Malware

Win32/AutoRun.VB.ALG information

Malware Removal

The Win32/AutoRun.VB.ALG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/AutoRun.VB.ALG virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded pe malware family
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/AutoRun.VB.ALG?



File Info:

name: D63C26D2517735B044D7.mlw
path: /opt/CAPEv2/storage/binaries/786a3bdbab5123ee0195fc46f5461dc1733e79ce61a8255c979daff3876515c5
crc32: F0403786
md5: d63c26d2517735b044d7c3b056aba04d
sha1: 4d31a463632a825a53a6fbe389a0cabe6364b3dc
sha256: 786a3bdbab5123ee0195fc46f5461dc1733e79ce61a8255c979daff3876515c5
sha512: 6eac5d79a4a5f44935e20aae306823ae7bd0c75829e8bc4212448bb468a64d7dbeaa912344e498b3dc16a87ec51c05011391c04228164755d71ee787ad411af9
ssdeep: 3072:bvo0kJNEdu3kSESulCVRgQPwU3MppI1zePMThBI4oQZiEaws:joau3ESul9LI1zeEheWE
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B8F3832A7781E23EC825C6F4392A43A4947DEC3621DA7C17F7C15B15B2F1DABA220753
sha3_384: 29d427f7f172745d4d5f296b4cf3e7eccecdc6de285e2c53ea674599fc2d497bb515118e72839019bcd1ba06d484517a
ep_bytes: 68dc394000e8f0ffffff000000000000
timestamp: 2011-09-08 04:59:48


Version Info:

Translation: 0x0409 0x04b0
ProductName: vNNWecMvVGoiqgO
FileVersion: 1.00
ProductVersion: 1.00
InternalName: JJgzUTcJTYTJBuZrqU
OriginalFilename: JJgzUTcJTYTJBuZrqU.exe

Win32/AutoRun.VB.ALG also known as:

BkavW32.AIDetectMalware
AVGWin32:VB-YCO [Trj]
tehtrisGeneric.Malware
MicroWorld-eScanGen:Heur.Conjar.1
FireEyeGeneric.mg.d63c26d2517735b0
CAT-QuickHealTrojan.Vobfus.gen
SkyhighBehavesLike.Win32.VBObfus.cm
McAfeeVBObfus.bb
Cylanceunsafe
SangforSuspicious.Win32.Save.vb
K7AntiVirusEmailWorm ( 0054d10f1 )
AlibabaMalware:Win32/km_2ff3a.None
K7GWEmailWorm ( 0054d10f1 )
Cybereasonmalicious.251773
BitDefenderThetaAI:Packer.EE83060C20
VirITWorm.Win32.Generic.AYUC
SymantecW32.Changeup!gen15
Elasticmalicious (high confidence)
ESET-NOD32Win32/AutoRun.VB.ALG
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Worm.VB-1578
KasperskyWorm.Win32.Vobfus.eflc
BitDefenderGen:Heur.Conjar.1
NANO-AntivirusTrojan.Win32.WBNA.cqkybs
SUPERAntiSpywareTrojan.Agent/Gen-Vobfus
AvastWin32:VB-YCO [Trj]
TencentTrojan.Win32.Koobface.p
TACHYONWorm/W32.Vobfus.159744.J
EmsisoftGen:Heur.Conjar.1 (B)
BaiduWin32.Worm.Pronny.d
F-SecureWorm.WORM/VBNA.azrc
DrWebTrojan.VbCrypt.60
VIPREGen:Heur.Conjar.1
TrendMicroWORM_VOBFUS.SMAC
Trapminemalicious.moderate.ml.score
SophosMal/VB-ABH
IkarusWorm.Win32.WBNA
WebrootW32.Trojan.Diple.Gen
VaristW32/Vobfus.V.gen!Eldorado
AviraWORM/VBNA.azrc
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.1000
MicrosoftWorm:Win32/Autorun
XcitiumTrojWare.Win32.VB.AVA@4paxk7
ArcabitTrojan.Conjar.1
ZoneAlarmWorm.Win32.Vobfus.eflc
GDataGen:Heur.Conjar.1
GoogleDetected
AhnLab-V3Trojan/Win32.Diple.R13793
Acronissuspicious
VBA32BScope.Trojan.Diple
MAXmalware (ai score=81)
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_VOBFUS.SMAC
RisingWorm.Vobfus!1.99C7 (CLASSIC)
YandexTrojan.GenAsa!LnCKraEN0GM
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VBKrypt.C!tr
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Win32/AutoRun.VB.ALG?

Win32/AutoRun.VB.ALG removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment