Win32/AutoRun.VB.AQW information

The Win32/AutoRun.VB.AQW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/AutoRun.VB.AQW virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
Expresses interest in specific running processes
Reads data out of its own binary image
Installs itself for autorun at Windows startup
Creates a hidden or system file
Attempts to disable Windows Auto Updates
Creates a slightly modified copy of itself
Anomalous binary characteristics
Attempts to modify Explorer settings to prevent hidden files from being displayed

Related domains:

ns1.musiczipz.com

ns1.musicmixa.net

ns1.musicmixa.org

ns1.musicmixb.co

ns1.musicmixc.com

How to determine Win32/AutoRun.VB.AQW?


File Info:
crc32: 2ABB136E
md5: 5dbd1bfaa9b210a70feddfbde8e560fd
name: 5DBD1BFAA9B210A70FEDDFBDE8E560FD.mlw
sha1: 2840509214c1cb143fd40bdbee08f8cd6fb2c84f
sha256: 229b4e1dc83c95c44436018c2abaa09707d73efff38dceed4580177db9551b80
sha512: 109c89cbf9eaf9779dd8fa95079793bdda51d4789d542e7688bcf607eb6acf99ac86be7afc18ac76c070c0a83873416c9c984ab19dba3c97b37a703f8a034268
ssdeep: 1536:jxVVLz2cGCyFLAx4cd9Lv2PElgWEVNoN274B/K51ptaHElfTczp6Far2/AgAISF:9LyH9Up+ZVNoN2N04A1
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Win32/AutoRun.VB.AQW also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.VBInject.11
FireEye	Generic.mg.5dbd1bfaa9b210a7
ALYac	Gen:Variant.VBInject.11
Cylance	Unsafe
VIPRE	Worm.Win32.Vobfus.fi (v)
Sangfor	Malware
K7AntiVirus	EmailWorm ( 0054d10f1 )
BitDefender	Gen:Variant.VBInject.11
K7GW	EmailWorm ( 0054d10f1 )
Cybereason	malicious.aa9b21
BitDefenderTheta	Gen:NN.ZevbaF.34804.nmW@amC4psd
Cyren	W32/Vobfus.AV.gen!Eldorado
Symantec	W32.Changeup
ESET-NOD32	Win32/AutoRun.VB.AQW
Baidu	Win32.Worm.VB.lf
APEX	Malicious
Avast	Win32:VB-ADDH [Trj]
ClamAV	Win.Trojan.Changeup-6169544-0
Kaspersky	Trojan.Win32.Jorik.Vobfus.ekue
NANO-Antivirus	Trojan.Win32.Jorik.eijubo
Ad-Aware	Gen:Variant.VBInject.11
Sophos	ML/PE-A + W32/Vobfus-AY
F-Secure	Trojan.TR/Jorik.ektcya
DrWeb	Win32.HLLW.Autoruner1.16646
TrendMicro	WORM_VOBFUS.SMK7
McAfee-GW-Edition	BehavesLike.Win32.VBObfus.dt
Emsisoft	Gen:Variant.VBInject.11 (B)
Ikarus	Worm.Win32.Vobfus
Jiangmin	Trojan/Vobfus.ngv
eGambit	Unsafe.AI_Score_100%
Avira	TR/Jorik.ektcya
MAX	malware (ai score=88)
Antiy-AVL	Worm/Win32.WBNA.gen
Microsoft	Worm:Win32/Vobfus.FI
Arcabit	Trojan.VBInject.11
SUPERAntiSpyware	Trojan.Agent/Gen-Vobfus
AhnLab-V3	Trojan/Win32.Jorik.C644758
ZoneAlarm	Trojan.Win32.Jorik.Vobfus.ekue
GData	Gen:Variant.VBInject.11
Cynet	Malicious (score: 100)
TotalDefense	Win32/Vobfus.AID
Acronis	suspicious
McAfee	VBObfus.dv
TACHYON	Trojan/W32.VB-Jorik.217088.G
VBA32	TScope.Trojan.VB
Malwarebytes	Vobfus.Worm.Evasion.DDS
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	WORM_VOBFUS.SMK7
Rising	Worm.Vobfus!8.10E (TFE:3:pv4i9dZscLJ)
Yandex	Trojan.GenAsa!84xBAroWknk
SentinelOne	Static AI – Malicious PE – Worm
MaxSecure	Worm.VBNA.b
Fortinet	W32/Jorik.EGLG!tr
AVG	Win32:VB-ADDH [Trj]
CrowdStrike	win/malicious_confidence_80% (D)
Qihoo-360	HEUR/QVM03.0.061F.Trojan.Win32.Jorik

How to remove Win32/AutoRun.VB.AQW?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Win32/AutoRun.VB.AQW information