Malware

VirTool:Win32/VBInject!DM removal

Malware Removal

The VirTool:Win32/VBInject!DM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What VirTool:Win32/VBInject!DM virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • Expresses interest in specific running processes
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Swahili
  • Executed a process and injected code into it, probably while unpacking
  • Detects SunBelt Sandbox through the presence of a library
  • Detects Sandboxie through the presence of a library
  • Code injection with CreateRemoteThread in a remote process
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself
  • Harvests information related to installed mail clients
  • Anomalous binary characteristics

How to determine VirTool:Win32/VBInject!DM?



File Info:

crc32: F86D7A67
md5: cf07d73a6d1c68cf1a6ff25e5c64d70d
name: CF07D73A6D1C68CF1A6FF25E5C64D70D.mlw
sha1: 46db0ab04c902cd8e54a9ac179c38e759b7e6891
sha256: 907eb320819f7006a2f69de07f57dc30779355929abfdac29e4a238729abf25f
sha512: 24ab1dc5c9fd4f91422fbf2227178118ad12220c4929e4b9653f1537c5328ebba6522aab0636fd1f4b4a6d07c0df9397366099e2daac832bc066c548e175f860
ssdeep: 3072:D18Xw+IpnPhjWxG9c4Tt4RnpbYTJhRMCq9tUt2rx6:ylIpnPhjWxG9vlhR3
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

Translation: 0x0409 0x04b0
InternalName: XBFmED
FileVersion: 10.02.0272
CompanyName: NS
ProductName: Qm3RJaOYw
ProductVersion: 10.02.0272
OriginalFilename: XBFmED.exe

VirTool:Win32/VBInject!DM also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 0055e3991 )
Elasticmalicious (high confidence)
DrWebTrojan.Siggen1.41608
CynetMalicious (score: 100)
ALYacGen:Trojan.Heur.ZGY.5
CylanceUnsafe
ZillyaTrojan.Blocker.Win32.34523
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (D)
AlibabaRansom:Win32/Blocker.30848688
K7GWTrojan ( 0055e3991 )
Cybereasonmalicious.a6d1c6
CyrenW32/VBcrypt.T.gen!Eldorado
SymantecW32.IRCBot.NG
ESET-NOD32a variant of Win32/Injector.PIT
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-Ransom.Win32.Blocker.aitj
BitDefenderGen:Trojan.Heur.ZGY.5
NANO-AntivirusTrojan.Win32.Inject.bmsiq
MicroWorld-eScanGen:Trojan.Heur.ZGY.5
TencentMalware.Win32.Gencirc.114bcc9c
Ad-AwareGen:Trojan.Heur.ZGY.5
SophosMal/Generic-S
ComodoTrojWare.Win32.VBInject.IK@1qsu2f
BitDefenderThetaAI:Packer.254A2CEF15
VIPRELooksLike.Win32.Malware!vb (v)
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.cm
FireEyeGeneric.mg.cf07d73a6d1c68cf
EmsisoftGen:Trojan.Heur.ZGY.5 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Blocker.cpa
AviraTR/ATRAPS.Gen
MicrosoftVirTool:Win32/VBInject.gen!DM
AegisLabTrojan.Win32.Blocker.j!c
ZoneAlarmTrojan-Ransom.Win32.Blocker.aitj
GDataGen:Trojan.Heur.ZGY.5
McAfeeArtemis!CF07D73A6D1C
MAXmalware (ai score=100)
VBA32TScope.Trojan.VB
PandaTrj/CI.A
RisingRansom.Blocker!8.12A (CLOUD)
YandexTrojan.GenAsa!ZjL3OdBZCmA
IkarusVirus.Win32.VBInject
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VBInjector.W!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove VirTool:Win32/VBInject!DM?

VirTool:Win32/VBInject!DM removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment