Malware

VirTool:Win32/VBInject.AFJ removal guide

Malware Removal

The VirTool:Win32/VBInject.AFJ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What VirTool:Win32/VBInject.AFJ virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Anomalous binary characteristics

How to determine VirTool:Win32/VBInject.AFJ?



File Info:

name: 8FAECB0B8F9FAB924262.mlw
path: /opt/CAPEv2/storage/binaries/20df8a3028108b0842e3d751323c58e60b1c874e51971109d726402ce5ceaf81
crc32: 25291B5B
md5: 8faecb0b8f9fab924262c43f88e66ea9
sha1: 3e8024ced9acc243086e9677241cf4af8d9a5251
sha256: 20df8a3028108b0842e3d751323c58e60b1c874e51971109d726402ce5ceaf81
sha512: f4961a46de7a3d74586daa1128e77423572187e65204b9bb580335218a9202f716b75aabb90d76196857855b3b1c39b9ee8d14effb088820093ccd67360b691e
ssdeep: 6144:Yl9LeGMC/Gr7QxsNlO1SKmU1fXH15WW5xJmf:QwGTGnjOnmU1XHDWWdo
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DC74CF2B922BDDA2FE974A71EB4689547FB314A88409F73B24842F1F24637DD1D2134E
sha3_384: a3b01edd9920a9bc63a9737ee790eb98bd4f14158604967a2b3c226579f9d77af797375ea4a26301d74d336010ea4710
ep_bytes: 6860974300e8eeffffff000000000000
timestamp: 2015-11-05 17:47:17


Version Info:

Translation: 0x0409 0x04b0
CompanyName: Najmitan, Isc. 
FileDescription: Sestioramen fakoma
ProductName: Ausbissen
FileVersion: 4.03.0007
ProductVersion: 4.03.0007
InternalName: Sestioramen fakoma
OriginalFilename: Sestioramen fakoma.exe

VirTool:Win32/VBInject.AFJ also known as:

BkavW32.AIDetect.malware1
LionicHeuristic.File.Generic.00×1!p
Elasticmalicious (high confidence)
DrWebTrojan.Kovter.119
MicroWorld-eScanGen:Heur.PonyStealer.vm1@ga1eYAki
FireEyeGeneric.mg.8faecb0b8f9fab92
CAT-QuickHealTrojan.VBObfuscator.GN3
McAfeeGenericATG-FCGF!8FAECB0B8F9F
CylanceUnsafe
VIPREGen:Heur.PonyStealer.vm1@ga1eYAki
SangforVISUAL BASIC4
K7AntiVirusTrojan ( 0055e3991 )
AlibabaTrojan:Win32/Kovter.d9e8cb51
K7GWTrojan ( 0055e3991 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZevbaF.34606.vm1@aa1eYAki
VirITTrojan.Win32.Zbot.AJIQ
CyrenW32/S-fbbcccb2!Eldorado
SymantecSMG.Heur!gen
ESET-NOD32a variant of Win32/Injector.CLYA
APEXMalicious
TrendMicro-HouseCallTROJ_KOVTER.SMMO
Paloaltogeneric.ml
ClamAVWin.Trojan.Agent-1356174
KasperskyTrojan.Win32.Kovter.qjg
BitDefenderGen:Heur.PonyStealer.vm1@ga1eYAki
NANO-AntivirusTrojan.Win32.VBKryjetor.dymngf
SUPERAntiSpywareTrojan.Agent/Gen-Dropper
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.10b77651
Ad-AwareGen:Heur.PonyStealer.vm1@ga1eYAki
EmsisoftGen:Heur.PonyStealer.vm1@ga1eYAki (B)
ComodoTrojWare.Win32.VBKryjetor.DA@61q7nz
ZillyaDownloader.Agent.Win32.287192
TrendMicroTROJ_KOVTER.SMMO
McAfee-GW-EditionBehavesLike.Win32.Trojan.fh
Trapminemalicious.high.ml.score
SophosMal/Generic-S + Troj/Kovter-AM
SentinelOneStatic AI – Malicious PE
GDataGen:Heur.PonyStealer.vm1@ga1eYAki
JiangminTrojan.VBKryjetor.cb
WebrootW32.Rogue.Gen
GoogleDetected
AviraHEUR/AGEN.1206967
MAXmalware (ai score=88)
Antiy-AVLTrojan/Generic.ASMalwS.3E20
ViRobotTrojan.Win32.Z.Injector.356386
MicrosoftVirTool:Win32/VBInject.AFJ
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/VBKrypt.RP.X1764
Acronissuspicious
VBA32Trojan.VBKryjetor
ALYacGen:Heur.PonyStealer.vm1@ga1eYAki
MalwarebytesMalware.AI.3168961799
RisingTrojan.Injector!1.B459 (CLASSIC)
YandexTrojan.VBKryjetor!tjqEk62BuHk
IkarusTrojan.Win32.Injector
MaxSecureTrojan.Malware.8879374.susgen
FortinetW32/Injector.CLVS!tr
AVGWin32:Trojan-gen
Cybereasonmalicious.b8f9fa
PandaTrj/Genetic.gen

How to remove VirTool:Win32/VBInject.AFJ?

VirTool:Win32/VBInject.AFJ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment