Win32/Packed.VMProtect.ABO removal guide

The Win32/Packed.VMProtect.ABO file is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Win32/Packed.VMProtect.ABO virus can do?

• Executable code extraction
• Creates RWX memory
• A process attempted to delay the analysis task.
• Unconventionial language used in binary resources: Korean
• The binary likely contains encrypted or compressed data.
• The executable is likely packed with VMProtect
• Tries to suspend Cuckoo threads to prevent logging of malicious activity
• Tries to unhook or modify Windows functions monitored by Cuckoo
• Attempts to modify proxy settings

How to determine Win32/Packed.VMProtect.ABO?

General:
Operating System: Windows 7 / 8 / 8.1 / 10
Virus Name: malicious.6b4b1b


File Info:
Name: 2appverif.chm
Size: 2470400
Type: PE32 executable (GUI) Intel 80386, for MS Windows
MD5: 73884316b4b1b7b31555425c7d524b89
SHA1: 1546bae6443c05054a5575f8aff4bf59eee00694
SH256: 3a1a639dfe2c82ebd242ac94bfbb5ae1a80ff0aff66f99d9eaf862dc44d93bf4
 
Version Info:
 [No Data] 

Win32/Packed.VMProtect.ABO also known as:

APEX	Malicious
AVG	FileRepMalware
Acronis	suspicious
Ad-Aware	Gen:Trojan.Heur.RP.wIW@aGhbGCdO
AegisLab	Trojan.Multi.Generic.4!c
AhnLab-V3	Trojan/Win32.Agent.C3560195
Alibaba	Trojan:Win32/Wecod.5a2e6b30
Antiy-AVL	Trojan/Win32.Wecod
Arcabit	Trojan.Heur.RP.E023B2
Avast	Win32:Evo-gen [Susp]
Avira	TR/Black.Gen2
BitDefender	Gen:Trojan.Heur.RP.wIW@aGhbGCdO
BitDefenderTheta	Gen:Trojan.Heur.RP.wIW@aGhbGCdO
Comodo	Malware@#21qe6og8hr151
CrowdStrike	win/malicious_confidence_100% (W)
Cybereason	malicious.6b4b1b
Cylance	Unsafe
ESET-NOD32	a variant of Win32/Packed.VMProtect.ABO
Emsisoft	Gen:Trojan.Heur.RP.wIW@aGhbGCdO (B)
Endgame	malicious (high confidence)
F-Secure	Trojan.TR/Black.Gen2
FireEye	Generic.mg.73884316b4b1b7b3
Fortinet	W32/VMProtBad.A!tr
GData	Gen:Trojan.Heur.RP.wIW@aGhbGCdO
Ikarus	Trojan.Win32.VMProtect
K7AntiVirus	Trojan ( 004b0a511 )
K7GW	Trojan ( 004b0a511 )
Kaspersky	Trojan.Win32.Wecod.izdx
MAX	malware (ai score=80)
McAfee	Artemis!73884316B4B1
McAfee-GW-Edition	BehavesLike.Win32.Generic.vc
MicroWorld-eScan	Gen:Trojan.Heur.RP.wIW@aGhbGCdO
Microsoft	Trojan:Win32/Occamy.C
Paloalto	generic.ml
Panda	Trj/Genetic.gen
Qihoo-360	Win32/Trojan.97a
Rising	Trojan.Generic@ML.100 (RDMK:uu3UWQGPwOB94XVUcsjtcg)
SentinelOne	DFI – Malicious PE
Sophos	Mal/VMProtBad-A
Symantec	ML.Attribute.HighConfidence
Trapmine	malicious.high.ml.score
TrendMicro-HouseCall	TROJ_GEN.R068C0RKD19
VBA32	BScope.Trojan.Ditertag
VIPRE	Trojan.Win32.Generic!BT
ViRobot	Trojan.Win32.Z.Vmprotect.2470400
ZoneAlarm	Trojan.Win32.Wecod.izdx

How to remove Win32/Packed.VMProtect.ABO?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.