Should I remove "Win32/AutoRun.VB.GC"?

The Win32/AutoRun.VB.GC is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/AutoRun.VB.GC virus can do?

Executable code extraction
Creates RWX memory
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Checks for the presence of known windows from debuggers and forensic tools
Installs itself for autorun at Windows startup
Creates a hidden or system file
Network activity detected but not expressed in API logs
Detects VirtualBox through the presence of a registry key
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Win32/AutoRun.VB.GC?


File Info:
crc32: 662FFFF6
md5: 06bad122fb459a3c2ca79df06a30e2b3
name: 06BAD122FB459A3C2CA79DF06A30E2B3.mlw
sha1: 73ccfd9933a55c92678e5d124a1af7c8ddf7de76
sha256: 2b530553421782ff9ce8f81474695ea3a6b81f5f44249621e3c54c51742911d9
sha512: 98d4e93b154e8a2a6c98787508b8529cc9c90e320c6b90cab23e40a5e432eb20537f024d2e8033ba0e5fd9df4609290070cdbe8ca521d4a7f7ef2309706b42f4
ssdeep: 768:nVMoUHXFHq9scwbHP2jI6svfjGq9tWKtGErwSKVIJuYO41HmzHp7Z6T1os:nkHFq9scwbV6snjG1KtGErPn71H4YTys
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
Translation: 0x0804 0x04b0
InternalName: EXPL0RER
FileVersion: 192.168.0001
CompanyName: x5faex8f6fx4e2dx56fd
ProductName: winlog
ProductVersion: 192.168.0001
OriginalFilename: EXPL0RER.exe

Win32/AutoRun.VB.GC also known as:

K7AntiVirus	Hacktool ( 005286401 )
Elastic	malicious (high confidence)
DrWeb	Worm.Siggen.95
ClamAV	Win.Worm.Lamer-6726356-0
CAT-QuickHeal	Worm.AutorunVMF.S21201167
McAfee	W32/Autorun.worm.ie
Cylance	Unsafe
Zillya	Worm.VB.Win32.466
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
K7GW	Hacktool ( 005286401 )
Cybereason	malicious.2fb459
Baidu	Win32.Virus.Hehe.a
Cyren	W32/Worm.JLLC-3392
Symantec	W32.SillyFDC
ESET-NOD32	Win32/AutoRun.VB.GC
APEX	Malicious
Avast	Win32:AutoRun-JW
Cynet	Malicious (score: 100)
Kaspersky	Virus.Win32.Lamer.cw
BitDefender	Gen:Trojan.Malware.em0@aa2Kuycb
NANO-Antivirus	Trojan.Win32.VB.jzde
ViRobot	Worm.Win32.VB.69632.U
MicroWorld-eScan	Gen:Trojan.Malware.em0@aa2Kuycb
Tencent	Trojan.Win32.VB.bex
Ad-Aware	Gen:Trojan.Malware.em0@aa2Kuycb
Sophos	ML/PE-A + Mal/Generic-E
Comodo	Worm.Win32.Agent.~MA@1346u
BitDefenderTheta	AI:Packer.51E701591C
TrendMicro	PE_LAMER.K-O
McAfee-GW-Edition	W32/Autorun.worm.ie
FireEye	Generic.mg.06bad122fb459a3c
Emsisoft	Gen:Trojan.Malware.em0@aa2Kuycb (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Virus.Win32.Lamer.a
Avira	TR/Dropper.Gen
eGambit	Unsafe.AI_Score_99%
Antiy-AVL	Trojan/Generic.ASBOL.B13
Kingsoft	Win32.Infected.AutoInfector.a.(kcloud)
Microsoft	Worm:Win32/Autorun.AER
Arcabit	Trojan.Malware.E3E5AA
SUPERAntiSpyware	Trojan.Agent/Gen-Kryptik
GData	Gen:Trojan.Malware.em0@aa2Kuycb
TACHYON	Trojan/W32.VB-Agent.69632.NO
AhnLab-V3	Trojan/Win32.Agent.R148495
VBA32	Virus.Lamer.26219
MAX	malware (ai score=85)
Malwarebytes	Worm.AutoRun
Panda	W32/Autorun.ZZ.worm
TrendMicro-HouseCall	PE_LAMER.K-O
Rising	Virus.Lamer!1.9B79 (CLASSIC)
Yandex	Trojan.GenAsa!JNeVVLDZ8Jo
Ikarus	Worm.Win32.AutoRun
MaxSecure	Virus.W32.Lamer.CW
Fortinet	W32/Lamer.CW!tr
AVG	Win32:AutoRun-JW
Qihoo-360	Win32/Virus.VBViking.HwMAqPEA

How to remove Win32/AutoRun.VB.GC?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Should I remove “Win32/AutoRun.VB.GC”?