Worm

Dropped:Win32.Worm.VB.NRV removal instruction

Malware Removal

The Dropped:Win32.Worm.VB.NRV is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Dropped:Win32.Worm.VB.NRV virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

How to determine Dropped:Win32.Worm.VB.NRV?



File Info:

name: 8FB6BBB710B47B041C5A.mlw
path: /opt/CAPEv2/storage/binaries/6acd5c79bdbc53e0f6d2b15cb8e8249413720dbc049c33ded020ba000312f07b
crc32: E15E913F
md5: 8fb6bbb710b47b041c5af0b554f321cd
sha1: 36f8cd8ae2bacbed91cd56be7228e8ce1fd44cd6
sha256: 6acd5c79bdbc53e0f6d2b15cb8e8249413720dbc049c33ded020ba000312f07b
sha512: e44189e0fe686a8b570230ca36ec4171e8f3c6da45781c41b3b507f9bf47e955fd579235154225690111e42eec4321ee8cf81704a3302b818e16bf7bc4beb35b
ssdeep: 1536:4xdtOLa4oIqAs6Rj+VbI7YMctrFV3MPpdDXln1:4Xya4oIqlA+SYMcF3cDl1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12FA32391A213F00DE028F27D4432924DD9242CF2F911F8BE7A567DF866F51472AEB19B
sha3_384: 5363bcfe4e256741f56880798ea6d56903aa94b59bd540c744481e0314eead055e7e24069b33af469b6ee07fd4e22877
ep_bytes: 688c704000e8eeffffff000000000000
timestamp: 2006-05-13 16:09:17


Version Info:

Translation: 0x0409 0x04b0
ProductName: Microsoft® Windows® Operating System
FileVersion: 1.01
ProductVersion: 1.01
InternalName: svchostee
OriginalFilename: svchostee.exe

Dropped:Win32.Worm.VB.NRV also known as:

tehtrisGeneric.Malware
MicroWorld-eScanDropped:Win32.Worm.VB.NRV
CAT-QuickHealWorm.Flewon.S349523
ALYacDropped:Win32.Worm.VB.NRV
CylanceUnsafe
SangforVISUAL BASIC4
K7AntiVirusP2PWorm ( 000238ee1 )
AlibabaTrojan:Win32/Starter.ali2000005
K7GWP2PWorm ( 000238ee1 )
Cybereasonmalicious.710b47
BaiduWin32.Worm.VB.ji
VirITI-WORM.VB.G
CyrenW32/Worm.DCNX-7521
Elasticmalicious (high confidence)
ESET-NOD32Win32/VB.NGN
APEXMalicious
ClamAVWin.Worm.Liamo-1
KasperskyEmail-Worm.Win32.VB.cb
BitDefenderDropped:Win32.Worm.VB.NRV
NANO-AntivirusTrojan.Win32.VB.fnxibm
SUPERAntiSpywareTrojan.Agent/Gen-Falint
AvastWin32:VB-AEC [Wrm]
TencentMalware.Win32.Gencirc.10cebc07
Ad-AwareDropped:Win32.Worm.VB.NRV
EmsisoftDropped:Win32.Worm.VB.NRV (B)
ComodoWorm.Win32.VB.NGN@439p
F-SecureTrojan.TR/Spy.Vwealer.KZ.33
DrWebTrojan.PWS.Asterie
ZillyaWorm.VB.Win32.227
TrendMicroWORM_VB.DHQ
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.nm
FireEyeGeneric.mg.8fb6bbb710b47b04
SophosML/PE-A + Troj/VB-CVM
SentinelOneStatic AI – Malicious PE
GDataDropped:Win32.Worm.VB.NRV
JiangminTrojanClicker.Qihai.aq
WebrootW32.Worm.Brontok
AviraTR/Spy.Vwealer.KZ.33
ArcabitWin32.Worm.VB.NRV
ViRobotI-Worm.Win32.VB.94208.E
ZoneAlarmEmail-Worm.Win32.VB.cb
MicrosoftTrojanSpy:Win32/Vwealer
CynetMalicious (score: 99)
AhnLab-V3HEUR/Fakon.mwf.X1381
McAfeeGeneric VB.b
MAXmalware (ai score=88)
VBA32Trojan.VBS.0768
MalwarebytesWorm.Agent
TrendMicro-HouseCallWORM_VB.DHQ
RisingWorm.VBInjectEx!1.99E6 (CLASSIC)
YandexTrojan.GenAsa!Atu2opUBTNw
IkarusEmail-Worm.Win32.VB.cb
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VB.48EB!worm
BitDefenderThetaAI:Packer.392069FC20
AVGWin32:VB-AEC [Wrm]
PandaW32/MadCoffee.A.worm
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Dropped:Win32.Worm.VB.NRV?

Dropped:Win32.Worm.VB.NRV removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment