Microsoft security software detects and removes this family of threats.

This malware family can steal your sensitive information and send it to a malicious hacker. The family can also download other malware and give backdoor access to your PC.

Variants of the family can spread via infected removable drives, such as USB flash drives. They can also be downloaded by other malware, or spread though malicious links and hacked websites.

See the MSIL/Bladabindi family entry for more information about this malware.

Find out ways that malware can get on your PC.

What to do now

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find hidden malware.

Protect your sensitive information

This threat tries to steal your sensitive and confidential information. If you think your information has been stolen, see:

You should change your passwords after you've removed this threat:

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior

See the MSIL/Bladabindi family entry for more information about this malware.


Alert level: Severe
First detected by definition: 1.141.3048.0
Latest detected by definition: 1.211.1023.0 and higher
First detected on: Jan 03, 2013
This entry was first published on: Jan 03, 2013
This entry was updated on: Sep 21, 2015

This threat is also detected as:
  • Trojan.MSIL.Disfa.bsto (Kaspersky)
  • winpe/Troj_Generic.OEKLP (Norman)
  • Generic34.AXLL (AVG)
  • TR/MSILKrypt.6.258 (Avira)
  • Gen:Variant.MSILKrypt.6 (BitDefender)
  • Win32.HLLW.Autoruner.25074 (Dr.Web)
  • MSIL/Injector.BOX trojan (ESET)
  • MSIL/Injector.PEW!tr (Fortinet)