Adware

Adware.VRBrothers removal tips

Malware Removal

The Adware.VRBrothers is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Adware.VRBrothers virus can do?

  • Executable code extraction
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Installs an hook procedure to monitor for mouse events
  • Sniffs keystrokes
  • A process attempted to delay the analysis task by a long amount of time.
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
down.vrbrothers.com
ad.vrbrothers.com
time-a.timefreq.bldrdoc.gov
hi.vrbrothers.com
time-b.timefreq.bldrdoc.gov
time-c.timefreq.bldrdoc.gov
utcnist.colorado.edu
time.nist.gov
nist1.datum.com
nist1.aol-ca.truetime.com

How to determine Adware.VRBrothers?


File Info:

crc32: F2170284
md5: 50064c7837d89a0ee568214116452913
name: 1575351315145.exe
sha1: f3f2d8ff3277e7c6244f5983c7d05fada4bc2abd
sha256: 2c56af3e455bfdfb047ef5b6e03f53a857963b016ad90561165e12b1a424113f
sha512: ac7759af85683725a658e405f1db216951fb9064e5e0b6923b3ca4cca48582e9912a92757112a1798aeaf8693bad6fce8d5f538c57890876e05a587bc5cb80af
ssdeep: 98304:T5LlG4O5F0toGeAMzb3kaS+TDoTWAsXR76fzCJewUYMRSLWCULNlA9Exh:T5a0LiAsB769wrZyCeK9En
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: (C) vrBrothers Corporation. All rights reserved.
InternalName: MyMacro
FileVersion: 9, 6, 0, 12177
CompanyName: vrBrothers Corporation.
PrivateBuild:
LegalTrademarks:
Comments: QMacro's macro runner.
ProductName: QMacro
SpecialBuild:
ProductVersion: 9, 6, 0, 12177
FileDescription: QMacro's macro runner.
OriginalFilename: mymacro.exe
Translation: 0x0804 0x04b0

Adware.VRBrothers also known as:

BkavHW32.Packed.
FireEyeGeneric.mg.50064c7837d89a0e
CAT-QuickHealProgram.Unwaders
MalwarebytesAdware.VRBrothers
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusAdware ( 004dc08e1 )
K7GWAdware ( 004dc08e1 )
Cybereasonmalicious.f3277e
TrendMicroTROJ_GEN.R002C0PJD19
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Adware-gen [Adw]
ClamAVWin.Trojan.11212536-1
GDataWin32.Adware.VrBrothers.C
KasperskyTrojan.Win32.Nimnul.zdi
NANO-AntivirusTrojan.Win32.KeyLogger.fzasqj
ViRobotAdware.Vrbrothers.6279598
AegisLabTrojan.Win32.Nimnul.4!c
RisingTrojan.Wacatac!8.10C01 (CLOUD)
EmsisoftApplication.Generic (A)
DrWebTrojan.KeyLogger.24670
ZillyaTool.ShouQu.Win32.398
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Pate.tc
Trapminesuspicious.low.ml.score
SophosVR Brothers (PUA)
IkarusTrojan.SuspectCRC
CyrenW32/Adware.SUMP-3726
WebrootW32.Backdoor.Gen
Antiy-AVLTrojan/Win32.Benban
Endgamemalicious (high confidence)
ZoneAlarmTrojan.Win32.Nimnul.zdi
MicrosoftTrojan:Win32/Wacatac.A!ml
Acronissuspicious
McAfeePUP-XAB-FP
VBA32Trojan.Keyloggerger
CylanceUnsafe
PandaGeneric Suspicious
ESET-NOD32a variant of Win32/Adware.VrBrothers.AF potentially unwanted
TrendMicro-HouseCallTROJ_GEN.R002C0PJD19
TencentWin32.Trojan.Nimnul.Sqti
YandexPUA.VrBrothers!
SentinelOneDFI – Malicious PE
FortinetW32/VR_Brothers.AF
AVGWin32:Adware-gen [Adw]
CrowdStrikewin/malicious_confidence_90% (D)

How to remove Adware.VRBrothers?

Adware.VRBrothers removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment