On Wednesday 14 March 2012 the Dutch news site nu.nl was infected with a complicated infection discovered by SurfRight and Fox-IT. See Dutch news site nu[dot]nl infected [14 March 2012] and Fox-IT weblog (I have been in contact in private with some of the kind Eset folks about it.) The SmokeLoader Trojan was added as Win32/Kryptik.ACPZ in defs 6969. It wasn't clear to me whether the Mebroot bootkit can be detected and cleaned by the Eset standalone Mebroot cleaner. See http://kb.eset.com/esetkb/index?page=content&id=SOLN2372 That standalone Mebroot cleaner tool is from 28 Sept 2010. See also https://www.wilderssecurity.com/showpost.php?p=2031233&postcount=19 edited to add: Could Eset inform us please whether NOD32 and/or the standalone Mebroot cleaner tool can detect and clean this particular infection? I am aware that Eset might need a sample, maybe from Fox-IT or from SurfRight (see again here ).