VirTool:Win32/Obfuscator.ACF removal instruction

The VirTool:Win32/Obfuscator.ACF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What VirTool:Win32/Obfuscator.ACF virus can do?

• Behavioural detection: Executable code extraction – unpacking
• SetUnhandledExceptionFilter detected (possible anti-debug)
• Yara rule detections observed from a process memory dump/dropped files/CAPE
• Creates RWX memory
• Possible date expiration check, exits too soon after checking local time
• A process attempted to delay the analysis task.
• Dynamic (imported) function loading detected
• At least one IP Address, Domain, or File Name was found in a crypto call
• Performs HTTP requests potentially not found in PCAP.
• A process created a hidden window
• CAPE extracted potentially suspicious content
• Drops a binary and executes it
• The binary contains an unknown PE section name indicative of packing
• The binary likely contains encrypted or compressed data.
• Authenticode signature is invalid
• Uses Windows utilities for basic functionality
• Code injection with CreateRemoteThread in a remote process
• Deletes its original binary from disk
• Behavioural detection: Injection (inter-process)
• Behavioural detection: Injection with CreateRemoteThread in a remote process
• Created a process from a suspicious location
• Behavior consistent with a dropper attempting to download the next stage.
• Installs itself for autorun at Windows startup
• Creates a hidden or system file
• Attempts to modify proxy settings
• Creates a copy of itself
• Anomalous binary characteristics

How to determine VirTool:Win32/Obfuscator.ACF?

File Info:
name: A36BB85682B932453A2D.mlw
path: /opt/CAPEv2/storage/binaries/b421e397d2da6f64176d40c1a64075527f200c6293be6c6e0205e0b05292c006
crc32: 630603FC
md5: a36bb85682b932453a2dc53791512fd6
sha1: 56e2c0d3403d05fa7536fd7a1c41fc2bfbec8633
sha256: b421e397d2da6f64176d40c1a64075527f200c6293be6c6e0205e0b05292c006
sha512: 020683562a3a4e9079ed1a77e092ae1c7a9eaada9173349ff90b55d87c1e6341dd5444ebb6b6989a63958926cc8e46a9a07c3ed34bb218f21ba0727a2bacb8d9
ssdeep: 3072:v7Z8Y04LPc4sWQVMYmD9U7281nW1xOuTq:vKxTVcDqK8Qeu+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F4A3C003BAC1206DD4B884761EF67A4354EFEA8D5231127F1E8616D86FE27039FF2586
sha3_384: 3eb21db1c01c1f02fc7271f7235d1ad22a16fee30095f7ad99e304046027cc20eb510ebe2ef7fd1d201c8b98d4664922
ep_bytes: 558bec83ec2c5357566a006880000000
timestamp: 1995-05-28 18:17:04

Version Info:
FileDescription: Vba32Activation
LegalCopyright: VirusBlokAda Ltd.  All rights reserved.
InternalName: Vba32Activation.exe
ProductName: Vba32Activation
CompanyName: WestByte
FileVersion: 5.9.5.3
ProductVersion: 8.1.2.9
Translation: 0x0409 0x0000

VirTool:Win32/Obfuscator.ACF also known as:

How to remove VirTool:Win32/Obfuscator.ACF?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.