I started up my desktop today, to be notified by ESET NOD32 Antivirus 8 (legitimate paid version) that I have a trojan. Doing a smart scan did not remove it.
I also found this topic on the matter on this very forum: http://www.bleepingcomputer.com/forums/t/579945/infected-with-a-variant-of-msilinjectoryt-trojan/
It seems that particular user also only recently have gotten this malware.
The start post's date is June 19th 2015. Also, check ESET Virus Radar: http://www.virusradar.com/en/MSIL_Injector.YT/chart/historyIt's trending worldwide!
Is this normal behaviour, that trend? edit1
: Here another report in Swedish: http://www.sweclockers.com/forum/trad/1374364-msil-injector-yt-trojan
Note the date of the start post June 20th 2015.
Wtf is going on, widespread infection?! Also ran the latest updated Malwarebytes Anti-Malware Home.It did not detect anything.
For the time being the desktop I removed the ethernet cable of said desktop.
But I will try Kaspersky TDSSKiller and others later today. Edit
: will first try http://kb.eset.com/esetkb/index?page=content&id=SOLN2505 edit3
: I now enabled the free trail for the Premium version of Malwarebytes Anti-Malware. (Had to connect very shortly to the internet to enable it.)
Since the Premium
version provides real-time protection,
I hope the software will show some popups eventually about this malware.
Update: no popups from Malwarebytes Anti-Malware Premium so far. edit4
: Very bad showing from ESET NOD32!
Even though on start-up there are 3 popups telling me there is a trojan in memory, the actual user interface of ESET doesn't show any issues!It says "Maximum protection" with a green "OK sign".
Only when I go in the log files from within the user interface
, I can see red lines stating the malware. edit5
: The Swedish article states the HOSTS file could be modified by the trojan.
However, I checked mine at %SystemRoot%
\System32\drivers\etc\hosts and there are no modifications. edit6
: This Russian NOD32 support forum also talks about the trojan: http://forum.esetnod32.ru/forum6/topic12104/
First post from June 9th 2015.