About “Backdoor:Win32/VB.KQ” infection

The Backdoor:Win32/VB.KQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor:Win32/VB.KQ virus can do?

Behavioural detection: Executable code extraction – unpacking
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Backdoor:Win32/VB.KQ?


File Info:
name: 8C759B6FE378415A8DE4.mlw
path: /opt/CAPEv2/storage/binaries/400f80e42c45598636a93a4a19851925ec48c0adfff074c489c70e26bb187be8
crc32: FCDCE5E0
md5: 8c759b6fe378415a8de45b3e1afcaea7
sha1: 4c8b6c206fc39fa822b4743fbcec277388656e63
sha256: 400f80e42c45598636a93a4a19851925ec48c0adfff074c489c70e26bb187be8
sha512: b07e90f98f37cb8f29d48d555acb8e236e7e09fefebed3c5fed196aa7fa1a45c01dd20c639d53210bf3929c1c3ad1881cf2bf1e806917e4512a837712cc38847
ssdeep: 3072:wbYRk56ja1GgLE1KGx+ybBdvsr6DC1AJWiOhybP+g7ds48z9peFtvfiGTaB2eI4K:NpMpLEAU7BBs+DC1AJWiOhybP+g7ds4Q
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18904EA2FF380B732E15346742D6957E054AEF93405A59C12E7C29B9A7BE5CC3AD22383
sha3_384: c807afb8e79a7bd9d1fb401333f0524229aab6b5ce59e9b9151fbc77573924c0ce89aa1d8e62d1a1b0cf7716a24447ec
ep_bytes: 6844244000e8f0ffffff000000000000
timestamp: 2010-02-15 00:31:44

Version Info:
0: [No Data]

Backdoor:Win32/VB.KQ also known as:

Bkav	W32.AIDetectMalware
DrWeb	Trojan.DownLoader6.59280
MicroWorld-eScan	Gen:Variant.Ser.Symmi.373
FireEye	Generic.mg.8c759b6fe378415a
ALYac	Gen:Variant.Ser.Symmi.373
Cylance	unsafe
VIPRE	Gen:Variant.Ser.Symmi.373
Sangfor	Suspicious.Win32.Save.vb
Alibaba	Backdoor:Win32/Reconyc.671b6a8a
Cybereason	malicious.fe3784
BitDefenderTheta	Gen:NN.ZevbaF.36348.lqW@auFETbo
VirIT	Trojan.Win32.Scar.BMZX
Cyren	W32/ABRisk.IJFW-5410
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/VB.NJJ
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Trojan.Win32.Reconyc.ivis
BitDefender	Gen:Variant.Ser.Symmi.373
NANO-Antivirus	Trojan.Win32.Scar.bmhjz
ViRobot	Trojan.Win32.A.Scar.188416.B
Avast	Win32:VBMod [Trj]
Tencent	Win32.Trojan.Reconyc.Umhl
Sophos	Mal/Behav-001
F-Secure	Trojan.TR/VB.Downloader.Gen
TrendMicro	TROJ_BMZX_0000000.TOMA
McAfee-GW-Edition	BehavesLike.Win32.VBObfus.cm
Trapmine	malicious.moderate.ml.score
Emsisoft	Gen:Variant.Ser.Symmi.373 (B)
Ikarus	Trojan.Win32.Scar
GData	Gen:Variant.Ser.Symmi.373
Jiangmin	Trojan/Scar.azxg
Avira	TR/VB.Downloader.Gen
MAX	malware (ai score=88)
Antiy-AVL	Trojan/Win32.VB
Xcitium	Backdoor.Win32.Amtar.~dpr1@38823r
Arcabit	Trojan.Ser.Symmi.373
ZoneAlarm	Trojan.Win32.Reconyc.ivis
Microsoft	Backdoor:Win32/VB.KQ
Google	Detected
AhnLab-V3	Trojan/Win32.Scar.C74144
McAfee	GenericRXCM-TN!8C759B6FE378
VBA32	Trojan.VB.0458
Malwarebytes	VB.Trojan.Generic.DDS
Panda	Adware/InstantAccess
TrendMicro-HouseCall	TROJ_BMZX_0000000.TOMA
Rising	Backdoor.VB!8.32C (TFE:3:INXbvBhdSWL)
Yandex	Trojan.GenAsa!pFdYDRyofIo
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/VB.NJJ!tr
AVG	Win32:VBMod [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Backdoor:Win32/VB.KQ?

Backdoor:Win32/VB.KQ removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X