Malware

Win32/AutoRun.VB.TH removal

Malware Removal

The Win32/AutoRun.VB.TH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/AutoRun.VB.TH virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded pe malware family
  • Detects Bochs through the presence of a registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Attempted to write directly to a physical drive
  • Collects information to fingerprint the system
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/AutoRun.VB.TH?



File Info:

name: 17C40DE79F0186C6F21C.mlw
path: /opt/CAPEv2/storage/binaries/a093f3b6914723563942d4af55860de8b8283bb3e07d7b086567d10bd269fb84
crc32: 7936732B
md5: 17c40de79f0186c6f21c5c049c4a2d56
sha1: 1bc0c21ddc19fe3e9bb8035d902d0fad4943e3c4
sha256: a093f3b6914723563942d4af55860de8b8283bb3e07d7b086567d10bd269fb84
sha512: 740ab0743b097eeba342593fce2e84a1740536955dc505d877bfd916f211f4e4041ad61484cdb1be935e33570984f1a4e60420da077f16605255fd612b3ca03d
ssdeep: 1536:ZXOXSjuhcVzuZT2shQBTpgqeXmRucvQydhfYOzbNj:3b6Zq0chf
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10F24E16A9843BA15D25FBE7023EE0AB09473C8C525CAA0C727EB19DD3916C04D936DF7
sha3_384: 3515e940466b4a86d4bb2ae94a1fd36c295f4dac53ab2e2f0ff5fa29a1360f29badcff78b220711a8d640a7e5153c67c
ep_bytes: 6834124000e8f0ffffff000000000000
timestamp: 2010-09-03 13:12:23


Version Info:

Translation: 0x0409 0x04b0
: 
FileVersion: 8.91
ProductVersion: 8.91

Win32/AutoRun.VB.TH also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.VBKrypt.32
FireEyeGeneric.mg.17c40de79f0186c6
CAT-QuickHealWorm.WbnaMF.S19993800
SkyhighBehavesLike.Win32.VBObfus.dm
ALYacGen:Variant.VBKrypt.32
MalwarebytesMalware.AI.4215081361
SangforSuspicious.Win32.Save.vb
K7AntiVirusTrojan-Downloader ( 001ff72a1 )
K7GWTrojan-Downloader ( 001ff72a1 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaAI:Packer.12B7124620
VirITTrojan.Win32.SHeur3.AYBO
SymantecW32.Changeup!gen10
ESET-NOD32Win32/AutoRun.VB.TH
APEXMalicious
ClamAVWin.Trojan.Changeup-6169544-0
KasperskyWorm.Win32.WBNA.ipa
BitDefenderGen:Variant.VBKrypt.32
NANO-AntivirusTrojan.Win32.WBNA.dzslom
AvastWin32:Evo-gen [Trj]
TencentMalware.Win32.Gencirc.10b24c21
EmsisoftGen:Variant.VBKrypt.32 (B)
BaiduWin32.Worm.VB.al
F-SecureWorm:W32/Vobfus.CL
DrWebWin32.HLLW.Autoruner.27925
VIPREGen:Variant.VBKrypt.32
TrendMicroWORM_ESFURY.SMA
Trapminemalicious.moderate.ml.score
SophosMal/SillyFDC-D
SentinelOneStatic AI – Malicious PE
MAXmalware (ai score=88)
GDataGen:Variant.VBKrypt.32
JiangminTrojan/Jorik.gmxa
GoogleDetected
AviraTR/Drop.Agent.chl
VaristW32/Vobfus.I.gen!Eldorado
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.1000
XcitiumTrojWare.Win32.VBKrypt.2@22yg5l
ArcabitTrojan.VBKrypt.32
ZoneAlarmWorm.Win32.WBNA.ipa
MicrosoftWorm:Win32/Vobfus.AH
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/VBKrypt.RP03.X1850
McAfeeDownloader-CJX.gen.j
TACHYONTrojan/W32.VB-Jorik.229376
VBA32Trojan.Tibs
Cylanceunsafe
PandaGeneric Malware
TrendMicro-HouseCallWORM_ESFURY.SMA
RisingWorm.Vobfus!8.10E (TFE:3:sXvKd8bQBOL)
YandexTrojan.GenAsa!hh2Tavay2ZU
IkarusWorm.Win32.Vobfus
MaxSecureTrojan.Malware.5496659.susgen
FortinetW32/VBObfus.CJX!tr
AVGWin32:Evo-gen [Trj]
DeepInstinctMALICIOUS
alibabacloudTrojan.Win.UnkAgent

How to remove Win32/AutoRun.VB.TH?

Win32/AutoRun.VB.TH removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment