Malware

Should I remove “VBInject.4”?

Malware Removal

The VBInject.4 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What VBInject.4 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Divehi
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Anomalous binary characteristics

How to determine VBInject.4?


File Info:

name: D5AA2DBEC14A5CA3E5C1.mlw
path: /opt/CAPEv2/storage/binaries/79e32ed5b8a2d0bd3511f10172b12c204ef5feecaf1b753d1c438c462b58a8fc
crc32: C9BB9283
md5: d5aa2dbec14a5ca3e5c19cea1a94d0ff
sha1: f513480226b993cbcd01f04107361b2576d95282
sha256: 79e32ed5b8a2d0bd3511f10172b12c204ef5feecaf1b753d1c438c462b58a8fc
sha512: 6e6f476d155ab9c3a8d3ea9c15d6fb319338ea46949600906620d87951f1f04d2ec7934ac5b8efc80461c1b0d611fac6368482cf4b07b6b96ff58935da0a236d
ssdeep: 1536:rW0uLeM8v/q291NR7HVAQCUwljFf+NW49:rWhLA1NRjVAjtls
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T135832B1EE69F0C2AD60487F459631AE80F3EA843654F072B6B189528BD58E3BDDD3473
sha3_384: 76b5bb5d66d2d20c8417861612f45368bd6952efa537327e944448e1deb2992ae7578d512ec9f1df4e01d6f82b8b8ac2
ep_bytes: 6898114000e8eeffffff000000000000
timestamp: 2010-10-21 21:15:42

Version Info:

Translation: 0x0409 0x04b0
CompanyName: QhTXxY
ProductName: LihJqI
FileVersion: 4.04
ProductVersion: 4.04
InternalName: LihJqI
OriginalFilename: LihJqI.exe

VBInject.4 also known as:

BkavW32.Common.798A0E1A
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.VBInject.4
ClamAVWin.Trojan.Swizzor-33208
FireEyeGeneric.mg.d5aa2dbec14a5ca3
CAT-QuickHealTrojan.Jorik.gp3
ALYacGen:Variant.VBInject.4
CylanceUnsafe
VIPREGen:Variant.VBInject.4
AlibabaTrojan:Win32/VBKrypt.da26af44
Cybereasonmalicious.ec14a5
VirITTrojan.Win32.Generic.BLXQ
CyrenW32/Swizzor-based!Maximus
SymantecW32.Pilleuz
ESET-NOD32IRC/SdBot
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.VBKrypt.vobh
BitDefenderGen:Variant.VBInject.4
NANO-AntivirusTrojan.Win32.Jorik.bfbrmv
TencentWin32.Trojan.Vbkrypt.Rqil
Ad-AwareGen:Variant.VBInject.4
ComodoSuspicious@#2eyef0ktqck1g
DrWebTrojan.Spambot.9106
ZillyaTrojan.Jorik.Win32.1979
TrendMicroTROJ_JORIK.AR
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.VBInject.4 (B)
SentinelOneStatic AI – Malicious PE
WebrootW32.Malware.Gen
AviraTR/SpamBot.Q
Antiy-AVLTrojan/Generic.ASMalwS.4EA
KingsoftWin32.Troj.IRC.sd.(kcloud)
ArcabitTrojan.VBInject.4
GDataGen:Variant.VBInject.4
GoogleDetected
AhnLab-V3Dropper/Win32.VB.R2461
BitDefenderThetaGen:NN.ZevbaF.34682.fm0@aWz0rTgO
MAXmalware (ai score=100)
VBA32SScope.Trojan.VB.01040
MalwarebytesCambot.Worm.Keylogger.DDS
TrendMicro-HouseCallTROJ_JORIK.AR
RisingSpyware.Zbot!8.16B (TFE:5:Rq8I0ky9rkC)
YandexTrojan.GenAsa!kdFOjsvxKZw
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.VOX!tr
PandaW32/P2PWorm.HO.worm
CrowdStrikewin/malicious_confidence_100% (W)

How to remove VBInject.4?

VBInject.4 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment