Malware

VirTool:Win32/VBInject.ADQ!bit removal

Malware Removal

The VirTool:Win32/VBInject.ADQ!bit is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What VirTool:Win32/VBInject.ADQ!bit virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine VirTool:Win32/VBInject.ADQ!bit?



File Info:

name: 2EB64F506A87738738D1.mlw
path: /opt/CAPEv2/storage/binaries/4fc2f8cf7dca455600fbfab67105334bc085d22448ba6b389380e9b6f3dd3f7a
crc32: 23DE5604
md5: 2eb64f506a87738738d156846e2a6f4f
sha1: 7e111db1e55ff37c949eb2740649c720a1bcb481
sha256: 4fc2f8cf7dca455600fbfab67105334bc085d22448ba6b389380e9b6f3dd3f7a
sha512: d1defd150a29ede3ad26a146ad7aecfe877703ecf8792dd633f44737710dbe444a274ecccafa1ea56d39bfcc9e3de3c4f92a07541ea67f641573f0927a749de7
ssdeep: 6144:zkIqT2coTb5G7jAqltLTArPt+/NWeIJBw8vvexs/23U:y7abUoqlt4PtsZSBw8v7h
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CEB4F18AE01522DAE35056F207379DAA5FD03C7989B77D0B59B93B2C0B39B59023313B
sha3_384: 40e0269feea912637c2c2a9228f55f3df3e0074470b8a11cff306bec0a6bd41e4b43a1c99f93cc504a45a761ea9de6a1
ep_bytes: 68c46c4700e8eeffffff000000000000
timestamp: 2018-08-07 10:22:02


Version Info:

Translation: 0x0409 0x04b0
CompanyName: Wonderware
ProductName: Armatures
FileVersion: 7.06.0008
ProductVersion: 7.06.0008
InternalName: dagsvrmeren
OriginalFilename: dagsvrmeren.exe

VirTool:Win32/VBInject.ADQ!bit also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
DrWebBackDoor.Remcos.242
MicroWorld-eScanGen:Heur.PonyStealer.Gm2@e4Cjmfpi
ClamAVWin.Dropper.Remcos-9958868-0
McAfeeFareit-FMC!2EB64F506A87
MalwarebytesGeneric.Malware.AI.DDS
SangforSuspicious.Win32.Save.vb
K7AntiVirusTrojan ( 0053a7281 )
K7GWTrojan ( 0053a7281 )
Cybereasonmalicious.1e55ff
BitDefenderThetaGen:NN.ZevbaF.36722.Gm2@a4Cjmfpi
VirITTrojan.Win32.VBPack_Heur
CyrenW32/VBKrypt.DS.gen!Eldorado
SymantecPacked.Generic.603
ESET-NOD32a variant of Win32/Injector.DZUX
CynetMalicious (score: 100)
KasperskyVHO:Backdoor.Win32.Remcos.gen
BitDefenderGen:Heur.PonyStealer.Gm2@e4Cjmfpi
AvastWin32:TrojanX-gen [Trj]
EmsisoftGen:Heur.PonyStealer.Gm2@e4Cjmfpi (B)
F-SecureHeuristic.HEUR/AGEN.1333844
VIPREGen:Heur.PonyStealer.Gm2@e4Cjmfpi
TrendMicroTrojanSpy.Win32.FAREIT.SMA.hp
McAfee-GW-EditionFareit-FMC!2EB64F506A87
FireEyeGeneric.mg.2eb64f506a877387
SophosMal/FareitVB-T
GDataGen:Heur.PonyStealer.Gm2@e4Cjmfpi
AviraHEUR/AGEN.1333844
Antiy-AVLTrojan/Win32.Injector
ArcabitTrojan.PonyStealer.E46CA9
ZoneAlarmVHO:Backdoor.Win32.Remcos.gen
MicrosoftVirTool:Win32/VBInject.ADQ!bit
GoogleDetected
AhnLab-V3Trojan/Win32.Fareit.R236373
ALYacGen:Heur.PonyStealer.Gm2@e4Cjmfpi
MAXmalware (ai score=89)
Cylanceunsafe
PandaTrj/GdSda.A
TrendMicro-HouseCallTrojanSpy.Win32.FAREIT.SMA.hp
RisingBackdoor.Remcos!8.B89E (TFE:dGZlOgQqVuP3eQaC0w)
YandexTrojan.GenAsa!EsdAKupdLmo
SentinelOneStatic AI – Suspicious PE
FortinetW32/GenKryptik.FGZN!tr
AVGWin32:TrojanX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove VirTool:Win32/VBInject.ADQ!bit?

VirTool:Win32/VBInject.ADQ!bit removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment