Malware

Win32/Injector.ERBQ removal instruction

Malware Removal

The Win32/Injector.ERBQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Injector.ERBQ virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Win32/Injector.ERBQ?



File Info:

name: E0CEE86BCF998E0024E1.mlw
path: /opt/CAPEv2/storage/binaries/50f2555bb6985fb1953d31eb7af65be8ac857bb0c861d758b8932d591d8342c6
crc32: B2EB80E4
md5: e0cee86bcf998e0024e132c152d034b9
sha1: c2b9f6ee4f26d391490ca568ac3366320dfc4d67
sha256: 50f2555bb6985fb1953d31eb7af65be8ac857bb0c861d758b8932d591d8342c6
sha512: c602b7a45972e54bf420ad6d5e896738a051530ef5019545283e6dc9a1a711ff80779921b5fe23549afa57b7c912b76b5e597fdb49d0ca982f0bd2a9278f7754
ssdeep: 24576:eLRrWBV/skQ9A9bzoWl5Iit6jeThkB0tVSn52ozSXtS7vP:eL+sWPT+cSn52omXtSL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13705AF23F7804437D0B719788C5B56B4997ABE102E24E88B37E5DF0C4FF92517A2A297
sha3_384: 8e71538cb8f8a0b0ad0c416bb5572b28eb2536cf1e46b44b1eb11eebce6f3415cfab21157327d99379de39b04077b7cb
ep_bytes: 558bec83c4f053b8a8a04700e81ba8f8
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: Igor Pavlov
FileDescription: Word File Manager
FileVersion: 21.02 alpha
InternalName: 7zFM
LegalCopyright: Copyright (c) 1999-2021 Igor Pavlov
OriginalFilename: FM.DOC
ProductName: Zip
ProductVersion: 21.02 alpha
Translation: 0x0409 0x04b0

Win32/Injector.ERBQ also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Noon.l!c
CynetMalicious (score: 100)
FireEyeTrojan.GenericKD.48296465
McAfeeGenericRXRR-VP!E0CEE86BCF99
CylanceUnsafe
SangforSpyware.Win32.Noon.gen
K7AntiVirusTrojan ( 7000000f1 )
K7GWTrojan ( 7000000f1 )
Cybereasonmalicious.bcf998
VirITTrojan.Win32.PSWStealer.DFP
CyrenW32/Androm.CH.gen!Eldorado
SymantecPacked.Generic.516
ESET-NOD32a variant of Win32/Injector.ERBQ
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Backdoor.Win32.Androm.gen
BitDefenderTrojan.GenericKD.48296465
MicroWorld-eScanTrojan.GenericKD.48296465
AvastWin32:BackdoorX-gen [Trj]
Ad-AwareTrojan.GenericKD.48296465
SophosMal/Generic-S
DrWebTrojan.Siggen16.40160
McAfee-GW-EditionBehavesLike.Win32.Worm.cc
EmsisoftTrojan.Injector (A)
GDataTrojan.GenericKD.48296465
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Spynoon.PR!MTB
AhnLab-V3Trojan/Win.Generic.C4960410
BitDefenderThetaGen:NN.ZelphiF.34212.ZK0@a4CYSaai
ALYacTrojan.GenericKD.48296465
MAXmalware (ai score=83)
VBA32TScope.Trojan.Delf
MalwarebytesTrojan.MalPack.DLF
TrendMicro-HouseCallTROJ_GEN.F0D1C00B822
RisingMalware.FakeXLS/ICON!1.6AC3 (CLOUD)
YandexTrojan.Injector!8GCMsWs02FU
FortinetW32/Injector.ENEX!tr
AVGWin32:BackdoorX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove Win32/Injector.ERBQ?

Win32/Injector.ERBQ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment