Should I remove "MSIL/Injector.ERL"?

The MSIL/Injector.ERL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What MSIL/Injector.ERL virus can do?

Injection (inter-process)
Injection (Process Hollowing)
Executable code extraction
Injection with CreateRemoteThread in a remote process
Creates RWX memory
Attempts to connect to a dead IP:Port (6 unique times)
Performs some HTTP requests
Uses Windows utilities for basic functionality
Executed a process and injected code into it, probably while unpacking
Installs itself for autorun at Windows startup
Creates a hidden or system file
Attempts to modify proxy settings
Creates a copy of itself

Related domains:

z.whorecord.xyz

a.tomx.xyz

www.bing.com

nsns7429980.ddns.net

ocsp.pki.goog

How to determine MSIL/Injector.ERL?


File Info:
crc32: A3C396FC
md5: 781965819dccb8a2997f4312ca75ef59
name: 781965819DCCB8A2997F4312CA75EF59.mlw
sha1: ebee06c60daba7678c9d02bf25789018a4ffe2e1
sha256: adcbf4ae4c9187477dccc2e66f2dc2872087de7a32a732ecfe3d604d5cc58de5
sha512: e461a7f903b8546f2cd462c02c5d531fbd7016dd7a2ab1a0fdf7b47a04fe46d7d2623208da01059359de3827686be29043b9b03ff8dc3fec3e831e25a41ee76a
ssdeep: 24576:DaqUUxUxYYUxxxcYyxIcUxyxYx+ZZXUCLxyB1ZjOYx/IYdZZx7Z3xdXZKbYYXyU:jUUxUxYYUxxxcYyxIcUxyxYx+ZZXUCL
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
Translation: 0x0000 0x04b0
LegalCopyright: microsoft corporation
Assembly Version: 1.0.0.2
InternalName: microsoft corporation.exe
FileVersion: 1.0.0.0
CompanyName: microsoft corporation
LegalTrademarks: microsoft corporation
Comments: microsoft corporation
ProductName: microsoft corporation
ProductVersion: 1.0.0.0
FileDescription: microsoft corporation
OriginalFilename: microsoft corporation.exe

MSIL/Injector.ERL also known as:

K7AntiVirus	Trojan ( 004be6171 )
Elastic	malicious (high confidence)
DrWeb	BackDoor.Comet.2020
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Ransom.Samas.1
Cylance	Unsafe
Zillya	Trojan.Generic.Win32.304964
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	Trojan:MSIL/Injector.7106a37f
K7GW	Trojan ( 004be6171 )
Cybereason	malicious.19dccb
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Injector.ERL
APEX	Malicious
Avast	MSIL:GenMalicious-ARE [Trj]
Kaspersky	HEUR:Trojan.MSIL.Generic
BitDefender	Gen:Variant.Ransom.Samas.1
NANO-Antivirus	Trojan.Win32.Comet.dzuyac
MicroWorld-eScan	Gen:Variant.Ransom.Samas.1
Tencent	Msil.Trojan.Generic.Agbh
Ad-Aware	Gen:Variant.Ransom.Samas.1
Sophos	ML/PE-A + Troj/MSIL-EGP
BitDefenderTheta	Gen:NN.ZemsilF.34690.!m0@a8ZRKwd
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Generic.dz
FireEye	Generic.mg.781965819dccb8a2
Emsisoft	Gen:Variant.Ransom.Samas.1 (B)
SentinelOne	Static AI – Malicious PE
Avira	TR/Dropper.Gen
eGambit	Unsafe.AI_Score_71%
Antiy-AVL	Trojan/Generic.ASMalwS.251223C
Microsoft	Trojan:Win32/Occamy.C
Arcabit	Trojan.Ransom.Samas.1
AegisLab	Trojan.MSIL.Generic.4!c
GData	Gen:Variant.Ransom.Samas.1
McAfee	Trojan-FJIS!781965819DCC
MAX	malware (ai score=99)
VBA32	Backdoor.Comet
Malwarebytes	Spyware.PasswordStealer
Panda	Trj/CI.A
Rising	Dropper.Generic!8.35E (CLOUD)
Ikarus	Trojan.MSIL.Injector
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Generic.AP.188AB0C!tr
AVG	MSIL:GenMalicious-ARE [Trj]
Paloalto	generic.ml

How to remove MSIL/Injector.ERL?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Should I remove “MSIL/Injector.ERL”?