Malware

Win32/Packed.VProtect.A suspicious removal guide

Malware Removal

The Win32/Packed.VProtect.A suspicious is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Packed.VProtect.A suspicious virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Win32/Packed.VProtect.A suspicious?



File Info:

name: EA645FD6D48A1CCCB7F6.mlw
path: /opt/CAPEv2/storage/binaries/49fb437985782e9db39a8b9a97f61824ab66ea5147998c142eeeb2201f901009
crc32: 0F266BF8
md5: ea645fd6d48a1cccb7f6ca23c94b13fc
sha1: 1e41c1254a147d3386c0885339cbef452ea3f24f
sha256: 49fb437985782e9db39a8b9a97f61824ab66ea5147998c142eeeb2201f901009
sha512: 16eef3acee6175ae1f06feafec76d685c81d5e0ccce878729e1cf6adbecd344eddbbdb8e29f06e2b9bbffd3cd169ebae3f7107fd65059c9610832e285042aaa7
ssdeep: 196608:/NeMK12w4ooHvnNynoQlSHo7KhVOC4FDh4BIVyQ/Wye60PHZaYFmodJFMCBCm20+:YFsw4lHFyoISHIKKC4vKIVywWh60dmGi
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FBB633010DC0E131D22066FA690BBCA9F436AB510B3450DFBB9B1DCB5D3F7D66A4A1E6
sha3_384: c101e75004c0d1d09f262bf79dc68964f63ae737d1cc7ca05659633a8890208770ec620012a5a9363259a437238010d4
ep_bytes: 558bec83c4f0b89c9a4100e8b8abfeff
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: 
CompanyName: 北京兴盛科技信息技术有限公司                                              
FileDescription: 大金融证券内参分析系统 1.00 Installation                               
FileVersion: 1.00                
LegalCopyright: 北京兴盛科技信息技术有限公司                                                                                      
Translation: 0x0409 0x04e4

Win32/Packed.VProtect.A suspicious also known as:

BkavW32.AIDetectMalware
SkyhighBehavesLike.Win32.BadFile.vc
Cylanceunsafe
K7AntiVirusTrojan ( 003934011 )
K7GWTrojan ( 003934011 )
ESET-NOD32a variant of Win32/Packed.VProtect.A suspicious
AvastWin32:Evo-gen [Trj]
SophosMal/Generic-S
IkarusPUA.BAT.Hostschanger
CynetMalicious (score: 100)
McAfeeArtemis!EA645FD6D48A
VBA32Trojan.Wacatac
MalwarebytesGeneric.Malware/Suspicious
AVGWin32:Evo-gen [Trj]
DeepInstinctMALICIOUS

How to remove Win32/Packed.VProtect.A suspicious?

Win32/Packed.VProtect.A suspicious removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment