Trojan

TrojanDownloader:Win32/VB.QB removal

Malware Removal

The TrojanDownloader:Win32/VB.QB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/VB.QB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Uses Windows utilities for basic functionality
  • Performs HTTP requests potentially not found in PCAP.
  • Authenticode signature is invalid
  • Binary file triggered YARA rule
  • Attempts to modify proxy settings
  • Attempts to modify browser security settings
  • Operates on local firewall’s policies and settings
  • Attempts to disable UAC
  • Yara detections observed in process dumps, payloads or dropped files

How to determine TrojanDownloader:Win32/VB.QB?



File Info:

name: 3EE7C5A346111CEC0D0C.mlw
path: /opt/CAPEv2/storage/binaries/fad63ac05117f522b339b62f08e69c4e1971853fa9634052309559feb0a6163d
crc32: 7A187055
md5: 3ee7c5a346111cec0d0c458210f02c66
sha1: 6eeaf1603c93b5a8949ec55abac568b42bed04a2
sha256: fad63ac05117f522b339b62f08e69c4e1971853fa9634052309559feb0a6163d
sha512: 7618358ff6c7c2f28acc720a7c0fa4e7e7e98ccc42c6f916177d0afe31c5d6ab96cd23e6ed22d80caf97039e256e87ed15f15e5675998f315525f2430589d893
ssdeep: 1536:XLm7Oh/7nqGa5xXwM88ZTatFx1V8fExbpDG9K5WaXDkZQ0YMex4q318m4vAQxhPk:SeM88ZRExbpyQbX4ZQ0Jex4W1Y7jModY
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AFA3F727FE641116E9068AB01EA9A5967C17BE3724006D0776819B4D6D33AC3FAF331F
sha3_384: 65f77423d96818ce32ebc519ed3558f7a8962c93dfe755a7406fee9de03b1ad4367f897f4c78d7f098563ba6aa5f4925
ep_bytes: 6814304000e8eeffffff000050000000
timestamp: 2010-10-05 15:07:51


Version Info:

Translation: 0x0409 0x04b0
CompanyName: idqsufyklqxhpxpodzry
ProductName: pbuawurrbahxbudkemkl
FileVersion: 1.00
ProductVersion: 1.00
InternalName: yyy2010100808
OriginalFilename: yyy2010100808.exe

TrojanDownloader:Win32/VB.QB also known as:

LionicTrojan.Win32.Vilsel.4!c
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader1.17125
MicroWorld-eScanGen:Heur.VB.Krypt.13
FireEyeGen:Heur.VB.Krypt.13
SkyhighDownloader-CJD
McAfeeDownloader-CJD
MalwarebytesMalware.AI.3218653764
K7AntiVirusNetWorm ( 700000151 )
AlibabaTrojanDownloader:Win32/Vilsel.678fb285
K7GWNetWorm ( 700000151 )
Cybereasonmalicious.346111
BitDefenderThetaAI:Packer.B55CBBE321
VirITTrojan.Win32.Vilsel.AMDZ
SymantecTrojan.Dropper
ESET-NOD32a variant of Win32/TrojanDownloader.VB.OOG
APEXMalicious
ClamAVWin.Trojan.VB-1249
KasperskyTrojan.Win32.Vilsel.amct
BitDefenderGen:Heur.VB.Krypt.13
NANO-AntivirusTrojan.Win32.Vilsel.bqfkz
AvastWin32:VB-PXI [Wrm]
TencentWin32.Trojan.Vilsel.Xfow
TACHYONTrojan/W32.VB-Vilsel.98304.DG
EmsisoftGen:Heur.VB.Krypt.13 (B)
F-SecureTrojan.TR/Rimod.A.521
BaiduWin32.Trojan.VB.o
VIPREGen:Heur.VB.Krypt.13
TrendMicroTROJ_VILSEL.SMD
SophosTroj/Vilsel-G
IkarusTrojan-Downloader.Win32.VB
GoogleDetected
AviraTR/Rimod.A.521
VaristW32/VB.BJ.gen!Eldorado
Antiy-AVLTrojan[Downloader]/Win32.VB
KingsoftWin32.HeurC.KVM006.a
MicrosoftTrojanDownloader:Win32/VB.QB
XcitiumTrojWare.Win32.Rimod.A@2ob383
ArcabitTrojan.VB.Krypt.13
ZoneAlarmTrojan.Win32.Vilsel.amct
GDataGen:Heur.VB.Krypt.13
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Vilsel.R20
VBA32Trojan.VBRA.01533
MAXmalware (ai score=100)
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_VILSEL.SMD
RisingDownloader.VBEx!1.99EF (CLASSIC)
YandexTrojan.GenAsa!lFvIfGiWxus
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.1528655.susgen
FortinetW32/Vilsel.AEX!tr
AVGWin32:VB-PXI [Wrm]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_90% (D)
alibabacloudTrojan[downloader]:Win/Vilsel.amct

How to remove TrojanDownloader:Win32/VB.QB?

TrojanDownloader:Win32/VB.QB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment