Malware

Win32/Injector.ZVH removal instruction

Malware Removal

The Win32/Injector.ZVH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Win32/Injector.ZVH virus can do?

  • HTTPS urls from behavior.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Anomalous binary characteristics

How to determine Win32/Injector.ZVH?


File Info:

name: AF9EF4C0FF00B1EBBD40.mlw
path: /opt/CAPEv2/storage/binaries/a1de2b3ba4e8d1e4a338f9c58ebafc3abc6ccfe0d876a7e771184ae38f0e9b02
crc32: BCEFA289
md5: af9ef4c0ff00b1ebbd406d7481d3eb67
sha1: 0a3f4110ea37f4bd843241257809fc2f31273520
sha256: a1de2b3ba4e8d1e4a338f9c58ebafc3abc6ccfe0d876a7e771184ae38f0e9b02
sha512: 11a93847aca4eef2e81d235cb7cad026f12fce0fc1e2c58de109e19623fdfaa1234c6a294edae23af452d1859905ebf7388107f5c1aa523996267ea95d9f6dae
ssdeep: 1536:ouMfbg5yykzi0MtZYbNNN3p/nxPEnKgPvIWpe0Qm8+/qKtfMopXfDkDid0raNNJ:oJi0MtZYbt3pevdpeZmvqKyVp6NJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F3C3AE4E64C2C03AD20105FF55CA878F6BFE7F03A691D22FEB8C7089597C547492AE66
sha3_384: 84ce76034e29302458b8d73a7c47d44241146c648ee5101727dcf8eefb4f182b9291bf479dab16c8fbcb29f61504332e
ep_bytes: e854160000e916feffff8b4424048b00
timestamp: 2012-12-04 04:49:10

Version Info:

FileDescription: LKuds cl ssd
FileVersion: 0, 1, 2, 0
InternalName: SSD
LegalCopyright: United States
OriginalFilename: System
ProductName: Windows base
ProductVersion: 0, 0, 0, 0
Translation: 0x0409 0x04b0

Win32/Injector.ZVH also known as:

BkavW32.AIDetect.malware2
MicroWorld-eScanGen:Heur.Mint.Zitirez.hq0@cOJM5jbiIc
FireEyeGeneric.mg.af9ef4c0ff00b1eb
CAT-QuickHealTrojan.Vundo.Gen
ALYacGen:Heur.Mint.Zitirez.hq0@cOJM5jbiIc
CylanceUnsafe
ZillyaTrojan.Injector.Win32.163149
K7AntiVirusTrojan ( 0055e3991 )
K7GWTrojan ( 0055e3991 )
Cybereasonmalicious.0ff00b
VirITBackdoor.Win32.Butirat.IX
CyrenW32/Zbot.EW.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Injector.ZVH
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Heur.Mint.Zitirez.hq0@cOJM5jbiIc
NANO-AntivirusTrojan.Win32.Butirat.cqlskf
AvastWin32:Injector-CRP [Trj]
TencentMalware.Win32.Gencirc.10c8eec5
Ad-AwareGen:Heur.Mint.Zitirez.hq0@cOJM5jbiIc
EmsisoftGen:Heur.Mint.Zitirez.hq0@cOJM5jbiIc (B)
ComodoTrojWare.Win32.Injector.zvh@54bdg4
DrWebBackDoor.Butirat.231
VIPREGen:Heur.Mint.Zitirez.hq0@cOJM5jbiIc
McAfee-GW-EditionVundo-FAYV!AF9EF4C0FF00
Trapminemalicious.moderate.ml.score
SophosML/PE-A + Mal/Zbot-KC
SentinelOneStatic AI – Suspicious PE
GDataGen:Heur.Mint.Zitirez.hq0@cOJM5jbiIc
JiangminTrojan/Generic.aqrzz
AviraTR/Vundo.Gen7
Antiy-AVLTrojan/Generic.ASMalwS.24D
ArcabitTrojan.Mint.Zitirez.ED15E9C
MicrosoftTrojan:Win32/Vundo
GoogleDetected
AhnLab-V3Trojan/Win32.Blocker.R50980
McAfeeVundo-FAYV!AF9EF4C0FF00
MAXmalware (ai score=86)
VBA32Hoax.Blocker
RisingTrojan.SpyVoltar!1.6564 (CLASSIC)
YandexTrojan.Agent!RUlEuZ6veWc
IkarusVirus.Win32.Vundo
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Zbot.KC!tr
BitDefenderThetaGen:NN.ZexaF.34592.hq0@aOJM5jbi
AVGWin32:Injector-CRP [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Injector.ZVH?

Win32/Injector.ZVH removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment