Categories: Adware

Adware.VRBrothers removal tips

The Adware.VRBrothers is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Adware.VRBrothers virus can do?

  • Executable code extraction
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Installs an hook procedure to monitor for mouse events
  • Sniffs keystrokes
  • A process attempted to delay the analysis task by a long amount of time.
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
down.vrbrothers.com
ad.vrbrothers.com
time-a.timefreq.bldrdoc.gov
hi.vrbrothers.com
time-b.timefreq.bldrdoc.gov
time-c.timefreq.bldrdoc.gov
utcnist.colorado.edu
time.nist.gov
nist1.datum.com
nist1.aol-ca.truetime.com

How to determine Adware.VRBrothers?



File Info:

crc32: F2170284md5: 50064c7837d89a0ee568214116452913name: 1575351315145.exesha1: f3f2d8ff3277e7c6244f5983c7d05fada4bc2abdsha256: 2c56af3e455bfdfb047ef5b6e03f53a857963b016ad90561165e12b1a424113fsha512: ac7759af85683725a658e405f1db216951fb9064e5e0b6923b3ca4cca48582e9912a92757112a1798aeaf8693bad6fce8d5f538c57890876e05a587bc5cb80afssdeep: 98304:T5LlG4O5F0toGeAMzb3kaS+TDoTWAsXR76fzCJewUYMRSLWCULNlA9Exh:T5a0LiAsB769wrZyCeK9Entype: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: (C) vrBrothers Corporation. All rights reserved.InternalName: MyMacroFileVersion: 9, 6, 0, 12177CompanyName: vrBrothers Corporation. PrivateBuild: LegalTrademarks: Comments: QMacro's macro runner.ProductName: QMacroSpecialBuild: ProductVersion: 9, 6, 0, 12177FileDescription: QMacro's macro runner.OriginalFilename: mymacro.exeTranslation: 0x0804 0x04b0

Adware.VRBrothers also known as:

Bkav HW32.Packed.
FireEye Generic.mg.50064c7837d89a0e
CAT-QuickHeal Program.Unwaders
Malwarebytes Adware.VRBrothers
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Adware ( 004dc08e1 )
K7GW Adware ( 004dc08e1 )
Cybereason malicious.f3277e
TrendMicro TROJ_GEN.R002C0PJD19
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Adware-gen [Adw]
ClamAV Win.Trojan.11212536-1
GData Win32.Adware.VrBrothers.C
Kaspersky Trojan.Win32.Nimnul.zdi
NANO-Antivirus Trojan.Win32.KeyLogger.fzasqj
ViRobot Adware.Vrbrothers.6279598
AegisLab Trojan.Win32.Nimnul.4!c
Rising Trojan.Wacatac!8.10C01 (CLOUD)
Emsisoft Application.Generic (A)
DrWeb Trojan.KeyLogger.24670
Zillya Tool.ShouQu.Win32.398
Invincea heuristic
McAfee-GW-Edition BehavesLike.Win32.Pate.tc
Trapmine suspicious.low.ml.score
Sophos VR Brothers (PUA)
Ikarus Trojan.SuspectCRC
Cyren W32/Adware.SUMP-3726
Webroot W32.Backdoor.Gen
Antiy-AVL Trojan/Win32.Benban
Endgame malicious (high confidence)
ZoneAlarm Trojan.Win32.Nimnul.zdi
Microsoft Trojan:Win32/Wacatac.A!ml
Acronis suspicious
McAfee PUP-XAB-FP
VBA32 Trojan.Keyloggerger
Cylance Unsafe
Panda Generic Suspicious
ESET-NOD32 a variant of Win32/Adware.VrBrothers.AF potentially unwanted
TrendMicro-HouseCall TROJ_GEN.R002C0PJD19
Tencent Win32.Trojan.Nimnul.Sqti
Yandex PUA.VrBrothers!
SentinelOne DFI – Malicious PE
Fortinet W32/VR_Brothers.AF
AVG Win32:Adware-gen [Adw]
CrowdStrike win/malicious_confidence_90% (D)

How to remove Adware.VRBrothers?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: a.tomx.xyzad.vrbrothers.comAdware.VRBrothersdown.vrbrothers.comhi.vrbrothers.comMyMacronist1.aol-ca.truetime.comnist1.datum.comtime-a.timefreq.bldrdoc.govtime-b.timefreq.bldrdoc.govtime-c.timefreq.bldrdoc.govtime.nist.govutcnist.colorado.eduz.whorecord.xyz
4 years ago

Recent Posts

Malware.AI.4236375263 removal guide

The Malware.AI.4236375263 is considered dangerous by lots of security experts. When this infection is active,…

15 mins ago

Trojan:Win64/Midie.NM!MTB malicious file

The Trojan:Win64/Midie.NM!MTB is considered dangerous by lots of security experts. When this infection is active,…

35 mins ago

Virus:Win32/Patchload.A removal

The Virus:Win32/Patchload.A is considered dangerous by lots of security experts. When this infection is active,…

35 mins ago

Go For Files (PUA) information

The Go For Files (PUA) is considered dangerous by lots of security experts. When this…

1 hour ago

About “TrojanDownloader:Win32/VB.ZJ” infection

The TrojanDownloader:Win32/VB.ZJ is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

Win32:ExpressDload-AH [PUP] malicious file

The Win32:ExpressDload-AH [PUP] is considered dangerous by lots of security experts. When this infection is…

1 hour ago