Malware

Win32/AutoRun.VB.ANF removal

Malware Removal

The Win32/AutoRun.VB.ANF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/AutoRun.VB.ANF virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Win32/AutoRun.VB.ANF?



File Info:

name: 8842AF1BAF35A74AC36B.mlw
path: /opt/CAPEv2/storage/binaries/df4dadffb1428a49864640b15bfc9e199141456b44821b3d10fb2260096f8485
crc32: 13E9A712
md5: 8842af1baf35a74ac36beecf44b40c66
sha1: 9c34152e2a2f5c812763d37478ce2cd5c04d1146
sha256: df4dadffb1428a49864640b15bfc9e199141456b44821b3d10fb2260096f8485
sha512: a961464ddb0071b1a62b3f1f79c96170d9484f6dbf934399d26779315b42bf1c4d7b0c92f9ae0b6a662530da5ca03ee5c32e1865a260169dfd518e068f1c9a89
ssdeep: 6144:IYX9pYGCleWt3LFCmwg1HGTs7mObLLWtXi3TqWsH:IGd+mTs7lLLuXig
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19274F636A2A0E75AD815CAF0385E875080399CB534F16B13FACC7A9577B0D8BE227357
sha3_384: f01d4233eb4ea56f93cfd65e5ee2e269557b7147a4895becfe5548f81a4866e9a18dbdc12d9e83c30ad92b3cdbbe91a8
ep_bytes: 68483c4000e8f0ffffff000000000000
timestamp: 2011-10-06 15:04:10


Version Info:

Translation: 0x0409 0x04b0
ProductName: NSpyjv
FileVersion: 1.00
ProductVersion: 1.00
InternalName: DblRPl
OriginalFilename: DblRPl.exe

Win32/AutoRun.VB.ANF also known as:

BkavW32.AIDetectMalware
LionicWorm.Win32.Vobfus.o!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Heur.PonyStealer.MLT.1
CAT-QuickHealTrojan.Vobfus.gen
SkyhighBehavesLike.Win32.VBObfus.fm
McAfeeVBObfus.l
MalwarebytesGeneric.Malware.AI.DDS
SangforSuspicious.Win32.Save.vb
K7AntiVirusEmailWorm ( 0054d10f1 )
AlibabaMalware:Win32/km_2ffb3.None
K7GWEmailWorm ( 0054d10f1 )
Cybereasonmalicious.baf35a
BaiduWin32.Trojan.Inject.n
VirITWorm.Win32.Generic.BAKH
SymantecW32.Changeup
Elasticmalicious (high confidence)
ESET-NOD32Win32/AutoRun.VB.ANF
APEXMalicious
TrendMicro-HouseCallWORM_VOBFUS.SMAC
ClamAVWin.Trojan.VB-1431
KasperskyWorm.Win32.VBNA.axzi
BitDefenderGen:Heur.PonyStealer.MLT.1
NANO-AntivirusTrojan.Win32.VB.coonfm
SUPERAntiSpywareTrojan.Agent/Gen-Vobfus
AvastWin32:VB-YXK [Trj]
TencentTrojan.Win32.Koobface.p
TACHYONWorm/W32.VBNA.344064
EmsisoftGen:Heur.PonyStealer.MLT.1 (B)
F-SecureWorm.WORM/Vobfus.nasm
DrWebTrojan.VbCrypt.77
VIPREGen:Heur.PonyStealer.MLT.1
TrendMicroWORM_VOBFUS.SMAC
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.8842af1baf35a74a
SophosMal/SillyFDC-I
IkarusWorm.Win32.WBNA
GoogleDetected
AviraWORM/Vobfus.nasm
VaristW32/Vobfus.Z.gen!Eldorado
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.995
MicrosoftWorm:Win32/Vobfus!pz
XcitiumTrojWare.Win32.VB.AVA@4paxk7
ArcabitTrojan.PonyStealer.MLT.1
ZoneAlarmWorm.Win32.VBNA.axzi
GDataGen:Heur.PonyStealer.MLT.1
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Diple.R13793
Acronissuspicious
VBA32Trojan.Varydrop.1322
MAXmalware (ai score=85)
Cylanceunsafe
PandaTrj/Genetic.gen
RisingWorm.Vobfus!1.99C7 (CLASSIC)
YandexTrojan.GenAsa!GKCFO/sOtbY
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Generic.AC.3A648B!tr
BitDefenderThetaAI:Packer.887F1D7620
AVGWin32:VB-YXK [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)
alibabacloudWorm:Win/Vobfus.e0907f4e

How to remove Win32/AutoRun.VB.ANF?

Win32/AutoRun.VB.ANF removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment