Malware

What is “Win32/AutoRun.VB.AKB”?

Malware Removal

The Win32/AutoRun.VB.AKB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/AutoRun.VB.AKB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/AutoRun.VB.AKB?



File Info:

name: 28F8BBA8FE3BDA8B31B6.mlw
path: /opt/CAPEv2/storage/binaries/980de18abed623ac28e8a81f667804e9cce1d9f5fb30991b98cd1ec34dd4e1f6
crc32: 7633F2A0
md5: 28f8bba8fe3bda8b31b61c7d8258ec04
sha1: 33c7401738a83254d8c3e127a4ff6f0496bc2fb4
sha256: 980de18abed623ac28e8a81f667804e9cce1d9f5fb30991b98cd1ec34dd4e1f6
sha512: 6949aeb89b9486681bfb95144f733898165b394112718734f5f4e5df63c46661078b6455805683b5f39f37c9445e3ee766d4b07179b1810a5e091f4e8702a15b
ssdeep: 3072:DTBEfG70Er+6dTkon7E1v26H53sW7Jq28f3/MdYvQd2a:DnaQn7o2AB7E3/da
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16504D73A7390E67ED01687F5292A47908029BC7429E1D903F7C63B1EB6F1EA7D625703
sha3_384: 188d1e9f37fdc57ce48c8e0fb6af788e882ceb50b1a773f1003b692492af36a0187261fffe11d9f90f39fee4bf08b118
ep_bytes: 68303a4000e8eeffffff000048000000
timestamp: 2011-08-18 14:31:31


Version Info:

Translation: 0x0409 0x04b0
ProductName: penis
FileVersion: 1.00
ProductVersion: 1.00
InternalName: eTaGCNjMFn
OriginalFilename: eTaGCNjMFn.exe

Win32/AutoRun.VB.AKB also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.VB.lqnM
Elasticmalicious (high confidence)
MicroWorld-eScanWin32.Hematite.C
ClamAVWin.Trojan.VB-1692
FireEyeGeneric.mg.28f8bba8fe3bda8b
CAT-QuickHealTrojan.Beebone.D
ALYacWin32.Hematite.C
Cylanceunsafe
SangforTrojan.Win32.Save.a
K7AntiVirusEmailWorm ( 0054d10f1 )
AlibabaMalware:Win32/km_2ff6e1.None
K7GWEmailWorm ( 0054d10f1 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaAI:Packer.42B65DA120
VirITTrojan.Win32.VBKrypt.FRIK
CyrenW32/VB.BZ.gen!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32Win32/AutoRun.VB.AKB
APEXMalicious
CynetMalicious (score: 100)
KasperskyWorm.Win32.WBNA.bgn
BitDefenderWin32.Hematite.C
NANO-AntivirusTrojan.Win32.VBKrypt.covjxg
AvastWin32:VB-XMG [Trj]
TencentWorm.Win32.Luder.zb
EmsisoftWin32.Hematite.C (B)
BaiduWin32.Worm.Pronny.d
F-SecureTrojan.TR/Spy.151552.JH.1
DrWebTrojan.VbCrypt.60
VIPREWin32.Hematite.C
TrendMicroMal_VBNA-7
McAfee-GW-EditionBehavesLike.Win32.VBObfus.cm
Trapminemalicious.moderate.ml.score
SophosMal/SillyFDC-P
IkarusWorm.Gamarue
GDataWin32.Trojan.PSE.6FIT59
JiangminRiskTool.StartPage.km
AviraTR/Spy.151552.JH.1
Antiy-AVLWorm/Win32.WBNA.gen
XcitiumWorm.Win32.Pronny.AD@4omzqe
ArcabitWin32.Hematite.C
ViRobotTrojan.Win32.A.VBKrypt.151552
ZoneAlarmWorm.Win32.WBNA.bgn
MicrosoftTrojan:Win32/Upatre
GoogleDetected
AhnLab-V3Trojan/Win32.VBKrypt.R373450
Acronissuspicious
McAfeeVBObfus.g
MAXmalware (ai score=85)
VBA32Trojan.VBRA.019889
MalwarebytesGeneric.Malware.AI.DDS
PandaGeneric Malware
TrendMicro-HouseCallMal_VBNA-7
RisingTrojan.Win32.VBCode.fnr (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VBObfus.G!tr
AVGWin32:VB-XMG [Trj]
DeepInstinctMALICIOUS

How to remove Win32/AutoRun.VB.AKB?

Win32/AutoRun.VB.AKB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment