Malware

Vundo.6 (B) removal

Malware Removal

The Vundo.6 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Vundo.6 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Vundo.6 (B)?



File Info:

name: 36C6E1625C35AF6ABB4B.mlw
path: /opt/CAPEv2/storage/binaries/295741888fa3cb0959bd74af522707e1739ccda338829b1e9cca82902a6a65cf
crc32: 95BB9E17
md5: 36c6e1625c35af6abb4b74e230ccc05c
sha1: 57a23e42430bb09d2ca8778e2e34904e69024fea
sha256: 295741888fa3cb0959bd74af522707e1739ccda338829b1e9cca82902a6a65cf
sha512: 71c69bf5cfcd4bdd0e4c1b5de1e96cffbc78b6cb736aef234a42970869413003ceac0cde35f95cdda6a04b0ab5704fafe07e35f7f88d95a53320df437a851b1c
ssdeep: 49152:9KqV09n5POdXK0oorYZaMGH4PjbxUrJRXb3kf6Y92r/Z2rEsnlrX8TjFJspDLoVa:9ZVCgPST/xUDrkjMr/04sVXSFJspDLOa
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FCD522066790CEA1F25FD17247E0AF3476732A203733CA4A6A4855381BF5E5FFBA1186
sha3_384: 32bfcc003d98e8d468c5a8867dcf9c9a423b7391a82ab1f9333ec278561ef993a44361ca5adfe461d063a9a7a13781c1
ep_bytes: 558bec6aff68f8204000685018400064
timestamp: 2012-08-29 06:22:26


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Hotfix Package
FileVersion: 1
InternalName: SFXCAB.EXE
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: SFXCAB.EXE
ProductName: Windows Server 2003 Family
ProductVersion: 6.2.0029.0
Build Date: 2005/11/23
Applies to: Windows Server 2003 Service Pack 1
Installation Type: Full
Installer Version: 6.2.29.0
Installer Engine: update.exe
KB Article Number: 910906
Support Link: http://support.microsoft.com?kbid=910906
Package Type: Hotfix
Proc. Architecture: x86
Self-Extractor Version: SFXCAB v6.2.29.0
Translation: 0x0804 0x04b0

Vundo.6 (B) also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
DrWebTrojan.Inject2.58694
CynetMalicious (score: 100)
CAT-QuickHealTrojanToga.MUE.R9
McAfeePWSZbot-FIB!36C6E1625C35
MalwarebytesGeneric.Malware.AI.DDS
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 003dc1641 )
K7GWTrojan ( 003dc1641 )
Cybereasonmalicious.25c35a
CyrenW32/S-24f4c04b!Eldorado
SymantecW32.Faedevour!inf
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/TrojanDropper.Agent.PYF
APEXMalicious
ClamAVWin.Malware.Bzub-9969513-0
KasperskyBackdoor.Win32.Androm.qxe
BitDefenderGen:Variant.Vundo.6
NANO-AntivirusTrojan.Win32.Androm.ctymsi
MicroWorld-eScanGen:Variant.Vundo.6
AvastWin32:Zbot-THZ [Trj]
TencentBackdoor.Win32.Androm.qxe
EmsisoftGen:Variant.Vundo.6 (B)
F-SecureTrojan.TR/Dropper.Gen
BaiduWin32.Trojan-Dropper.Injector.f
VIPREGen:Variant.Vundo.6
McAfee-GW-EditionPWSZbot-FIB!36C6E1625C35
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.36c6e1625c35af6a
SophosTroj/Mdrop-JIJ
SentinelOneStatic AI – Suspicious PE
GDataWin32.Trojan.PSE.10YPZ2S
JiangminTrojanDropper.Daws.byh
AviraTR/Dropper.Gen
MAXmalware (ai score=86)
Antiy-AVLTrojan[Backdoor]/Win32.Androm.qxe
XcitiumTrojWare.Win32.Toga.PYF@7g9q1h
ArcabitTrojan.Vundo.6
ViRobotWin32.Daws.B
ZoneAlarmBackdoor.Win32.Androm.qxe
MicrosoftTrojan:Win32/Sabsik.TE.B!ml
GoogleDetected
AhnLab-V3Trojan/Win32.Androm.C975497
VBA32BScope.Trojan.Autoit
ALYacGen:Variant.Vundo.6
Cylanceunsafe
PandaTrj/Genetic.gen
RisingDropper.Agent!1.AF79 (CLASSIC)
YandexTrojan.GenAsa!zFH4sqyAwHU
IkarusBackdoor.Win32.Androm
MaxSecureTrojan.WIN32.msil.pse.1jjgixk_223201
FortinetW32/Agent.PYF!tr
AVGWin32:Zbot-THZ [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Vundo.6 (B)?

Vundo.6 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment