Court documents released by the FBI and the US Department of Justice (DoJ) show that activity on the Coreflood botnet is down by 90 per cent in the US following last month's shutdown.
Five command-and-control servers in the US were seized by law enforcement in a co-ordinated action, and replaced with new systems which ordered infected PCs to shut down the malware they were running.
At the same time, Estonian police took similar action with servers based within their borders.
The newly released DoJ court documents (PDF) state that the servers were receiving around 800,000 messages a day from infected computers when they were seized on 13 April. Nine days later this had dropped to under 100,000, and the number is still falling steadily.
Coreflood activity is down 90 per cent in the US, and 75 per cent in the rest of the world, which law enforcement attributes to the botnet's being unable to contact people outside the US or command-and-control servers overseas.
"The reduction in the size of the Coreflood botnet was attributed to two factors. First, because Coreflood was no longer running, it was no longer able to update itself and avoid detection by anti-virus software," said the DoJ.
"Second, the FBI, with the assistance of internet service providers, has made significant efforts to identify and notify the victims of Coreflood, who in turn have taken measures to remove Coreflood from thousands of infected computers."
Those infected with the malware are being notified and instructed on how to clean their systems, the DoJ said. In one case a hospital network had around 2,000 of its 14,000 computers infected.
However, the DoJ also said that it will soon reconfigure the command-and-control servers to delete the malware automatically, so long as the owner of the system has given permission.
"The government respectfully advises the court that the substitute server, or another similar server, will be configured to respond to command-and-control requests from infected computers by issuing instructions for Coreflood to uninstall itself, but only as to infected computers of identifiable victims who have provided written consent to do so," the filing reads.
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC
'Notorious' Australian child hacker thought he had executed 'flawless' hack
The former employee says that Tesla fired him for bringing the accusations to management internally