Malware

Should I remove “VirTool:Win32/VBInject!BW”?

Malware Removal

The VirTool:Win32/VBInject!BW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What VirTool:Win32/VBInject!BW virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)

How to determine VirTool:Win32/VBInject!BW?


File Info:

name: CB06FB892B18C57732F1.mlw
path: /opt/CAPEv2/storage/binaries/d59c79dce06e629409c6b98e77fa110ddd3a80ee20fb185f67b00b06d8f0fee0
crc32: 2E506A29
md5: cb06fb892b18c57732f1a01336e2fed5
sha1: db1823b56d5d653f988b6414e2aaa3872ec25c33
sha256: d59c79dce06e629409c6b98e77fa110ddd3a80ee20fb185f67b00b06d8f0fee0
sha512: c368e693c69b0f7af9e372d0d8f74662ed2866548ddfd728d5706ca390c49d91cdfb930bde1c96944f47d402dacb925c0ead7ca2ec40a2445bbc55f0866d029b
ssdeep: 192:z2tnuYeNkiIM1I6cdGe0F6t6xb0gPrc+7mCrR:2jgImgdGFOg1LrR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EAD16D857B69137AD1CB4B35266066B73D45F840E3AFC79A0DC813A72CA6F505E24F38
sha3_384: dbafdf4885ddadb152f9d899b7e159c84eba60f7dd696e0c23c5daa4226b5ad74e90afd4c38b2c1c4fd3b49147ac6b2b
ep_bytes: 60be006040008dbe00b0ffff5783cdff
timestamp: 2009-11-05 17:51:02

Version Info:

CompanyName: CrypT MachinE
FileDescription: Dr.AdNaN
ProductName: xAVx CrYpTeR
FileVersion: 10.00
ProductVersion: 10.00
InternalName: zmncznc
OriginalFilename: zmncznc.exe
Translation: 0x0409 0x04b0

VirTool:Win32/VBInject!BW also known as:

LionicHeuristic.File.Generic.00×1!p
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Fragtor.114288
ClamAVWin.Trojan.Refroso-600
CAT-QuickHealVirtool.VBInject.E3
McAfeeArtemis!CB06FB892B18
CylanceUnsafe
VIPREGen:Variant.Fragtor.114288
K7AntiVirusTrojan ( 004bbec71 )
AlibabaTrojan:Win32/Refroso.7c9c79cc
K7GWTrojan ( 004bbec71 )
CrowdStrikewin/malicious_confidence_90% (W)
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.ALO
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Refroso.uot
BitDefenderGen:Variant.Fragtor.114288
NANO-AntivirusTrojan.Win32.Bifrose.bxbkmn
AvastWin32:Spyware-gen [Spy]
Ad-AwareGen:Variant.Fragtor.114288
TACHYONBackdoor/W32.Bifrose.6541
SophosMal/VB-EY
ComodoTrojWare.Win32.Spy.Zbot.ACF@1rw8rb
DrWebTrojan.VbCrypt.68
ZillyaBackdoor.Bifrose.Win32.22464
TrendMicroBKDR_BIFROS.SMZL
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.cb06fb892b18c577
EmsisoftGen:Variant.Fragtor.114288 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Fragtor.114288
JiangminBackdoor/Bifrose.rdr
WebrootVir.Tool.Gen
AviraTR/Dldr.Agent.azs
Antiy-AVLTrojan/Generic.ASMalwS.C
ViRobotBackdoor.Win32.Bifrose.23552.I
ZoneAlarmTrojan.Win32.Refroso.uot
MicrosoftVirTool:Win32/VBInject.gen!BW
GoogleDetected
AhnLab-V3Trojan/Win32.Bifrose.R15329
BitDefenderThetaGen:NN.ZevbaCO.34682.amKfaCXG6zii
ALYacGen:Variant.Fragtor.114288
MAXmalware (ai score=94)
VBA32SScope.Trojan.VB.AVx
MalwarebytesMalware.AI.3151166648
TrendMicro-HouseCallBKDR_BIFROS.SMZL
RisingTrojan.Win32.VBInject.abs (CLOUD)
IkarusBackdoor.Win32.Bifrose
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Generic.AP.19A1CC!tr
AVGWin32:Spyware-gen [Spy]
Cybereasonmalicious.92b18c
PandaGeneric Malware

How to remove VirTool:Win32/VBInject!BW?

VirTool:Win32/VBInject!BW removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment