Categories: Malware

VirTool:Win32/VBInject!LD removal instruction

The VirTool:Win32/VBInject!LD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What VirTool:Win32/VBInject!LD virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Attempts to connect to a dead IP:Port (11 unique times)
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Executed a process and injected code into it, probably while unpacking
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Attempts to modify proxy settings
  • Creates a copy of itself

Related domains:

z.whorecord.xyz
a.tomx.xyz
smtp.live.com
nichedictionary.com
acmepacificrepairs.com
violadagamba.com
goodvaluecenter.com
bigjohnsbeefjerky.com
fanxses.com
xuanxiao.com
woodlandhillwinery.com
fastarchofamerica.com
ryumachi-jp.com
slcago.org
e-shuukyaku.com
debtrescueusa.com
nanfangcw.com
coopsupermarkt.nl
hinnenwiese.de
asj.co.jp
nasz-sklep.pl
perc.ca
theprintinghouseltd.co.uk
coop.nl
marcusgrimes.co.uk
trinity-works.com
teasing-video.com
www.marcusgrimes.co.uk
www.coop.nl
survey-smiles.com
coe.pku.edu.cn
trenpalau.com
bredainternet.nl
appelfarm.org
www.hugedomains.com
penavision.co.in
shipeliteexpress.com
urantiaproject.com
ww1.survey-smiles.com
shakeyspizza.ph
lognetic.com
www.nanfangcw.com
norakuroya.com
www.shakeyspizza.ph
altonhousehotel.com
dbcomponents.com
www.appelfarm.org
audience-web.net
ajdo.net
plus.ba
sun-ele.co.jp
nazcapictures.com
gcs-cpa.com
westhillsstl.org
www.gcs-cpa.com
csmbc.org
nori-k.com
istanbultarim.com.tr
www.istanbultarim.com.tr
mattiussiecologia.com
orion-networks.net
arquiteturadigital.com
fucurxefufg.kz
puzdeobos.kz
covufekmiwu.kz
rideamimals.kz
xoqzeizoh.kz
www.mattiussiecologia.com
enzoyrodrigo.com.br
chocolatecovers.com
redconeretreat.com
mail57.us2.mcsv.net
mojacar-vacaciones.com
doctsf.com
niray.com.cn
www.doctsf.com
al-mawared.com
zeronet.co.jp
capitalcitytuxedo.com
fufkacanj.kz
boqwoqcan.kz
pimwujogru.kz
zandalufdo.kz
jitmebdalm.kz
valuessl.net
ixtractor.com
fabianonline.de
ww7.ixtractor.com
x.ss2.us
d4drmedia.com
ocsp.digicert.com
apps.identrust.com
le-mariage.com
ans-service.com
www.le-mariage.com
mijogqameawe.kz
naxebuffoduw.kz
cocurhagugo.kz
qanleqanlo.kz
baleagawige.kz
easygen.com
genmar.gen.tr
atr-technologies.com
kamaruka.vic.edu.au
biurimex.pl
thedonaldsongroup.com
jeangatz.com
sigmametalsinc.com
theautospas.com
qipimveizihu.kz
peveiheiwor.kz
bicaladqanqo.kz
mowuqogxufxo.kz
fekxealenu.kz
stormwildlifeart.com
x-cellcommunications.de
naijagurus.com
justconnect.co.za
ginalimo.com
graceweb.net
tollefsondesign.com
cbsprinting.com.au
berkshirebusiness.org
malagacorp.com
re-wakefield.co.uk
spiti.org
jeolisixgu.kz
www.spiti.org
voqjuqekh.kz
koqkitvuzx.kz
impex.com.pl
fruitspot.co.za
zeogipoqcan.kz
xiwadvoveomi.kz
leadershipforum.us
crl3.digicert.com
crl4.digicert.com
sgprinting.ca
icigrain.com
www.sgprintinginc.com
steelpennygames.com
xalwimxuf.kz
qekqufvun.kz
heixearuzpid.kz
4pipp.com
dusekkebzeij.kz
qekcalufk.kz
screaminpeach.com
rurduqwec.kz
urayasu.net
badnosquzo.kz
duxixequrha.kz
deazipebfe.kz
jokexuzdulaj.kz
www.theautospas.com
floridadoubled.com
sdlp.ie
palpiwahi.kz
hartmultimedia.com
kitdunixc.kz
zosfalemo.kz
cabooseonline.com
topex.ro
iktus.fr
tavdi.com
www.traderush.com
lubimleamanb.kz
bixlorozad.kz
tutuji-saitama.com
www.iktus.fr
schiedel.it
www.schiedel.com
courtney.ca
www.tutuji-saitama.com
wsipowerontheweb.com
manlizidi.kz
brookfarm.com.au
bufvisosdi.kz
geiqixjog.kz
asterisk.com.sg
christybarry.com
toddpipe.com
bosqequjea.kz
sanvuzsanm.kz
geothermusa.com
fimkepimv.kz
rodeoshow.com.au
telenavis.com
hoqceguqep.kz
woqmitxadn.kz
momonophoto.com
wadjeovahi.kz
kazizankilei.kz
youjoomla.com
beosipebjule.kz
kurcuzufj.kz
mijahoqhaba.kz
curdaqitfa.kz
cekriwani.kz
geodecisions.com
yamamoto-sr.com
kaufthal.com
wacupivufmov.kz
jinimqixqek.kz
ceklanxab.kz
ralnajeaqe.kz
najitjogcosg.kz
hiqufgeigeav.kz
bapasitaramsevatrust.org
fadbixzan.kz
ganqixxuf.kz
paintball.be
nd-evenementiel.com
kacurmifuwil.kz
shs-sales.co.uk
gjk.com.pl
aethora.com
buzzkillmedia.com
golfpark-moossee.ch
espace-hotelier.com
empordalia.com
beanimkur.kz
www.espace-hotelier.com
www.empordalia.com
taykon.com
janheawim.kz
mitvasossa.kz
woqqanmebq.kz
tvndra.net
gamblingonlinemagazine.com
kvadratoff.ru
areafor.com
mastechn.com
murfuvufv.kz
celebikalip.com.tr
photoclubs.com
cksglobal.net
sogkuzreba.kz
www.photoclubs.com
www.cksglobal.net
mogdeilad.kz
joglixreqo.kz
wahitrizufho.kz
theartofhair.com
cevimxesurwi.kz
www.franckprovost.com.au
konishi-hp.com
woqlepuzra.kz
rebxuzpimf.kz
vinoqcosruzl.kz
quffakuko.kz
nekcurnosg.kz
wigitdoqnix.kz
jukurzumoje.kz
pemeadeowoq.kz
voqqirurp.kz
bupibosxico.kz
isrg.trustid.ocsp.identrust.com
dalladpox.kz
fujino-lab.com
starmedia.ca
business-edge.com
padgeapads.kz
bixzaheanu.kz
lakurxuzhiwe.kz
ocsp.globalsign.com
padstow.com
cibeabeifadr.kz
audio-direkt.net
sarahdavid.com
e-kagami.com
www.e-kagami.com
pebxazoko.kz
digpro.se
digpro.com
currancosl.kz
kukogwebbad.kz
robertmcintyre.com.au
kafrit.com
meabofolufd.kz
austriansurfing.at
www.austriansurfing.at
sapimhodoqh.kz
macgregor.co.kr
ronokogrexed.kz
deaxixocog.kz
walixleavoba.kz
authentica-travel.com
minonoxijei.kz
fadgodeaw.kz
ocsp.int-x3.letsencrypt.org
ditdimqug.kz
mitritpaln.kz
nimsekkuz.kz
piganvuqibeo.kz
crl2.alphassl.com
ocsp2.globalsign.com
harehijuseo.kz
ciqejeikebbu.kz
loxeawoqsog.kz
surbimgidu.kz
cekcesimi.kz
nosdawohog.kz
arckepesajandek.hu
djkentaro.com

How to determine VirTool:Win32/VBInject!LD?



