Malware

Should I remove “W32/Autorun-BXQ”?

Malware Removal

The W32/Autorun-BXQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What W32/Autorun-BXQ virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Attempts to disable Windows Auto Updates
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine W32/Autorun-BXQ?


File Info:

name: 27A5410D8C47D9E731BB.mlw
path: /opt/CAPEv2/storage/binaries/8e659fdedbed8177dd2cd3e600841c16fc02981ab8c94695f3c5e42f8bcae04a
crc32: EEEC3458
md5: 27a5410d8c47d9e731bbf8ddf676e633
sha1: 2a67425ffb2c6634fe589a506d6f0abff9985d4f
sha256: 8e659fdedbed8177dd2cd3e600841c16fc02981ab8c94695f3c5e42f8bcae04a
sha512: 870e7802d74900d5ad0f5e867c0869a53cc8aea3cc7af9183f8050676c4f8913ca6b47abd6d87381729e2e0ec2739247dd4da9ed44d4afeb61114ef5148000a0
ssdeep: 6144:CaczznqtrZjQCBBvfmge2uXOyDDaX66UEbuGHAceNEFKLrLRKD7ucfnxh4B7yCJ4:CaYnqtti9K5CooEeOniot
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18E54911E7221EB38E43695F2208C03A551EC9977E4DB285FEBCBAA0936F0D976534743
sha3_384: f5c279932b1e60f2c20b6e1fa3247d98599050316601a11c7bbdd75a7b3922c9b087f244a942468a3545641087f3b9be
ep_bytes: 6854484000e8f0ffffff000000000000
timestamp: 2012-06-12 15:41:20

Version Info:

Translation: 0x0409 0x04b0
Comments: Smirkle
CompanyName: facioscapulohumeral Crowbar
FileDescription: prominent mahar sputiamo
LegalCopyright: dentinoblast Hunkerousness Rutch
LegalTrademarks: bleachhouse traverso gaspar
ProductName: flamboyantly unseam
FileVersion: 8.04
ProductVersion: 8.04
InternalName: brklpzhiuxyq
OriginalFilename: brklpzhiuxyq.exe

W32/Autorun-BXQ also known as:

BkavW32.AIDetectMalware
LionicWorm.Win32.WBNA.ljnn
MicroWorld-eScanGen:Variant.Sirefef.679
FireEyeGeneric.mg.27a5410d8c47d9e7
CAT-QuickHealTrojan.Beebone.D
SkyhighBehavesLike.Win32.VBObfus.dh
ALYacGen:Variant.Sirefef.679
Cylanceunsafe
ZillyaWorm.Vobfus.Win32.1515984
SangforSuspicious.Win32.Save.vb
AlibabaWorm:Win32/Vobfus.d1442b79
K7GWEmailWorm ( 0054d10f1 )
K7AntiVirusEmailWorm ( 0054d10f1 )
BitDefenderThetaGen:NN.ZevbaF.36804.sm0@a8@j2Pci
VirITWorm.Win32.Generic.CCUJ
SymantecW32.Changeup!gen35
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/AutoRun.VB.AQW
APEXMalicious
AvastWin32:Evo-gen [Trj]
ClamAVWin.Trojan.Changeup-6169544-0
KasperskyWorm.Win32.Vobfus.erof
BitDefenderGen:Variant.Sirefef.679
NANO-AntivirusTrojan.Win32.WBNA.covkuw
ViRobotTrojan.Win32.A.Diple.299008.BAT
TencentWorm.Win32.Vobfus.n
SophosW32/Autorun-BXQ
BaiduWin32.Worm.Pronny.d
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.VbCrypt.81
VIPREGen:Variant.Sirefef.679
TrendMicroWORM_VOBFUS.SMJO
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Sirefef.679 (B)
Paloaltogeneric.ml
MAXmalware (ai score=81)
GDataGen:Variant.Sirefef.679
JiangminWorm.Vobfus.qzgl
WebrootTrojan.Win32.Diple
GoogleDetected
AviraTR/Dropper.Gen
VaristW32/Vobfus.BE.gen!Eldorado
Antiy-AVLWorm/Win32.WBNA.gen
KingsoftWin32.Worm.Vobfus.erof
XcitiumWorm.Win32.Pronny.AK@4ogvoo
ArcabitTrojan.Sirefef.679
ZoneAlarmWorm.Win32.Vobfus.erof
MicrosoftWorm:Win32/Vobfus
CynetMalicious (score: 100)
AhnLab-V3Worm/Win32.WBNA.R27996
Acronissuspicious
McAfeeVBObfus.el
VBA32Malware-Cryptor.VB.gen
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_VOBFUS.SMJO
RisingWorm.VobfusEx!1.99DB (CLASSIC)
YandexTrojan.GenAsa!UvgZGdZJFQU
IkarusWorm.Win32.Vobfus
MaxSecureTrojan.W32.Diple.fjsw
FortinetW32/VBKrypt.C!tr
AVGWin32:Evo-gen [Trj]
DeepInstinctMALICIOUS
alibabacloudWorm:Win/Vobfus.erof

How to remove W32/Autorun-BXQ?

W32/Autorun-BXQ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment