise environments from this threat, read: Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks
Use the following free Microsoft software to detect and remove this threat:
You should also run a full scan. A full scan might find hidden malware.
Use cloud protection
Use cloud protection to help guard against the latest malware threats. It’s turned on by default for Microsoft Security Essentials and Windows Defender Antivirus for Windows 10.
Go to Settings > Update & security > Windows Defender > Windows Defender Security Center > Virus & threat protection and make sure that your Cloud-based Protection settings is turned On.
Get more help
If you’re using Windows XP, see our Windows XP end of support page.