Trojan:MSIL/SchInject.VN!MTB removal instruction

Malware Removal

The Trojan:MSIL/SchInject.VN!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Review

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan:MSIL/SchInject.VN!MTB virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Attempts to connect to a dead IP:Port (5 unique times)
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Steals private information from local Internet browsers
  • Attempts to access Bitcoin/ALTCoin wallets
  • Collects information to fingerprint the system

Related domains:

telete.in
apps.identrust.com

How to determine Trojan:MSIL/SchInject.VN!MTB?


File Info:

crc32: 328D9D08
md5: c6f0293740a9288faf4f73d42162772d
name: rac2.exe
sha1: 112c3844cd32736768a8256d04e75a1345ae6ae1
sha256: df2688f6f88ea0e66b46d856e514adf25f8456cb4e45c849233799e17b1171e3
sha512: 970b46eb669779442819c176e4f5acb05f7271a4a0b6fe349652855408210d113a8500812d472ab2e39cc2aa116603a52b5004bcee85b22b07ea8dd730f64a94
ssdeep: 12288:Epb5aboyHGbb7LLIWHmbIq3d9k1yaj1J5LjrvXwGL:Sb5aN+symMqN9k1xhLfv
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9 2012
Assembly Version: 0.1.6.0
InternalName: eoUDJYJPUO.exe
FileVersion: 0.1.6.0
CompanyName:
LegalTrademarks:
Comments:
ProductName: BB.Common.WinForms
ProductVersion: 0.1.6.0
FileDescription: BB.Common.WinForms
OriginalFilename: eoUDJYJPUO.exe

Trojan:MSIL/SchInject.VN!MTB also known as:

MicroWorld-eScanTrojan.GenericKDZ.68261
FireEyeGeneric.mg.c6f0293740a9288f
McAfeeFareit-FVR!C6F0293740A9
AegisLabTrojan.MSIL.Agensla.i!c
BitDefenderTrojan.GenericKDZ.68261
BitDefenderThetaGen:NN.ZemsilF.34130.Um0@amQ9STd
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/GenKryptik.ENGK
AvastWin32:TrojanX-gen [Trj]
GDataWin32.Trojan-Stealer.Raccoon.I7GP8C
KasperskyHEUR:Trojan-PSW.MSIL.Agensla.gen
AlibabaTrojanPSW:MSIL/SchInject.5dc7e9ef
APEXMalicious
Endgamemalicious (high confidence)
Trapminemalicious.high.ml.score
EmsisoftTrojan.GenericKDZ.68261 (B)
IkarusWin32.Outbreak
MaxSecureTrojan.Malware.300983.susgen
AviraTR/Redcap.tzrxa
MAXmalware (ai score=80)
MicrosoftTrojan:MSIL/SchInject.VN!MTB
ZoneAlarmHEUR:Trojan-PSW.MSIL.Agensla.gen
Ad-AwareTrojan.GenericKDZ.68261
CylanceUnsafe
RisingTrojan.SchInject!8.11D4A (CLOUD)
SentinelOneDFI – Malicious PE
FortinetMSIL/GenKryptik.ENGK!tr
AVGWin32:TrojanX-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Trojan:MSIL/SchInject.VN!MTB?

Trojan:MSIL/SchInject.VN!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment