Trojan:Win32/VB.AHR removal

The Trojan:Win32/VB.AHR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/VB.AHR virus can do?

Executable code extraction
Creates RWX memory
A process attempted to delay the analysis task.
Attempts to connect to a dead IP:Port (5 unique times)
Performs some HTTP requests
Checks for the presence of known windows from debuggers and forensic tools
Installs itself for autorun at Windows startup
Detects VirtualBox through the presence of a registry key
Anomalous binary characteristics

Related domains:

7k5butq58.co.cc

ocsp.comodoca.com

crl.usertrust.com

ocsp.usertrust.com

ocsp.sectigo.com

How to determine Trojan:Win32/VB.AHR?


File Info:
crc32: D1435A58
md5: 5d6ec9dd08fcda47fa67b43f4694e518
name: 5D6EC9DD08FCDA47FA67B43F4694E518.mlw
sha1: f27b72cd9556cc59617a425f2bc12d8f0e4e1a26
sha256: dcd9c0612d9b36d21ed48b04e55e4a542211811d1412a9588e46c642ac20349e
sha512: 7381482c78cac60dc29c24b8f41067456a1f327ae91c4169e95db3faee9cfef18cd5fbcc271a07d9982eba3e78513365889995eb89bc7dc37ed85a41809d3ce0
ssdeep: 384:/TihHK1GvhRDKe6vB0iKZ5qNjKRGsFp/R3JLouuGp6RazaUj+KY9qIQq9H9mmPAp:/WVKIhR2eRi88STR35zzaU7byh3ryI9s
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
Translation: 0x0409 0x04b0
ProductVersion: 1.00
InternalName: rqtabxmhmvwqn
FileVersion: 1.00
OriginalFilename: rqtabxmhmvwqn.exe
ProductName: eyqgrjsupgm

Trojan:Win32/VB.AHR also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Johnnie.85242
FireEye	Generic.mg.5d6ec9dd08fcda47
ALYac	Gen:Variant.Johnnie.85242
Cylance	Unsafe
VIPRE	LooksLike.Win32.Malware!vb (v)
Sangfor	Malware
BitDefender	Gen:Variant.Johnnie.85242
Cybereason	malicious.d08fcd
BitDefenderTheta	Gen:NN.ZevbaF.34804.cm1@a8vCTMni
Cyren	W32/VB.EA.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
TotalDefense	Win32/VBDownloader.B!generic
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan.Win32.Ragterneb.afx
NANO-Antivirus	Trojan.Win32.VB.iktli
ViRobot	Trojan.Win32.A.Ragterneb.32768.E
Tencent	Win32.Trojan.Ragterneb.Sxys
Ad-Aware	Gen:Variant.Johnnie.85242
Sophos	Mal/Generic-R + Mal/VBCheMan-F
Comodo	TrojWare.Win32.TrojanDownloader.VB.PLV@4oyf3x
F-Secure	Trojan.TR/VB.Agent.ahrna
DrWeb	Trojan.Siggen3.44520
Zillya	Downloader.VB.Win32.79374
McAfee-GW-Edition	BehavesLike.Win32.Trojan.nt
Emsisoft	Gen:Variant.Johnnie.85242 (B)
SentinelOne	Static AI – Malicious PE – Downloader
Webroot	W32.Malware.Gen
Avira	TR/VB.Agent.ahrna
Antiy-AVL	Trojan/Win32.Ragterneb
Kingsoft	Win32.Troj.Ragterneb.a.(kcloud)
Microsoft	Trojan:Win32/VB.AHR
Arcabit	Trojan.Johnnie.D14CFA
SUPERAntiSpyware	Trojan.Agent/Gen-Faker[internal]
ZoneAlarm	Trojan.Win32.Ragterneb.afx
GData	Gen:Variant.Johnnie.85242
Cynet	Malicious (score: 85)
AhnLab-V3	Trojan/Win32.ADH.C133891
McAfee	Artemis!5D6EC9DD08FC
MAX	malware (ai score=87)
VBA32	Trojan.Ragterneb
Malwarebytes	Malware.AI.3825920126
Panda	Trj/Genetic.gen
ESET-NOD32	a variant of Win32/TrojanDownloader.VB.PLV
TrendMicro-HouseCall	TROJ_VBDLOADER_0000004.TOMA
Rising	Downloader.VB!8.1EB (TFE:5:4qkAu86fPWK)
Yandex	Trojan.GenAsa!qZOJyxh5CiI
Ikarus	Trojan.VB
eGambit	Unsafe.AI_Score_92%
Fortinet	W32/VBCheMan.A
AVG	Win32:Trojan-gen
Avast	Win32:Trojan-gen
CrowdStrike	win/malicious_confidence_80% (D)
Qihoo-360	Win32/Trojan.Downloader.93c

How to remove Trojan:Win32/VB.AHR?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Trojan:Win32/VB.AHR removal