Trojan

How to remove “Trojan:Win32/VB.ZZ”?

Malware Removal

The Trojan:Win32/VB.ZZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/VB.ZZ virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)

How to determine Trojan:Win32/VB.ZZ?



File Info:

name: 44C1D6802626E6166C74.mlw
path: /opt/CAPEv2/storage/binaries/ee187f9e8dd100b15a2d8de797a85b83cf0071978d3b7b421a7b236edc326f91
crc32: 2858A1DE
md5: 44c1d6802626e6166c74673440e04061
sha1: 317107fe0108e07f7a7d236d379c60f1319de1bb
sha256: ee187f9e8dd100b15a2d8de797a85b83cf0071978d3b7b421a7b236edc326f91
sha512: a912afd997b63dde4f2036b4b5ae0087f8bb39d6d99dfec7b5b272a1f28f21c53616471dec73b6552abcdbea549ad6965f00d072b0e312d84aed7001cb7e60d1
ssdeep: 3072:+cNzNzNzNzNzNzNzNzNzNzNzNzNzNzNzNzNzNzNzNzNY:e
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15AA4D163F3D0EC19F609EDB74CC912A67A79E75C6E9F41613881DA3ACE2C9405B49F08
sha3_384: 9c441f2c8bef8db35e1188efe51f7ed31cd7f98d5fb8f1dec191f4b3cf7418c3f1a202e2541cf06cc18fbcef9f29ad5a
ep_bytes: 6870114000e8eeffffff000000000000
timestamp: 2009-06-20 17:51:20


Version Info:

Translation: 0x0409 0x04b0
ProductName: uyiy
FileVersion: 2.56.0046
ProductVersion: 2.56.0046
InternalName: 12
OriginalFilename: 12.exe

Trojan:Win32/VB.ZZ also known as:

BkavW32.AIDetect.malware1
tehtrisGeneric.Malware
MicroWorld-eScanGen:Trojan.ProcessHijack.Bm3@aOEk@UoQ
ClamAVWin.Worm.Vobfus-9868171-0
FireEyeGeneric.mg.44c1d6802626e616
McAfeeDownloader-BQX
CylanceUnsafe
VIPREGen:Trojan.ProcessHijack.Bm3@aOEk@UoQ
SangforSuspicious.Win32.Save.vb
K7AntiVirusTrojan ( 000c4c621 )
K7GWTrojan ( 000c4c621 )
CrowdStrikewin/malicious_confidence_100% (D)
VirITTrojan.Win32.Generic.AYGS
CyrenW32/VBTrojan.9!Maximus
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Injector.AGB
APEXMalicious
CynetMalicious (score: 100)
KasperskyWorm.Win32.VBNA.c
BitDefenderGen:Trojan.ProcessHijack.Bm3@aOEk@UoQ
NANO-AntivirusTrojan.Win32.CPEXbased.cplhu
ViRobotTrojan.Win32.A.Zbot.518175
AvastWin32:Inject-ATA [Trj]
TencentMalware.Win32.Gencirc.10bf8db7
Ad-AwareGen:Trojan.ProcessHijack.Bm3@aOEk@UoQ
EmsisoftGen:Trojan.ProcessHijack.Bm3@aOEk@UoQ (B)
ComodoTrojWare.Win32.TrojanDownloader.Agent.BQX0@xonam
DrWebTrojan.Siggen3.14859
ZillyaBackdoor.PePatch.Win32.6049
TrendMicroMal_Repyh
McAfee-GW-EditionBehavesLike.Win32.VBObfus.gc
Trapminemalicious.moderate.ml.score
SophosML/PE-A + Mal/VBDrop-G
SentinelOneStatic AI – Suspicious PE
GDataGen:Trojan.ProcessHijack.Bm3@aOEk@UoQ
AviraTR/Dropper.Gen
MAXmalware (ai score=85)
Antiy-AVLTrojan/Generic.ASMalwS.FC
ArcabitTrojan.ProcessHijack.EC73D5
MicrosoftTrojan:Win32/VB.ZZ
GoogleDetected
AhnLab-V3Worm/Win32.VBNA.R9049
Acronissuspicious
BitDefenderThetaAI:Packer.7C92BF641D
ALYacGen:Trojan.ProcessHijack.Bm3@aOEk@UoQ
VBA32Trojan.VBRA.017719
MalwarebytesMalware.AI.3120830152
TrendMicro-HouseCallMal_Repyh
RisingTrojan.VBInject!1.6541 (CLASSIC)
YandexTrojan.GenAsa!sJu4VoRGR/c
IkarusTrojan-Downloader.Win32.Kaizer
FortinetW32/VBObfus.C!tr
AVGWin32:Inject-ATA [Trj]
Cybereasonmalicious.02626e
PandaGeneric Malware

How to remove Trojan:Win32/VB.ZZ?

Trojan:Win32/VB.ZZ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment