Malware

Win32/AutoRun.VB.ASB removal instruction

Malware Removal

The Win32/AutoRun.VB.ASB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/AutoRun.VB.ASB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded win api malware family
  • Attempts to disable Windows Auto Updates
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/AutoRun.VB.ASB?



File Info:

name: 29BECCFEE2355E3154E0.mlw
path: /opt/CAPEv2/storage/binaries/5d2dfb5efab74e15c041bedff4dfbcb2cad2ead7d8a12842d9102d1b8edc5b30
crc32: BC323116
md5: 29beccfee2355e3154e0ddce7dfbb039
sha1: 7106e6aa82bc0abafd78b95e3bbaab63733b0989
sha256: 5d2dfb5efab74e15c041bedff4dfbcb2cad2ead7d8a12842d9102d1b8edc5b30
sha512: 69e0d4850a19d48c579cd421e496fd97662bd2c9b30494a9f7cdee8a1a8bc1ed6034ec5b97f61722678f8b6a36a7734174b5c43c0134570f7e41f7c7894a27cf
ssdeep: 3072:mtAKE9tC8lsacWYCs5fDF4LJSImbV8UvR77D9G5UEDVR/bwutUqQJ8HN:m0tazbF4NN28UJ77hGGED/bbJt
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AC34A329B3A0E73EE065C7F829AA43A4446EBD3421E5B407F3D15A2576F1EF39221743
sha3_384: f0d792b6dec39fe5e232e60f95e4dee966ddd2a25f24931f69cd2e341abfbebbddbdcc7a34764cb5675143ff155cf7a7
ep_bytes: 688c584000e8eeffffff000000000000
timestamp: 2012-02-10 20:49:49


Version Info:

Translation: 0x0409 0x04b0
ProductName: CISYzv
FileVersion: 1.00
ProductVersion: 1.00
InternalName: cSwVzPXi
OriginalFilename: cSwVzPXi.exe

Win32/AutoRun.VB.ASB also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Application.Symmi.11352
FireEyeGeneric.mg.29beccfee2355e31
CAT-QuickHealWorm.VobfusVMF.S20641892
SkyhighBehavesLike.Win32.VBObfus.dm
ALYacGen:Variant.Application.Symmi.11352
MalwarebytesGeneric.Worm.AutoRun.DDS
ZillyaWorm.Vobfus.Win32.1516073
SangforSuspicious.Win32.Save.vb
K7AntiVirusEmailWorm ( 0054d10f1 )
AlibabaMalware:Win32/km_2ff7.None
K7GWEmailWorm ( 0054d10f1 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZevbaF.36802.om0@a8En21fi
VirITTrojan.Win32.SHeur4.PZF
SymantecW32.Changeup
ESET-NOD32Win32/AutoRun.VB.ASB
APEXMalicious
TrendMicro-HouseCallWORM_VOBFUS.SMAB
ClamAVWin.Trojan.Vobfus-70350
KasperskyWorm.Win32.Vobfus.efph
BitDefenderGen:Variant.Application.Symmi.11352
NANO-AntivirusTrojan.Win32.VB.rilqj
AvastWin32:VB-ABEV [Trj]
TencentWorm.Win32.Vobfus.n
TACHYONWorm/W32.WBNA.237568.H
EmsisoftGen:Variant.Application.Symmi.11352 (B)
BaiduWin32.Worm.Pronny.d
F-SecureWorm.WORM/Vobfus.aqrta
DrWebTrojan.VbCrypt.81
VIPREGen:Variant.Application.Symmi.11352
TrendMicroWORM_VOBFUS.SMAB
Trapminemalicious.moderate.ml.score
SophosMal/VBCheMan-B
IkarusWorm.Win32.Vobfus
GoogleDetected
AviraWORM/Vobfus.aqrta
VaristW32/Vobfus.AI.gen!Eldorado
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.1000
MicrosoftWorm:Win32/Vobfus!pz
XcitiumWorm.Win32.Pronny.AK@4ogvoo
ArcabitTrojan.Application.Symmi.D2C58
ZoneAlarmWorm.Win32.Vobfus.efph
GDataGen:Variant.Application.Symmi.11352
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Menti.R20177
Acronissuspicious
McAfeeVBObfus.cm
MAXmalware (ai score=73)
VBA32BScope.Trojan.VB.Diple.01583
Cylanceunsafe
PandaW32/Vobfus.GEW.worm
RisingWorm.VobfusEx!1.99DB (CLASSIC)
YandexTrojan.GenAsa!2B6wK8yPm5k
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VBKrypt.C!tr
AVGWin32:VB-ABEV [Trj]
DeepInstinctMALICIOUS
alibabacloudWorm:Win/Vobfus.d831376f

How to remove Win32/AutoRun.VB.ASB?

Win32/AutoRun.VB.ASB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment