Categories: Malware

VirTool:Win32/Obfuscator.ACG removal

The VirTool:Win32/Obfuscator.ACG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What VirTool:Win32/Obfuscator.ACG virus can do?

Executable code extraction
Creates RWX memory
The binary likely contains encrypted or compressed data.
Network activity detected but not expressed in API logs
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine VirTool:Win32/Obfuscator.ACG?


File Info:
crc32: 7EB5694Cmd5: f84178426ab688ea35ec4d96d18537f9name: F84178426AB688EA35EC4D96D18537F9.mlwsha1: 843f429035cf7196669e79303de716d94e550794sha256: d0aae118322c403d6a52fbb53efea03f654720b67a827055d55e76e1b0dcfa86sha512: 80031b9f3b0a125bf088229b08deb23b6b0f929e8317cf72c40e0b30a4202a1f8f90a3d2e64aec43de174bd9c960d28d59c5df40b90dbc22a37f2836291c7499ssdeep: 1536:+Y+0+Vm+1tNokDhqiF6que7ODDfQo5pIaOgfL1W+htoeCBd3hYp7vsT9H8NI3d:5+91HF6OOfPIaOg1oho7ERcmttype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: xa9 Microsoft Corporation. All rights reserved.InternalName: explorerFileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)CompanyName: Microsoft CorporationProductName: Microsoftxae Windowsxae Operating SystemProductVersion: 6.1.7601.17514FileDescription: Windows ExplorerOriginalFilename: EXPLORER.EXETranslation: 0x0409 0x04b0

VirTool:Win32/Obfuscator.ACG also known as:

K7AntiVirus	EmailWorm ( 003247681 )
Lionic	Trojan.Win32.Generic.lz48
Elastic	malicious (high confidence)
DrWeb	BackDoor.IRC.NgrBot.42
MicroWorld-eScan	Gen:Variant.Razy.630038
CAT-QuickHeal	Worm.Gamarue.B
ALYac	Gen:Variant.Razy.630038
Cylance	Unsafe
Zillya	Trojan.PornoAsset.Win32.6597
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	VirTool:Win32/Obfuscator.78aebf3f
K7GW	EmailWorm ( 003247681 )
Cybereason	malicious.26ab68
Cyren	W32/Falab.F.gen!Eldorado
Symantec	W32.IRCBot.NG
ESET-NOD32	Win32/Dorkbot.B
APEX	Malicious
Avast	Win32:Crypt-NZR [Trj]
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Razy.630038
NANO-Antivirus	Trojan.Win32.NgrBot.crgzxx
ViRobot	Trojan.Win32.A.PornoAsset.97280.R
Tencent	Malware.Win32.Gencirc.114d6399
Ad-Aware	Gen:Variant.Razy.630038
Sophos	ML/PE-A + Mal/ZboCheMan-D
Comodo	TrojWare.Win32.Kryptik.NEGB@4ri728
BitDefenderTheta	Gen:NN.ZexaF.34266.fSW@a8Kl8Hmi
VIPRE	LooksLike.Win32.ZboCheman.a (v)
TrendMicro	WORM_DORKBOT.IF
McAfee-GW-Edition	BehavesLike.Win32.Vundo.nc
FireEye	Generic.mg.f84178426ab688ea
Emsisoft	Gen:Variant.Razy.630038 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan/PornoAsset.gvz
Webroot	W32.Malware.Gen
Avira	TR/Obfuscate.acgmo
Antiy-AVL	Trojan/Generic.ASMalwS.141B98
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	VirTool:Win32/Obfuscator.ACG
Arcabit	Trojan.Razy.D99D16
SUPERAntiSpyware	Trojan.Agent/Gen-Dofoil
GData	Gen:Variant.Razy.630038
TACHYON	Trojan/W32.PornoAsset.97280
AhnLab-V3	Trojan/Win32.PornoAsset.R39927
Acronis	suspicious
McAfee	PWS-Zbot.gen.anq
MAX	malware (ai score=94)
VBA32	BScope.Trojan.Downloader
Malwarebytes	Trojan.Agent
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	WORM_DORKBOT.IF
Rising	Trojan.Generic@ML.100 (RDML:RbVltyTvMMSFXGLw30Md1A)
Ikarus	Worm.Win32.Cridex
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/ZeroAccess.B!tr
AVG	Win32:Crypt-NZR [Trj]
Paloalto	generic.ml