Trojan

Trojan.Win32.VBKrypt.yxfq removal guide

Malware Removal

The Trojan.Win32.VBKrypt.yxfq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.VBKrypt.yxfq virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • Executed a process and injected code into it, probably while unpacking
  • Deletes its original binary from disk
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Steals private information from local Internet browsers
  • Spoofs its process name and/or associated pathname to appear as a legitimate process
  • Creates a hidden or system file
  • Creates a copy of itself
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
omann.ir

How to determine Trojan.Win32.VBKrypt.yxfq?



File Info:

crc32: E318FF26
md5: e6205b2f4c600b8c995b2e9e7af3b999
name: E6205B2F4C600B8C995B2E9E7AF3B999.mlw
sha1: 894aa3fd27870eb3685e543b93bb9dde65297576
sha256: 2ca64ce00f98f0dce668cd8ab265f7339372df455715a4eb7ac26f7144a317c2
sha512: f2e6d5880b17c2c1d414cf7a328890904d2700796a2a1581f9d4b46bf7fd05ae04983bd2ef10f381c74bed22a7cbfc563321db7429b7400d17ac99a7fcc96041
ssdeep: 6144:cYwYKEcD3uYBx8HLN/7mTdvhTVgWZeVrJB:cNYJcDrjsB
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

Translation: 0x0409 0x04b0
LegalCopyright: KASSpass
InternalName: Bohairic7
FileVersion: 5.03
CompanyName: aVure CaE
LegalTrademarks: IMSISOFT aCvA
ProductName: HARASoft
ProductVersion: 5.03
FileDescription: FaTONsoFT aIB.
OriginalFilename: Bohairic7.exe

Trojan.Win32.VBKrypt.yxfq also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 005245101 )
LionicTrojan.Win32.VBKrypt.4!c
Elasticmalicious (high confidence)
ALYacSpyware.LokiBot
MalwarebytesSpyware.PasswordStealer
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:Win32/VBKrypt.e46a1595
K7GWTrojan ( 005245101 )
Cybereasonmalicious.f4c600
CyrenW32/Fareit.DJ.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.DVDO
APEXMalicious
AvastWin32:Malware-gen
CynetMalicious (score: 99)
KasperskyTrojan.Win32.VBKrypt.yxfq
BitDefenderGen:Heur.PonyStealer.Fm0@cuA3hAbi
NANO-AntivirusTrojan.Win32.VBKrypt.exkidm
MicroWorld-eScanGen:Heur.PonyStealer.Fm0@cuA3hAbi
TencentWin32.Trojan.Vbkrypt.Aihk
Ad-AwareGen:Heur.PonyStealer.Fm0@cuA3hAbi
SophosMal/Generic-S
ComodoMalware@#1xy146tb3nbo7
BitDefenderThetaGen:NN.ZevbaF.34170.Fm0@auA3hAbi
VIPRETrojan.Win32.Generic!BT
TrendMicroTSPY_HPLOKI.SMVB
McAfee-GW-EditionBehavesLike.Win32.Fareit.hz
FireEyeGeneric.mg.e6205b2f4c600b8c
EmsisoftGen:Heur.PonyStealer.Fm0@cuA3hAbi (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.VBKrypt.cicu
WebrootW32.Malware.Gen
AviraHEUR/AGEN.1109917
eGambitUnsafe.AI_Score_100%
Antiy-AVLTrojan/Generic.ASMalwS.240E996
MicrosoftTrojan:Win32/Fareit!ml
ZoneAlarmTrojan.Win32.VBKrypt.yxfq
GDataGen:Heur.PonyStealer.Fm0@cuA3hAbi
AhnLab-V3Win-Trojan/VBKrypt.RP02.X1828
McAfeePacked-WM!E6205B2F4C60
MAXmalware (ai score=95)
VBA32BScope.Trojan.Wacatac
PandaTrj/Genetic.gen
TrendMicro-HouseCallTSPY_HPLOKI.SMVB
YandexTrojan.VBKrypt!sJ+3OkH093M
IkarusTrojan.Win32.Injector
FortinetW32/VBKryptik.DYUN!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Trojan.Win32.VBKrypt.yxfq?

Trojan.Win32.VBKrypt.yxfq removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment