TrojanDropper:Win32/Vundo.J removal instruction

The TrojanDropper:Win32/Vundo.J is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What TrojanDropper:Win32/Vundo.J virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine TrojanDropper:Win32/Vundo.J?


File Info:
name: BA83D1491499D19DDE6E.mlw
path: /opt/CAPEv2/storage/binaries/aa69f002147a5afbfe7cb729fab1381338fbb3fa20fd66f3d5323247f0ff3c27
crc32: F9C669B2
md5: ba83d1491499d19dde6e0dca841ee60f
sha1: cd8e0e01a7b3a949b6978798a7cd0853b872d1d4
sha256: aa69f002147a5afbfe7cb729fab1381338fbb3fa20fd66f3d5323247f0ff3c27
sha512: 590bdda71a8f63b4099fb52494e25d2513ed85936908558dcf714b4aaf456d5a203024e184327d35371d6d5fa9121cfe5f22869f47872f35a1fa8481c6cdcc7d
ssdeep: 1536:bAqcFccxtOI0m9KSyq4TPSoQYtBgUlTVG9245vWYC3b3QEkKMMiU1aoauY:OFJObKu7tBplT4vWTbgRKMMiU1m9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CFB3CE52F28029E6E1F382B1458F4515E275BCB011F3431FB79D37567EB02729EA2AA3
sha3_384: d446a6223f3c3f51497f491765b4e5d46c8a8eb9bb0c09d51b3025bdc38cacf51418e623b75d0a349aedc4f3b045bfe7
ep_bytes: 558bec6851580000528d97bc74799352
timestamp: 1970-01-01 00:00:00

Version Info:
CompanyName: foobar2000.org
FileDescription: foobar2000
FileVersion: 0.9.2
LegalCopyright: © Peter Pawlowski. All rights reserved.
OriginalFilename: foobar2000_0.9.2.exe
ProductName: foobar2000
Translation: 0x0409 0x0000

TrojanDropper:Win32/Vundo.J also known as:

Bkav	W32.AIDetectMalware
Lionic	Hacktool.Win32.Krap.3!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.IPZ.6
FireEye	Generic.mg.ba83d1491499d19d
McAfee	Generic Obfuscated.g
Malwarebytes	Malware.AI.3020358574
VIPRE	Gen:Heur.IPZ.6
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Hacktool ( 005286a71 )
Alibaba	TrojanDropper:Win32/Vundo.480283b6
K7GW	Hacktool ( 005286a71 )
Cybereason	malicious.91499d
Cyren	W32/Virtumonde.BY.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Kryptik.LYS
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Packed.Win32.Krap.io
BitDefender	Gen:Heur.IPZ.6
Avast	Win32:MalOb-DQ [Cryp]
Emsisoft	Gen:Heur.IPZ.6 (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen
Zillya	Downloader.Mabu.Win32.35
TrendMicro	TROJ_VUNDO.SMEO1
McAfee-GW-Edition	BehavesLike.Win32.Dropper.ch
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
GData	Gen:Heur.IPZ.6
Avira	TR/Crypt.XPACK.Gen
MAX	malware (ai score=98)
Antiy-AVL	Trojan[Packed]/Win32.Krap
Xcitium	TrojWare.Win32.Monder.wt@4fly69
Arcabit	Trojan.IPZ.6
ZoneAlarm	Packed.Win32.Krap.io
Microsoft	TrojanDropper:Win32/Vundo.J
Google	Detected
AhnLab-V3	Trojan/Win32.Vundo.R5628
Acronis	suspicious
ALYac	Gen:Heur.IPZ.6
VBA32	BScope.TrojanDropper.Vundo
Cylance	unsafe
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_VUNDO.SMEO1
Rising	Dropper.Vundo!8.6BA (TFE:5:4P7uS8X0bIF)
Ikarus	Gen.Variant.Vundo
Fortinet	W32/Kryptik.IHN!tr
AVG	Win32:MalOb-DQ [Cryp]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)

How to remove TrojanDropper:Win32/Vundo.J?

TrojanDropper:Win32/Vundo.J removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X