Categories: Malware

VirTool:Win32/VBInject removal guide

The VirTool:Win32/VBInject is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What VirTool:Win32/VBInject virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
A system process is generating network traffic likely as a result of process injection
Network activity contains more than one unique useragent.
Exhibits possible ransomware file modification behavior
Creates a hidden or system file
Contacts C&C server HTTP check-in (Banking Trojan)
Attempts to modify proxy settings
Creates a copy of itself

Related domains:

rusav1.icu

How to determine VirTool:Win32/VBInject?


File Info:
crc32: FF343BD6md5: 17a1f7e98731df9b74b98accb650d50ename: tt.txtsha1: 64a96c0cfd3884f682b1b56f3e9e1b880849694fsha256: 3ef2a739073edef534d6bbd2c426cf8e2285544d03afe33ce64526f3e5926248sha512: 49ad8edbd470c2fd32a1317288634b6411da106510527117808b3c2eb78685c1ceb69d93eaa2047cabce5bb7da9901a00c10e071f7482d2ee5bb6af231380917ssdeep: 6144:n6Mld0mZO7xKwkN4hzWxXAjHO4aoi8yij67LHMtBhqjeicA:ntlZQxRkN4hyxwbx0ctjbXtype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
LegalCopyright: Copyright xa9.  All rights reserved. OracleInternalName: Crushing Driveclone'sCompanyName: OracleFileDescription: Passmark Sells Pictorial Csv CertcliLegalTrademarks: Copyright xa9.  All rights reserved. OracleComments: Passmark Sells Pictorial Csv CertcliProductName: Crushing Driveclone'sLanguages: EnglishProductVersion: 8.4.48.4PrivateBuild: 8.4.48.4Translation: 0x0409 0x04b0

VirTool:Win32/VBInject also known as:

MicroWorld-eScan	Trojan.GenericKD.32787857
McAfee	RDN/Generic.tfr
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
CrowdStrike	win/malicious_confidence_80% (W)
BitDefender	Trojan.GenericKD.32787857
K7GW	Riskware ( 0040eff71 )
K7AntiVirus	Riskware ( 0040eff71 )
TrendMicro	TROJ_GEN.R002C0PL819
BitDefenderTheta	Gen:NN.ZexaF.33556.tmKfamW3Vdli
Cyren	W32/Trojan.RGRM-4181
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win32/Kryptik.GZIC
APEX	Malicious
Avast	Win32:Trojan-gen
GData	Trojan.GenericKD.32787857
Kaspersky	Trojan.Win32.Fsysna.fyle
NANO-Antivirus	Trojan.Win32.Dwn.gkqqfz
AegisLab	Trojan.Win32.Fsysna.tqXg
Endgame	malicious (moderate confidence)
Sophos	Mal/Generic-S
Comodo	Packed.Win32.MUPX.Gen@24tbus
F-Secure	Trojan.TR/Crypt.XPACK.knbgg
DrWeb	Trojan.DownLoader30.50412
Zillya	Trojan.Fsysna.Win32.19052
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Dropper.fc
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.17a1f7e98731df9b
Emsisoft	Trojan.GenericKD.32787857 (B)
SentinelOne	DFI – Suspicious PE
Jiangmin	Trojan.Fsysna.koi
Webroot	W32.Trojan.Gen
Avira	TR/Crypt.XPACK.knbgg
Antiy-AVL	Trojan/Win32.Fsysna
Microsoft	VirTool:Win32/VBInject
Arcabit	Trojan.Generic.D1F44D91
AhnLab-V3	Malware/Win32.Generic.C3613566
ZoneAlarm	Trojan.Win32.Fsysna.fyle
Acronis	suspicious
VBA32	Trojan.Fsysna
ALYac	Trojan.Agent.Fsysna
MAX	malware (ai score=100)
Ad-Aware	Trojan.GenericKD.32787857
Malwarebytes	Trojan.Renard
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R002C0PL819
Yandex	Trojan.Fsysna!
Ikarus	Trojan-Ransom.GandCrab
Fortinet	W32/Fsysna.EXCTUKW!tr
AVG	Win32:Trojan-gen
Paloalto	generic.ml
Qihoo-360	Win32/Trojan.0ad