File Info:

crc32: CE671BCCmd5: 8a8ac98289e0b8b517e6b11a5dc59a0cname: 8A8AC98289E0B8B517E6B11A5DC59A0C.mlwsha1: 4e9a97ed39b319c1bfebc245b3cbf4ff9a4e009csha256: 2c28c0f953c475863b87e8f95777dfe61b99395a0b4251123163e2ff4fae8e50sha512: 715a17d2bc62b8f1de8aabe898d31eff2bb422b562af66f205ec219f0cad5975dee679d5b1c4bd86e906d15a7bb3917ff1d217199f33353c8be3a1097bb1deabssdeep: 1536:bQxRj7kq83J800R6W0yoRmpElkeQy4I9QrduUykU7VvnDFk8zWGd/OsKSOEfKvDK:bMRX/0FJ4fr8DFk8cSBkOSAlZwajZtype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

Translation: 0x0409 0x04b0InternalName: byteleFileVersion: 2.01CompanyName: loofnbdfeProductName: dfgtyhnjhgfProductVersion: 2.01OriginalFilename: bytele.exe

VirTool:Win32/VBInject!LD also known as:

Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.PWS.Siggen1.10855
MicroWorld-eScan Trojan.Encpk.Gen.4
FireEye Generic.mg.8a8ac98289e0b8b5
CAT-QuickHeal Worm.Gamarue.I3
McAfee PWSZbot-FMF!8A8AC98289E0
Cylance Unsafe
VIPRE Trojan.Win32.Fareit.sr (v)
Sangfor Malware
K7AntiVirus Password-Stealer ( 0040f69f1 )
BitDefender Trojan.Encpk.Gen.4
K7GW Password-Stealer ( 0040f69f1 )
Cybereason malicious.289e0b
TrendMicro TSPY_ZBOT.SMUL
BitDefenderTheta Gen:NN.ZevbaF.34634.im3@ay3p5uji
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Downloader-UPK [Trj]
Rising Trojan.DL.Win32.Wauchos.cc (CLASSIC)
Ad-Aware Trojan.Encpk.Gen.4
Emsisoft Trojan.Encpk.Gen.4 (B)
Comodo TrojWare.Win32.Injector.AQJJ@54nbeb
F-Secure Trojan:W32/Emotet.B
Invincea ML/PE-A + Troj/Agent-ADBJ
McAfee-GW-Edition BehavesLike.Win32.Generic.cc
Sophos Troj/Agent-ADBJ
SentinelOne Static AI – Malicious PE
Jiangmin Trojan/PSW.Fareit.cjf
Webroot W32.Rogue.Gen
Avira HEUR/AGEN.1118219
MAX malware (ai score=89)
Antiy-AVL Trojan[PSW]/Win32.Fareit
Microsoft VirTool:Win32/VBInject.gen!LD
Gridinsoft Malware.Win32.Pack.37229!se
Arcabit Trojan.Encpk.Gen.4
GData Trojan.Encpk.Gen.4
Cynet Malicious (score: 100)
VBA32 TrojanPSW.Fareit
ALYac Trojan.Encpk.Gen.4
Malwarebytes Trojan.Downloader
Panda Trj/Fareit.A
Zoner Trojan.Win32.20075
ESET-NOD32 a variant of Win32/Injector.ARJI
TrendMicro-HouseCall TSPY_ZBOT.SMUL
Tencent Malware.Win32.Gencirc.10c5bf3f
Yandex Trojan.GenAsa!sTWABK0A5Wc
Ikarus Trojan.VB.Inject
Fortinet W32/Injector.ATCM!tr
AVG Win32:Downloader-UPK [Trj]
CrowdStrike win/malicious_confidence_90% (D)
Qihoo-360 HEUR/QVM18.1.44A7.Malware.Gen

