How to Remove the BRT Email Virus?

Trojan Horse SecurityThreat

Click to download Outbyte Avarmor, a progressive anti-malware software, optimized for Windows 10 and 11. Enhance your PC's security with our special offer. For details, refer to About Outbyte Avarmor and Uninstall Instructions. Review our End User License Agreement (EULA) and Privacy Policy for more information.

An email is a reliable communication platform that is used for both personal and business purposes. And in the online world, an email is viewed as a form of identity, with almost all platforms requiring to register with an email address. Since the majority have an email account, malware developers target email users to spread malicious programs. This has proven to be effective since masses fall for the new tricks implemented by these ill-fated developers. This is the reason why spam campaigns such as the BRT Email Virus managed to torment thousands of people.

What Is the BRT Email Virus?

The BRT Email Virus is a spam email campaign that is used to distribute the Ursnif Trojan. This campaign is conducted to attack masses by distributing thousands of emails at a go. The BRT Email Virus is designed to attack the Italian community. It is presented as a due invoice that must be paid as soon as possible to avoid penalties.

Despite looking legitimate, the email is fake and is meant to trick users into clicking or downloading the infected files attached. When the user opens the attachment, malicious macro commands are executed, initiating a chain infection of Ursnif virus.

The email text read as follows:

Subject: BRT S.P.A. – Customer code 01871770 (ID3802490)

Dear Customer,

We inform you that the following invoices are due:

Invoice Date

Number Due date Amount

756834 18.12.2020 18.01.2021 355.50

Total EUR 355.50

For payment by bank transfer BENEFICIARIO BRT S.p.A., with

specific in the description of the transfer of the following customer code 01871770,

we indicate our bank details:


BNL IT05 C010 0502 5980 0000 0011 453 BNLIITRRXXX

Monte Paschi Siena IT51 T010 3002 4020 0000 0378 047 PASCITM1BO2

Banco BPM IT27 R050 3402 4100 0000 0111 323 BAPPIT21586

Intesa Sanpaolo IT55 R030 6902 5060 7400 0000 178 BCITITMM

UniCredit IT81 R020 0805 3640 0000 1097 497 UNCRITMMORR

For any information you can contact us at the telephone number 0975511416.

We take this opportunity to send you best regards.


Pursuant to current legislation on the protection of personal data, it is specified that the information contained in this message is confidential and for the exclusive use of the recipient. If the message in question is received by mistake, please delete it without copying it and do not forward it to third parties, kindly informing us. Thanks.

This message, according to the present law, may contain confidential and / or privileged information. If you are not the addressee or authorized to receive this for the addressee, you should not use, copy, disclose or take any action based on this message or any information herein If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

The attached malicious files can be presented in several formats, which means there is no specific file type to look out for. They can be in PDF, JavaScript, MS Word, or executables. Regardless of the file type, once it has been accessed, it automatically executes the virus.

You can prevent the attack by avoiding irrelevant emails sent by unknown sources. You must also double-check the authenticity of an email. You can also avoid using peer-to-peer sharing platforms as they are notorious for spreading the virus. Unverified as well as unofficial software distribution sites should also be avoided as they can lead to virus intrusion.

Email protection is very important but many overlook it. Yes, most of the email service providers claim to detect spam emails and move them to the spam folder. This works on a light scale but it is not enough to protect you from the likes of BRT campaigns. Therefore, you must deploy reliable security measures and install a strong anti-malware software to prevent such intrusion.

How to Get Rid of the BRT Email Virus?

Once you get infected by the BRT Email Virus, you must act quickly and remove it. The virus can open backdoors for more malware entities, resulting in a slow system with many crashes and freezing moments. This virus can also corrupt system files, or cause too many processes to run in the background without your knowledge. Some of these processes may consume too much system resources which can reduce some of your computer’s hardware lifespan.

To avoid such circumstances, we have prepared a detailed guide on how to remove the BRT Email Virus. Follow the solutions precisely to achieve better results.

Solution #1: Stop Malicious Processes Running in the Background

First, you must identify unfamiliar or suspicious processes running in the background. You can do so via the Task Manager. To access Task Manager, press Ctrl + Alt + Delete simultaneously, and then select Task Manager. Under processes, identify the ones that look suspicious and are related to Ursnif virus. Once you have done that, proceed with the steps below:

  1. Download the MS program called Autoruns to identify all auto-start apps, Registry, as well as system file locations.
  2. Reboot your computer into Safe Mode by pressing the Windows key. Click on the Power option, and then hold the Shift key. Click Restart. Now, select Troubleshoot in the Choose an option window before selecting the Advanced options. Select Startup Settings and click the Restart button. Click the F5 button for the system to proceed and reboot to Safe Mode with Networking.
  3. Now, extract and run the Autoruns executable file.
  4. Once you access the Autoruns app, select Options, and then untick the boxes titled Hide Empty Locations and Hide Windows Entries. Once complete, click the Refresh button.
  5. Go through the list of programs listed by Autoruns app and identify the ones you wish to eliminate. Pay attention to the file path to avoid removing system files which can lead to system instability issues. Right-click on the suspicious program and hit the Delete button.

Once you are done, you can reboot the system into normal mode. This procedure prevents any suspicious program from running during the startup, making it effective to remove it.

Solution #2: Use Anti-Malware to Get Rid of the Virus

Now that you have stopped malicious processes, it’s time to remove the malware content from the system. The best way to do so is to use a reliable and trusted anti-malware security software. Download and install the security software program. Launch it to perform a full system scan. The process will take some time to complete. Once done, Quarantine or Remove all detected malware from the system. Reboot the computer and keep the security software running in the background.


There are many types of spam emails. Some will try to extort money from you, while others will attempt to install malware. Paying attention and doing a little bit of investigation before accessing any attachment or clicking on any links can save you a lot of trouble. Keep an eye on the source of the email, the format, grammatical errors if it claims to be from an official board, as well as random links within the text.

Give us some love and rate our post!
[Total: 0 Average: 0]
Notify of
Inline Feedbacks
View all comments