Trojan

Trojan:Win32/VB.AHC removal

Malware Removal

The Trojan:Win32/VB.AHC is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/VB.AHC virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Mimics the file times of a Windows system file
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Attempts to modify browser security settings
  • Operates on local firewall’s policies and settings
  • Creates a copy of itself
  • Attempts to disable browser security warnings
  • Created a service that was not started
  • Collects information to fingerprint the system
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

Related domains:

ck4.nucleardiscover.com

How to determine Trojan:Win32/VB.AHC?



File Info:

crc32: 94748C86
md5: e37ba24ad8abc4c734f7d0111116a9b9
name: E37BA24AD8ABC4C734F7D0111116A9B9.mlw
sha1: 59fe9d54c5d5263002db7fbeaae110f74461d11c
sha256: b35165da83fc86fd1e12d20edc5101b1b6a98c4bdf13604eb545442ae72df079
sha512: 4225ecb07acadbc15e98129f9806c7e5cc237050446ab141d1eab1a7ed69d52e4f990c4b888ccdfc175a19207efbce12b72de28de9cf82f77dd43c1cb37be0cc
ssdeep: 1536:p1G0WPOInJjfo+gzuB5SEeMRS71Yirp8jQ7QM:O9JjohzoAEeV72iyYd
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

Translation: 0x0409 0x04b0
InternalName: zNUlqrDL0r3ZK4xOWo81UZ5g8y2cHuNO
FileVersion: 1.00.0001
CompanyName:  
ProductName: nXzUVGPkzDlzkYLiTedp
ProductVersion: 1.00.0001
OriginalFilename: zNUlqrDL0r3ZK4xOWo81UZ5g8y2cHuNO.exe

Trojan:Win32/VB.AHC also known as:

BkavW32.AIDetect.malware1
K7AntiVirusNetWorm ( 700000151 )
Elasticmalicious (high confidence)
DrWebTrojan.MulDrop2.64250
CynetMalicious (score: 100)
ALYacGen:Trojan.Heur.VP.du0baqJJs3ci
MalwarebytesVirut.Virus.FileInfector.DDS
ZillyaWorm.VBNA.Win32.89845
SangforTrojan.Win32.Dropper.Gen
CrowdStrikewin/malicious_confidence_70% (D)
AlibabaRansom:Win32/Blocker.d3d3693a
K7GWNetWorm ( 700000151 )
Cybereasonmalicious.ad8abc
CyrenW32/VB.FI.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.FTT
APEXMalicious
AvastWin32:Virut-AOZ
ClamAVWin.Worm.Vobfus-9849350-0
KasperskyTrojan-Ransom.Win32.Blocker.ivfi
BitDefenderGen:Trojan.Heur.VP.du0baqJJs3ci
NANO-AntivirusTrojan.Win32.Banbra.tffkb
ViRobotTrojan.Win32.A.Banbra.48128.C[ASPack]
SUPERAntiSpywareTrojan.Agent/Gen-Falint[Cont]
MicroWorld-eScanGen:Trojan.Heur.VP.du0baqJJs3ci
TencentWin32.Worm.Vbna.Ajbn
Ad-AwareGen:Trojan.Heur.VP.du0baqJJs3ci
SophosML/PE-A + Mal/VBCheMan-C
ComodoMalware@#9v2733dccmjs
BitDefenderThetaAI:Packer.DF4460DE1F
VIPRELooksLike.Win32.Malware!vb (v)
McAfee-GW-EditionBehavesLike.Win32.Trojan.kc
FireEyeGeneric.mg.e37ba24ad8abc4c7
EmsisoftGen:Trojan.Heur.VP.du0baqJJs3ci (B)
SentinelOneStatic AI – Suspicious PE
JiangminWorm/VBNA.hbjz
WebrootW32.Malware.Gen
AviraTR/Dropper.Gen
eGambitUnsafe.AI_Score_98%
Antiy-AVLTrojan/Generic.ASMalwS.89952
MicrosoftTrojan:Win32/VB.AHC
AegisLabTrojan.Win32.Banbra.7!c
ZoneAlarmWorm.Win32.VBNA.b
GDataGen:Trojan.Heur.VP.du0baqJJs3ci
AhnLab-V3Worm/Win32.WBNA.C66328
McAfeeArtemis!E37BA24AD8AB
MAXmalware (ai score=100)
VBA32Worm.VBNA
PandaBck/Qbot.AO
YandexTrojan.Blocker!9UBRCeS6wEc
IkarusWorm.Win32.VBNA
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Vb!tr
AVGWin32:Virut-AOZ
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.Blocker.Hw0AEpsA

How to remove Trojan:Win32/VB.AHC?

Trojan:Win32/VB.AHC removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment