What is “VB.Heur.EmoDldr.28.B4B6A0F9.Gen”?

Malware Removal

The VB.Heur.EmoDldr.28.B4B6A0F9.Gen is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What VB.Heur.EmoDldr.28.B4B6A0F9.Gen virus can do?

  • The office file contains 2 macros
  • The office file contains a macro with auto execution
  • The office file contains anomalous features
  • The office file contains a macro with suspicious strings

Related domains:

z.whorecord.xyz

How to determine VB.Heur.EmoDldr.28.B4B6A0F9.Gen?


File Info:

crc32: DB41A481
md5: 0ef853e274b2f8b1f70ba1a70f0e600d
name: upload_file
sha1: c84e22a4c2f8c6b57ad4f10061853ff7f3b95903
sha256: 766ede719fc769660d330db275e9e7b2d71972bc03988bf5c414e8c82dacf68c
sha512: 773505654ed87ff3352ec68244f42ff083b3083f6f5ab67020675558864275fdc595b93a9cdcec24de11b962b3c671e46aab2820a825d0e21c596e507e44ea61
ssdeep: 3072:ij6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkefkKvvvUP2wzYW:iHgtEWPsL/aTyT9GkukKv302wzYW
type: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Title: Architecto., Author: Sarah Rodriguez, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Thu Aug 20 08:53:00 2020, Last Saved Time/Date: Thu Aug 20 08:53:00 2020, Number of Pages: 1, Number of Words: 4, Number of Characters: 23, Security: 0

Version Info:

0: [No Data]

VB.Heur.EmoDldr.28.B4B6A0F9.Gen also known as:

Elasticmalicious (high confidence)
ClamAVDoc.Downloader.Emotet-9416473-0
FireEyeVB.Heur.EmoDldr.28.B4B6A0F9.Gen
CAT-QuickHealOLE.Emotet.38799
ALYacTrojan.Downloader.DOC.Gen
AegisLabTrojan.MSOffice.SAgent.4!c
K7AntiVirusTrojan ( 0056c3f41 )
K7GWTrojan ( 0056c3f41 )
InvinceaMal/DocDl-K
CyrenW97M/Downldr.IE.gen!Eldorado
SymantecW97M.Downloader
TrendMicro-HouseCallTrojan.W97M.POWLOAD.TIOIBEMN
AvastSNH:Script [Dropper]
CynetMalicious (score: 85)
KasperskyHEUR:Trojan.MSOffice.SAgent.gen
BitDefenderVB.Heur.EmoDldr.28.B4B6A0F9.Gen
NANO-AntivirusTrojan.Script.Downloader.htfcpy
ViRobotDOC.Z.Agent.243986.A
MicroWorld-eScanVB.Heur.EmoDldr.28.B4B6A0F9.Gen
RisingMalware.ObfusVBA@ML.97 (VBA)
Ad-AwareVB.Heur.EmoDldr.28.B4B6A0F9.Gen
Comodo.UnclassifiedMalware@0
F-SecureMalware.VBA/Dldr.Agent.vezzt
DrWebExploit.Siggen2.25156
TrendMicroTrojan.W97M.POWLOAD.TIOIBEMN
SophosMal/DocDl-K
AviraVBA/Dldr.Agent.vezzt
MAXmalware (ai score=99)
Antiy-AVLTrojan[Downloader]/MSOffice.Agent.ucs
MicrosoftTrojanDownloader:O97M/Emotet!rfn
ArcabitVB.Heur.EmoDldr.28.B4B6A0F9.Gen
ZoneAlarmHEUR:Trojan.MSOffice.SAgent.gen
GDataMacro.Trojan-Downloader.Agent.AUK
AhnLab-V3Downloader/DOC.Emotet.S1285
McAfeeW97M/Downloader.ddv
ZonerProbably Heur.W97Obfuscated
ESET-NOD32VBA/TrojanDownloader.Agent.UCS
TencentHeur.Macro.Generic.h.bb9d4984
YandexTrojan.MacroDown.Gen.TN
IkarusTrojan-Downloader.VBA.Emotet
FortinetVBA/Agent.K!tr.dldr
AVGSNH:Script [Dropper]
Qihoo-360Generic/Trojan.3b4

How to remove VB.Heur.EmoDldr.28.B4B6A0F9.Gen?

VB.Heur.EmoDldr.28.B4B6A0F9.Gen removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment