"Scotiabank Email Virus" removal guide
What is "Scotiabank Email Virus"?
"Scotiabank Email Virus" is a scam that is proliferated using spam campaigns. The main goal of scammers behind this scam is to infect computers with a high-risk computer infection - the TrickBot trojan virus. To achieve this, they attempt to trick "Scotiabank Email Virus" email recipients to open the included attachment. Generally, opening malicious attachments (or web links) presented in emails of this type results in download and installation of various malicious programs. We advise you to ignore this and other similar emails. Never trust these bogus email messages.
Scammers behind this email claim to be representatives of Scotiabank, a commercial banking company. They present this email as an alert regarding a mismatch between a wired funds transfer and an associated account. They state that they received an incoming wire of CAD $18,324.67 from a company called NetSystems TECHNOLOGY UK. The message states that the sender supposedly failed to provide a correct CAD account number. Scammers encourage recipients of this email to check the details provided in the attachment Excel document ("190122S6909500.xlsm" file). As mentioned above, the attachment presented in this email is malicious. If opened, it will ask to enable macros commands. Enabling them causes download and installation of the aforementioned TrickBot malicious program. This program is categorized as a trojan-type malware that steals people's private details/information. It usually targets logins, passwords of cryptocurrency wallets, bank accounts, and other personal accounts. Generally, having a computer infected with this malicious program can lead to serious problems (including financial loss), however, newer versions of this program are capable of locking the computer screen, hijacking various applications, recording browsing-related information, etc. To avoid these problems, be careful with emails of this type and do not open presented attachments or web links.
TrickBot is not the only high-risk computer infection that is proliferated using spam campaigns. Computers might be infected through many other malicious programs such as Adwind, LokiBot, Emotet, etc. Many spam campaigns are used to spread these infections. Examples of email scams similar to "Scotiabank Email Virus" include "Verizon Email Virus", "Unicredit Bank Email Virus", and "Love Letter". Typically, cyber criminals use these campaigns to infect computers with malware, which is usually designed to steal data that can be used to generate revenue (thus causing financial loss for the victims).
How did "Scotiabank Email Virus" infect my computer?
Cyber criminals can cause damage using the "Scotiabank Email Virus" scam only if its recipients open the presented Microsoft Excel document and enable macros commands. Once this is done, computers are infected with the aforementioned TrickBot malicious program. Note that newer MS Office versions (later than 2010) can prevent computers from being infected by malicious attachments. Earlier versions do not include 'Protected View Mode'. Malicious MS Office documents are often used for these dubious purposes, however, other files can also be used to cause such computer infections. Note that none of these spam campaigns can harm systems without first opening the presented attachment (or website link that leads to it).
How to avoid installation of malware?
To keep your computer safe from TrickBot and many other computer infections, take precautions when dealing with received emails that seem suspicious or irrelevant. If such an email contains an attachment (or website link), we strongly recommend that you ignore it. Many scammers hide behind the names of popular companies, however, do not be fooled - these emails can never be trusted. Download, install and update all software using official tools or sources. Third party software download/install tools, peer-to-peer networks (P2P), and other such tools are used by cyber criminals who employ them to proliferate computer infections. Avoid software cracking tools, since it is illegal to use them. Furthermore, cyber criminals often use them to cause installation of malicious programs. Finally, have a reputable anti-virus or anti-spyware program installed and ensure that it is enabled at all times. Programs of this type usually detect threats (infections) before they can harm operating systems. If you have already opened a "Scotiabank Email Virus" attachment, we recommend running a scan with Spyhunter for Windows to automatically eliminate infiltrated malware.
Text presented in the "Scotiabank Email Virus" email message:
Subject: ALERT – BB Wire: Extra Due Diligence* RE: Incoming Wire Name and Account Mismatch
We received an incoming wire in CAD $18,324.67 from NetSystems TECHNOLOGY UK. The sender has provided an incorrect CAD account number, please see details attached.
Can you kindly advise if the funds needs to be credited to your CAD account?
Wire ID : 190122S6909500
Sending Customer Name: NetSystems TECHNOLOGY UK
Beneficiary Transit Number: 1020
Beneficiary Account Number:742475 ???
Currency and Amount: CAD 18,324.67
Penny Tam | Corporate Cash Management Officer | ScotiaBank
Plaza 44 King Street | West Toronto | Ontario M5H 1H1
T: 416-982-6132 | F: 416-944-5891 | Toll Free 1-844-228-3458
Malicious attachment distributed via "Scotiabank Email Virus" spam campaign:
Instant automatic removal of TrickBot virus:
Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Spyhunter is a professional automatic malware removal tool that is recommended to get rid of TrickBot virus. Download it by clicking the button below:
- What is "Scotiabank Email Virus"?
- STEP 1. Manual removal of TrickBot malware.
- STEP 2. Check if your computer is clean.
How to remove malware manually?
Manual malware removal is a complicated task - usually it is best to allow antivirus or anti-malware programs to do this automatically. To remove this malware we recommend using Spyhunter for Windows. If you wish to remove malware manually, the first step is to identify the name of the malware that you are trying to remove. Here is an example of a suspicious program running on a user's computer:
If you checked the list of programs running on your computer, for example, using task manager, and identified a program that looks suspicious, you should continue with these steps:
Download a program called Autoruns. This program shows auto-start applications, Registry, and file system locations:
Restart your computer into Safe Mode:
Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer start process, press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, and then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Windows 8 users: Start Windows 8 is Safe Mode with Networking - Go to Windows 8 Start Screen, type Advanced, in the search results select Settings. Click Advanced startup options, in the opened "General PC Settings" window, select Advanced startup. Click the "Restart now" button. Your computer will now restart into the "Advanced Startup options menu". Click the "Troubleshoot" button, and then click the "Advanced options" button. In the advanced option screen, click "Startup settings". Click the "Restart" button. Your PC will restart into the Startup Settings screen. Press F5 to boot in Safe Mode with Networking.
Video showing how to start Windows 8 in "Safe Mode with Networking":
Windows 10 users: Click the Windows logo and select the Power icon. In the opened menu click "Restart" while holding "Shift" button on your keyboard. In the "choose an option" window click on the "Troubleshoot", next select "Advanced options". In the advanced options menu select "Startup Settings" and click on the "Restart" button. In the following window you should click the "F5" button on your keyboard. This will restart your operating system in safe mode with networking.
Video showing how to start Windows 10 in "Safe Mode with Networking":
Extract the downloaded archive and run the Autoruns.exe file.
In the Autoruns application, click "Options" at the top and uncheck the "Hide Empty Locations" and "Hide Windows Entries" options. After this procedure, click the "Refresh" icon.
Check the list provided by the Autoruns application and locate the malware file that you want to eliminate.
You should write down its full path and name. Note that some malware hides process names under legitimate Windows process names. At this stage, it is very important to avoid removing system files. After you locate the suspicious program you wish to remove, right click your mouse over its name and choose "Delete".
After removing the malware through the Autoruns application (this ensures that the malware will not run automatically on the next system startup), you should search for the malware name on your computer. Be sure to enable hidden files and folders before proceeding. If you find the filename of the malware, be sure to remove it.
Reboot your computer in normal mode. Following these steps should remove any malware from your computer. Note that manual threat removal requires advanced computer skills. If you do not have these skills, leave malware removal to antivirus and anti-malware programs. These steps might not work with advanced malware infections. As always it is best to prevent infection than try to remove malware later. To keep your computer safe, install the latest operating system updates and use antivirus software.
To be sure your computer is free of malware infections, we recommend scanning it with Spyhunter for Windows.