JohnHawkes

Hi, Security specialist here. The type of malware reported in the comment is a man in the middle/redirector malware not an injection type virus. That means it installs itself onto your system and then hijacks other programs web traffic to spy on them. It does not infect programs like Tequila. In fact the message posted in the screenshot says that the Tequila connection is being re-directed not that Tequila is malicious. If trickbot IS intercepting the connection then it means that the PC running Tequila is infected not Tequila itself. If the machine is infected then opening a file browser and typing in "%appdata%\roaming \modules" without the quotes will show you a directory called "injectdll32_configs" Trickbot had a number of command and control hosts that it connected to when running and eset may just be reacting to one of the IP's. Seeing as Trickbot is a three year old malware it is possible that one of the IPs it was using back in the day has been re-used for some of the homecoming infrastructure by the hosting company without the team knowing about it.