Malware

About “Troj/VB-FZQ” infection

Malware Removal

The Troj/VB-FZQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/VB-FZQ virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Attempts to disable Windows Auto Updates
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Troj/VB-FZQ?



File Info:

name: 4E16E30A7F8EC8385D0B.mlw
path: /opt/CAPEv2/storage/binaries/b12136d8c1b62dc5d20f0cdb759a9fe2d6e13a66cf88b0a84af21985fbdfbb12
crc32: EB6E93E9
md5: 4e16e30a7f8ec8385d0b9a8a4fbd006e
sha1: 8da407d0ed8da2767669c46899b2d8ed765c68c3
sha256: b12136d8c1b62dc5d20f0cdb759a9fe2d6e13a66cf88b0a84af21985fbdfbb12
sha512: 6b4569d130e071c582dac6ed320ccbfe834b7e123f1e9cc7c9cf1cb37f1907a11b0bbf17e8c0f2eba90bcdf8b95066101832920e0c022990f8c177e57cc17afe
ssdeep: 1536:jJJ1V0Ic58CCbVVh1oI7HBbN4432N4Y639e2DTK3FrkDas6C6NXyEUTPmNh6AldQ:sIiEbVVX9hh443S16BDaO+ZODE3ldN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10DF3711973D0F739D425C6F57D2A83A0A83ABD3509E16C13F3D16B2976B1DA3A225323
sha3_384: 79831fa24cf663522c0bf25544338287abd59a8d719ecbea00d88b11ca10f58ace92ccb6034ae4d312a2c60b1b6b7cf8
ep_bytes: 6814394000e8eeffffff000000000000
timestamp: 2012-07-05 07:39:35


Version Info:

Translation: 0x0409 0x04b0
Comments: vestissero
CompanyName: vestissero
FileDescription: vestissero
LegalCopyright: vestissero
LegalTrademarks: vestissero
ProductName: vestissero
FileVersion: 6.10
ProductVersion: 6.10
InternalName: waistcoatless
OriginalFilename: waistcoatless.exe

Troj/VB-FZQ also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Vobfus.lx2G
DrWebTrojan.VbCrypt.60
MicroWorld-eScanGen:Variant.VBInject.11
FireEyeGeneric.mg.4e16e30a7f8ec838
CAT-QuickHealTrojan.Beebone.D
McAfeeVBObfus.m
MalwarebytesPronny.Worm.Spreader.DDS
VIPREGen:Variant.VBInject.11
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005640b91 )
AlibabaWorm:Win32/Vobfus.03a9ce02
K7GWTrojan ( 005640b91 )
Cybereasonmalicious.a7f8ec
BitDefenderThetaGen:NN.ZevbaF.36250.km0@aithpxci
VirITTrojan.Win32.Generic.CBCH
CyrenW32/Vobfus.BE.gen!Eldorado
SymantecW32.Changeup!gen18
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Pronny.BH
APEXMalicious
ClamAVWin.Trojan.Changeup-6169544-0
KasperskyWorm.Win32.Vobfus.eryn
BitDefenderGen:Variant.VBInject.11
NANO-AntivirusTrojan.Win32.WBNA.covksn
SUPERAntiSpywareTrojan.Agent/Gen-Vban
AvastWin32:VB-ADPC [Trj]
TencentWorm.Win32.Vobfus.kr
EmsisoftGen:Variant.VBInject.11 (B)
F-SecureTrojan.TR/Dropper.Gen
BaiduWin32.Worm.Pronny.d
TrendMicroWORM_VOBFUS.SM01
McAfee-GW-EditionBehavesLike.Win32.VBObfus.cm
Trapminemalicious.moderate.ml.score
SophosTroj/VB-FZQ
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.VBInject.11
JiangminWorm/WBNA.dfhj
GoogleDetected
AviraTR/Dropper.Gen
MAXmalware (ai score=83)
Antiy-AVLWorm/Win32.WBNA.gen
XcitiumWorm.Win32.Pronny.AK@4ogvoo
ArcabitTrojan.VBInject.11
ViRobotTrojan.Win32.A.Diple.167936.EH
ZoneAlarmWorm.Win32.Vobfus.eryn
MicrosoftWorm:Win32/Vobfus.gen!R
CynetMalicious (score: 100)
AhnLab-V3Worm/Win32.WBNA.R29524
VBA32BScope.Trojan-Dropper.Injector
ALYacGen:Variant.VBInject.11
TACHYONTrojan/W32.VB-Diple.167936
Cylanceunsafe
PandaW32/Vobfus.GEW.worm
TrendMicro-HouseCallWORM_VOBFUS.SM01
RisingWorm.VobfusEx!1.99DB (CLASSIC)
YandexTrojan.GenAsa!EbErQKNuBDQ
IkarusWorm.Win32.Vobfus
MaxSecureTrojan.Malware.6160652.susgen
FortinetW32/VBKrypt.CA!tr
AVGWin32:VB-ADPC [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Troj/VB-FZQ?

Troj/VB-FZQ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment