What is "VirTool:Win32/VBInject.AGW"?

The VirTool:Win32/VBInject.AGW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What VirTool:Win32/VBInject.AGW virus can do?

Executable code extraction
Network activity detected but not expressed in API logs
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine VirTool:Win32/VBInject.AGW?


File Info:
crc32: 3FC643A4
md5: 2b5aa4058dc90be599879439514308e0
name: 2B5AA4058DC90BE599879439514308E0.mlw
sha1: 9e7508b7545e696f44b8f46588f612e5e01391e4
sha256: dc2acd5e532375313e23213236a19f7ce4264bb66ec7baa39e31013d304122d5
sha512: 1d49f4d345364c9b7752c11603a9a00d2cf9da5beb8d1ee3f062ea94da7435aa420e360852abe76e46e0793902b7645f4e309f4c530d436dff86549280734d94
ssdeep: 768:xIDvv40bQFMe5xX4qBcwa+373Qc9pgmvH8SH2sJ560aiV8PimrTevv:30Q9rX4qBcwag7t2z0aiV8amrT
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
Translation: 0x0409 0x04b0
InternalName: Romes
FileVersion: 3.07.0016
CompanyName: flasH  
LegalTrademarks: ariation in placental morphology and refers a placenta separated
Comments: ariation in placental morphology and refers a placenta separated
ProductName: BoperJokas
ProductVersion: 3.07.0016
FileDescription: ariation in placental morphology and refers a placenta separated
OriginalFilename: Romes.exe

VirTool:Win32/VBInject.AGW also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.31297399
FireEye	Generic.mg.2b5aa4058dc90be5
CAT-QuickHeal	Trojan.VBCrypt.MF.136
Qihoo-360	Win32/Trojan.Ransom.eec
McAfee	Trojan-FJJV!2B5AA4058DC9
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Shade.j!c
Sangfor	Malware
K7AntiVirus	Trojan ( 00512ddb1 )
BitDefender	Trojan.GenericKD.31297399
K7GW	Trojan ( 00512ddb1 )
Cybereason	malicious.58dc90
BitDefenderTheta	Gen:NN.ZevbaF.34804.hm0@a0Bpys
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Injector.DIUW
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Dropper.Mansabo-6611665-0
Kaspersky	Trojan-Ransom.Win32.Shade.lhr
Alibaba	Ransom:Win32/Shade.363ef25a
NANO-Antivirus	Trojan.Win32.Shade.ejshaa
Rising	Ransom.Shade!8.12CC (TFE:3:rc0CzUCvwLS)
Ad-Aware	Trojan.GenericKD.31297399
Sophos	Mal/Generic-S
Comodo	Malware@#3a954oq2ba0tr
F-Secure	Heuristic.HEUR/AGEN.1123157
DrWeb	Trojan.DownLoader22.63827
Zillya	Trojan.Injector.Win32.590651
TrendMicro	TROJ_VBINJECT_HD200444.UVPM
McAfee-GW-Edition	BehavesLike.Win32.Generic.ct
Emsisoft	Trojan.GenericKD.31297399 (B)
Ikarus	Trojan.Win32.Injector
Jiangmin	Trojan.Shade.dm
Avira	HEUR/AGEN.1123157
MAX	malware (ai score=100)
Antiy-AVL	Trojan[Ransom]/Win32.Shade
Microsoft	VirTool:Win32/VBInject.AGW
Arcabit	Trojan.Generic.D1DD8F77
AhnLab-V3	Trojan/Win32.Androm.C1709478
ZoneAlarm	Trojan-Ransom.Win32.Shade.lhr
GData	Win32.Trojan-Spy.BrickTot.A
Cynet	Malicious (score: 85)
VBA32	Hoax.Shade
ALYac	Trojan.GenericKD.31297399
Malwarebytes	Trojan.Injector
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TROJ_VBINJECT_HD200444.UVPM
Tencent	Malware.Win32.Gencirc.10ba6759
Yandex	Trojan.GenAsa!grxS6JsVJoY
SentinelOne	Static AI – Malicious PE
Fortinet	W32/Injector.DIUW!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_80% (D)

How to remove VirTool:Win32/VBInject.AGW?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “VirTool:Win32/VBInject.AGW”?