How to remove VirTool:Win32/VBInject!LD?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: 4pipp.coma.tomx.xyzacmepacificrepairs.comaethora.comajdo.netal-mawared.comaltonhousehotel.comans-service.comappelfarm.orgapps.identrust.comarckepesajandek.huareafor.comarquiteturadigital.comasj.co.jpasterisk.com.sgatr-technologies.comaudience-web.netaudio-direkt.netaustriansurfing.atauthentica-travel.combadnosquzo.kzbaleagawige.kzbapasitaramsevatrust.orgbeanimkur.kzbeosipebjule.kzberkshirebusiness.orgbicaladqanqo.kzbigjohnsbeefjerky.combiurimex.plbixlorozad.kzbixzaheanu.kzboqwoqcan.kzbosqequjea.kzbredainternet.nlbrookfarm.com.aubufvisosdi.kzbupibosxico.kzbusiness-edge.combuzzkillmedia.combytelecabooseonline.comcapitalcitytuxedo.comcbsprinting.com.aucekcesimi.kzceklanxab.kzcekriwani.kzcelebikalip.com.trcevimxesurwi.kzchocolatecovers.comchristybarry.comcibeabeifadr.kzciqejeikebbu.kzcksglobal.netcocurhagugo.kzcoe.pku.edu.cncoop.nlcoopsupermarkt.nlcourtney.cacovufekmiwu.kzcrl2.alphassl.comcrl3.digicert.comcrl4.digicert.comcsmbc.orgcurdaqitfa.kzcurrancosl.kzd4drmedia.comdalladpox.kzdbcomponents.comdeaxixocog.kzdeazipebfe.kzdebtrescueusa.comdigpro.comdigpro.seditdimqug.kzdjkentaro.comdoctsf.comdusekkebzeij.kzduxixequrha.kze-kagami.come-shuukyaku.comeasygen.comempordalia.comenzoyrodrigo.com.brespace-hotelier.comfabianonline.defadbixzan.kzfadgodeaw.kzfanxses.comfastarchofamerica.comfekxealenu.kzfimkepimv.kzfloridadoubled.comfruitspot.co.zafucurxefufg.kzfufkacanj.kzfujino-lab.comgamblingonlinemagazine.comganqixxuf.kzgcs-cpa.comgeiqixjog.kzgenmar.gen.trgeodecisions.comgeothermusa.comginalimo.comgjk.com.plgolfpark-moossee.chgoodvaluecenter.comgraceweb.netharehijuseo.kzhartmultimedia.comheixearuzpid.kzhinnenwiese.dehiqufgeigeav.kzhoqceguqep.kzicigrain.comiktus.frimpex.com.plisrg.trustid.ocsp.identrust.comistanbultarim.com.trixtractor.comjanheawim.kzjeangatz.comjeolisixgu.kzjinimqixqek.kzjitmebdalm.kzjoglixreqo.kzjokexuzdulaj.kzjukurzumoje.kzjustconnect.co.zakacurmifuwil.kzkafrit.comkamaruka.vic.edu.aukaufthal.comkazizankilei.kzkitdunixc.kzkonishi-hp.comkoqkitvuzx.kzkukogwebbad.kzkurcuzufj.kzkvadratoff.rulakurxuzhiwe.kzle-mariage.comleadershipforum.uslognetic.comloxeawoqsog.kzlubimleamanb.kzmacgregor.co.krmail57.us2.mcsv.netmalagacorp.commanlizidi.kzmarcusgrimes.co.ukmastechn.commattiussiecologia.commeabofolufd.kzmijahoqhaba.kzmijogqameawe.kzminonoxijei.kzmitritpaln.kzmitvasossa.kzmogdeilad.kzmojacar-vacaciones.commomonophoto.commowuqogxufxo.kzmurfuvufv.kznaijagurus.comnajitjogcosg.kznanfangcw.comnasz-sklep.plnaxebuffoduw.kznazcapictures.comnd-evenementiel.comnekcurnosg.kznichedictionary.comnimsekkuz.kzniray.com.cnnorakuroya.comnori-k.comnosdawohog.kzocsp.digicert.comocsp.globalsign.comocsp.int-x3.letsencrypt.orgocsp2.globalsign.comorion-networks.netpadgeapads.kzpadstow.compaintball.bepalpiwahi.kzpebxazoko.kzpemeadeowoq.kzpenavision.co.inperc.capeveiheiwor.kzphotoclubs.compiganvuqibeo.kzpimwujogru.kzplus.bapuzdeobos.kzqanleqanlo.kzqekcalufk.kzqekqufvun.kzqipimveizihu.kzquffakuko.kzralnajeaqe.kzre-wakefield.co.ukrebxuzpimf.kzredconeretreat.comrideamimals.kzrobertmcintyre.com.aurodeoshow.com.auronokogrexed.kzrurduqwec.kzryumachi-jp.comsanvuzsanm.kzsapimhodoqh.kzsarahdavid.comschiedel.itscreaminpeach.comsdlp.iesgprinting.cashakeyspizza.phshipeliteexpress.comshs-sales.co.uksigmametalsinc.comslcago.orgsmtp.live.comsogkuzreba.kzspiti.orgstarmedia.casteelpennygames.comstormwildlifeart.comsun-ele.co.jpsurbimgidu.kzsurvey-smiles.comtavdi.comtaykon.comteasing-video.comtelenavis.comtheartofhair.comtheautospas.comthedonaldsongroup.comtheprintinghouseltd.co.uktoddpipe.comtollefsondesign.comtopex.rotrenpalau.comtrinity-works.comtutuji-saitama.comtvndra.neturantiaproject.comurayasu.netvaluessl.netvinoqcosruzl.kzvioladagamba.comVirTool:Win32/VBInject!LDvoqjuqekh.kzvoqqirurp.kzwacupivufmov.kzwadjeovahi.kzwahitrizufho.kzwalixleavoba.kzwesthillsstl.orgwigitdoqnix.kzwoodlandhillwinery.comwoqlepuzra.kzwoqmitxadn.kzwoqqanmebq.kzwsipowerontheweb.comww1.survey-smiles.comww7.ixtractor.comwww.appelfarm.orgwww.austriansurfing.atwww.cksglobal.netwww.coop.nlwww.doctsf.comwww.e-kagami.comwww.empordalia.comwww.espace-hotelier.comwww.franckprovost.com.auwww.gcs-cpa.comwww.hugedomains.comwww.iktus.frwww.istanbultarim.com.trwww.le-mariage.comwww.marcusgrimes.co.ukwww.mattiussiecologia.comwww.nanfangcw.comwww.photoclubs.comwww.schiedel.comwww.sgprintinginc.comwww.shakeyspizza.phwww.spiti.orgwww.theautospas.comwww.traderush.comwww.tutuji-saitama.comx-cellcommunications.dex.ss2.usxalwimxuf.kzxiwadvoveomi.kzxoqzeizoh.kzxuanxiao.comyamamoto-sr.comyoujoomla.comz.whorecord.xyzzandalufdo.kzzeogipoqcan.kzzeronet.co.jpzosfalemo.kz
3 years ago

Recent Posts

Generic.Malware.SF!dld!.D800E25F information

The Generic.Malware.SF!dld!.D800E25F is considered dangerous by lots of security experts. When this infection is active,…

31 mins ago

Trojan.Generic.35441245 (file analysis)

The Trojan.Generic.35441245 is considered dangerous by lots of security experts. When this infection is active,…

36 mins ago

Generic.Dialer.3F709677 removal instruction

The Generic.Dialer.3F709677 is considered dangerous by lots of security experts. When this infection is active,…

42 mins ago

How to remove “Win32/Klez.H”?

The Win32/Klez.H is considered dangerous by lots of security experts. When this infection is active,…

51 mins ago

Trojan.VBCrypt.MF.139 malicious file

The Trojan.VBCrypt.MF.139 is considered dangerous by lots of security experts. When this infection is active,…

51 mins ago

Malware.AI.1558347307 information

The Malware.AI.1558347307 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago