Categories: Backdoor

How to remove “Backdoor.VB.Agent.PH”?

The Backdoor.VB.Agent.PH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.VB.Agent.PH virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Reads data out of its own binary image
A process created a hidden window
Unconventionial language used in binary resources: Arabic
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking
Installs itself for autorun at Windows startup
Creates a hidden or system file
Creates a slightly modified copy of itself
Anomalous binary characteristics

How to determine Backdoor.VB.Agent.PH?


File Info:
crc32: F45BA4ABmd5: b6e2d459565b0c75bc5c68444398e1bename: B6E2D459565B0C75BC5C68444398E1BE.mlwsha1: 3f57e718d004c014b9f148c85bc5c8f10f40043bsha256: ca618f0b929d26738b2444c467509c8b911ce04eb3311c387785d0427e7b7626sha512: c34272ab0d9a9ec786e703bcfc64293d371248971445933d23a29e5a94d3e58242b5b73ff37ae66854980e3b54d79da7951e5bd00aceaaca50090670b4f52e4dssdeep: 3072:oq4XVH1NXy0KFP03US7yC5Jdt6r3OJFkXkfLLwInfjfCFcwD1Yo2Emo+poFs:oqwVU0KVZCnL6r3OJScLwCc1GLpoFstype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
Translation: 0x0409 0x04b0InternalName: AnsFileVersion: 44.05.0047CompanyName: Alida Devina CharmainComments: Harpal Desire AdelaideProductName: Gloriana DawnaProductVersion: 44.05.0047FileDescription: ChinFui DeeAnn DebadeepOriginalFilename: Ans.exe

Backdoor.VB.Agent.PH also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Riskware ( 0015e4f11 )
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Panda.1533
Cynet	Malicious (score: 100)
CAT-QuickHeal	TrojanRansom.Blocker
McAfee	PWSZbot-FBSY!B6E2D459565B
Cylance	Unsafe
Zillya	Trojan.Jorik.Win32.160926
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
K7GW	Riskware ( 0015e4f11 )
Cybereason	malicious.9565b0
Cyren	W32/PWS.BMLR-5367
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/Spy.Zbot.YW
Zoner	Trojan.Win32.10563
APEX	Malicious
Avast	Win32:Spyware-gen [Spy]
ClamAV	Win.Spyware.Zbot-69296
Kaspersky	Trojan-Ransom.Win32.Blocker.hcdj
BitDefender	Backdoor.VB.Agent.PH
NANO-Antivirus	Trojan.Win32.Blocker.iqjoaw
MicroWorld-eScan	Backdoor.VB.Agent.PH
Ad-Aware	Backdoor.VB.Agent.PH
Sophos	ML/PE-A + Troj/Zbot-CWA
BitDefenderTheta	Gen:NN.ZevbaF.34688.om1@amyuxPaO
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_VBKRYPT.BEZ
McAfee-GW-Edition	BehavesLike.Win32.PWSZbot.dc
FireEye	Generic.mg.b6e2d459565b0c75
Emsisoft	Backdoor.VB.Agent.PH (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan/Blocker.ojf
Webroot	W32.Trojan.Gen
Avira	TR/Kazy.94276
Microsoft	PWS:Win32/Zbot
GData	Backdoor.VB.Agent.PH
AhnLab-V3	Dropper/Win32.Injector.R33942
Acronis	suspicious
VBA32	TScope.Trojan.VB
MAX	malware (ai score=88)
Malwarebytes	MachineLearning/Anomalous.94%
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TROJ_VBKRYPT.BEZ
Rising	Malware.Zbot!8.E95E (TFE:4:OT31PfwhS1H)
Yandex	TrojanSpy.Zbot!cCOqBYeFHsk
Ikarus	Trojan.Win32.Pakes
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/VBKrypt.SXA!tr
AVG	Win32:Spyware-gen [Spy]