Malware

Mal/FareitVB-I malicious file

Malware Removal

The Mal/FareitVB-I is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Mal/FareitVB-I virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Executed a process and injected code into it, probably while unpacking
  • Deletes its original binary from disk
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Spoofs its process name and/or associated pathname to appear as a legitimate process
  • Creates a hidden or system file
  • Creates a copy of itself
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
plugcoinmask.com

How to determine Mal/FareitVB-I?



File Info:

crc32: F23CFF42
md5: 64c5bf21111d1077ae07666f019a567d
name: 64C5BF21111D1077AE07666F019A567D.mlw
sha1: f4afa37672fbcf9f2b84aaf44635451840028722
sha256: 2e74805dd357876139dcbfa7eb82581e389b10a0593a34833b562c92ec5293f7
sha512: 82f33f81846971d4e0d0b7efd607721575188e048b61dc7970ed9f850ddd4d4c6da1356e33f0c6db1097de6c3ae5adafb0c120fbd860c3b095aa466ae5996c4f
ssdeep: 3072:guXWjsXDmgFg5MsFXHnr9Nm+rRXIy3GLQ7KoQi/iwagAEmvn8cE+:vWoXDhFgOSJfRBXrvu
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

Translation: 0x0409 0x04b0
LegalCopyright: AsusAsusAsusAsusAsus 
InternalName: Crediting3
FileVersion: 4.08.0002
CompanyName: Epson Epson
LegalTrademarks: AsusAsusAsusAsusAsus 
ProductName: AsusAsusAsusAsusAsus 
ProductVersion: 4.08.0002
FileDescription: AsusAsusAsusAsusAsus 
OriginalFilename: Crediting3.exe

Mal/FareitVB-I also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.PonyStealer.zm0@cmNRVihi
FireEyeGeneric.mg.64c5bf21111d1077
McAfeeFareit-FHA!64C5BF21111D
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforMalware
CrowdStrikewin/malicious_confidence_80% (D)
BitDefenderGen:Heur.PonyStealer.zm0@cmNRVihi
K7GWTrojan ( 00502e161 )
K7AntiVirusTrojan ( 00502e161 )
TrendMicroTrojanSpy.Win32.LOKI.SM.hp
BitDefenderThetaGen:NN.ZevbaF.34634.zm0@amNRVihi
CyrenW32/VBInject.HV.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Malware.Fareit-9782278-0
KasperskyTrojan-PSW.Win32.Fareit.fewu
AlibabaTrojanPSW:Win32/Fareit.be4cada0
NANO-AntivirusTrojan.Win32.Kryptik.ekwydp
TencentMalware.Win32.Gencirc.10ce161d
Ad-AwareGen:Heur.PonyStealer.zm0@cmNRVihi
EmsisoftGen:Heur.PonyStealer.zm0@cmNRVihi (B)
ComodoMalware@#1jlamrfd7kdtq
F-SecureHeuristic.HEUR/AGEN.1121806
ZillyaTrojan.GenKryptik.Win32.3450
InvinceaML/PE-A + Mal/FareitVB-I
McAfee-GW-EditionFareit-FHA!64C5BF21111D
SophosMal/FareitVB-I
IkarusTrojan.Win32.Injector
JiangminTrojan.PSW.Fareit.adrv
AviraHEUR/AGEN.1121806
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win32.Injector
MicrosoftTrojan:Win32/Ymacco.AA36
GridinsoftTrojan.Win32.Downloader.oa
ArcabitTrojan.PonyStealer.E7B8F0
ZoneAlarmTrojan-PSW.Win32.Fareit.fewu
GDataGen:Heur.PonyStealer.zm0@cmNRVihi
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/VBKrypt.RP.X1764
VBA32Trojan.Wacatac
ALYacGen:Heur.PonyStealer.zm0@cmNRVihi
PandaTrj/GdSda.A
ESET-NOD32a variant of Win32/Injector.DNSL
TrendMicro-HouseCallTrojanSpy.Win32.LOKI.SM.hp
RisingTrojan.Injector!8.C4 (TFE:5:DuehBpHJT6Q)
YandexTrojan.GenAsa!om3gqy959bw
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.1728101.susgen
FortinetW32/DNSL.I!tr
AVGWin32:Malware-gen
Cybereasonmalicious.1111d1
Qihoo-360Win32/Trojan.PSW.b6d

How to remove Mal/FareitVB-I?

Mal/FareitVB-I removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment