Categories: Malware

VirTool:Win32/VBInject!CW removal instruction

The VirTool:Win32/VBInject!CW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What VirTool:Win32/VBInject!CW virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Injection with CreateRemoteThread in a remote process
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
A process created a hidden window
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking
Detects Sandboxie through the presence of a library
Code injection with CreateRemoteThread in a remote process
Sniffs keystrokes
Installs itself for autorun at Windows startup
Creates a hidden or system file
Checks for the presence of known devices from debuggers and forensic tools
Creates known SpyNet mutexes and/or registry changes.
Anomalous binary characteristics

Related domains:

www.server.com

How to determine VirTool:Win32/VBInject!CW?


File Info:
crc32: C2192630md5: 2a10498cc72e9efb41e79473be13fb51name: 2A10498CC72E9EFB41E79473BE13FB51.mlwsha1: eba1832a49350d78bdc494913a14644ed5d15920sha256: fd5c8eea95dba4d2f18644066dced85df589ecb9be04f2078aef9c4109d74eacsha512: 6cb36d9604fb4854edd851bf3123f498386b9cad335d8e777d5e14d84cf1b2969f8071f3d7c1d11e86c7ac4a6ee3f51bf6faf09bdca6d11e4f7dad4830ffca5dssdeep: 6144:TXNe7q3/7S6htCthSlb5Oqpq0Bss9s+v2sT3GPX5rOgoBS9KT2itelv:LES/7S6PCCOAEsFWxSgoc9KT2itelvtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
ProductVersion: 1.00InternalName: Version RewriteFileVersion: 1.00OriginalFilename: Version Rewrite.exeProductName: Microsoft PictureTranslation: 0x0409 0x04b0

VirTool:Win32/VBInject!CW also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
ClamAV	Win.Worm.Carrier-276
FireEye	Generic.mg.2a10498cc72e9efb
CAT-QuickHeal	Trojan.Spesr
McAfee	GenericRXEN-DG!2A10498CC72E
Cylance	Unsafe
VIPRE	LooksLike.Win32.Malware!vb (v)
AegisLab	Trojan.Win32.VB.l4bq
Sangfor	Malware
CrowdStrike	win/malicious_confidence_90% (D)
BitDefender	Gen:Heur.Spesr.VB.1
K7GW	EmailWorm ( 003c363a1 )
K7AntiVirus	EmailWorm ( 003c363a1 )
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Trojan-gen
Cynet	Malicious (score: 100)
Kaspersky	Worm.Win32.Carrier.mj
Alibaba	Worm:Win32/Carrier.ae321f72
NANO-Antivirus	Trojan.Win32.Sdbot.covkxe
ViRobot	Worm.Win32.A.Carrier.393216
MicroWorld-eScan	Gen:Heur.Spesr.VB.1
Ad-Aware	Gen:Heur.Spesr.VB.1
Emsisoft	Gen:Heur.Spesr.VB.1 (B)
Comodo	TrojWare.Win32.VBInject.IK@1qsu2f
DrWeb	BackDoor.IRC.Sdbot.4723
TrendMicro	TROJ_GEN.R002C0DAI21
McAfee-GW-Edition	BehavesLike.Win32.PWSZbot.fc
Sophos	ML/PE-A + Mal/Nyrate-B
Ikarus	Worm.Win32.Carrier
Jiangmin	Worm/Carrier.ud
Avira	TR/Dropper.Gen
MAX	malware (ai score=84)
Antiy-AVL	Worm/Win32.Carrier
Microsoft	VirTool:Win32/VBInject.gen!CW
Arcabit	Trojan.Spesr.VB.1
ZoneAlarm	Worm.Win32.Carrier.mj
GData	Gen:Heur.Spesr.VB.1
AhnLab-V3	Worm/Win32.Carrier.C56702
BitDefenderTheta	AI:Packer.233397301F
ALYac	Gen:Heur.Spesr.VB.1
VBA32	BScope.Trojan.Buzus
Malwarebytes	MachineLearning/Anomalous.100%
Panda	Trj/StartPage.DAW
ESET-NOD32	a variant of Win32/Injector.CRM
TrendMicro-HouseCall	TROJ_GEN.R002C0DAI21
Rising	Trojan.VbUndef!1.99F7 (CLOUD)
Yandex	Trojan.GenAsa!KOemUzLjwY4
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/VBInjector.W!tr
AVG	Win32:Trojan-gen
Cybereason	malicious.cc72e9
Paloalto	generic.ml
Qihoo-360	Malware.Radar01.Gen