Win32/Spy.VB.NNG removal tips

The Win32/Spy.VB.NNG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/Spy.VB.NNG virus can do?

Behavioural detection: Executable code extraction – unpacking
Authenticode signature is invalid

How to determine Win32/Spy.VB.NNG?


File Info:
name: F2CECBC52937A73914B8.mlw
path: /opt/CAPEv2/storage/binaries/ba1cd6f60f0c4ac728a07a5117a0df293ae33f826d9a3b8e11676f955911dc5b
crc32: 7B902968
md5: f2cecbc52937a73914b89c2406341403
sha1: 4d467b5dd81a0da6341f3c6ccebb85885a8e1cde
sha256: ba1cd6f60f0c4ac728a07a5117a0df293ae33f826d9a3b8e11676f955911dc5b
sha512: 7942538bc51d8cdc61ec04a695c9ed5fbc14ebf46bc5b45df517dbe35056f4243ba69756cb7e02d2a91d2dcbb88d832cb75158f293b44adf6810f6c5b91b5e70
ssdeep: 1536:wbTuifFh8GPLNJ04OotWhmd7xwuc04OLh8GPLNdM:61CgLNm+TdWudhCgLN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T188635AE3B7185ED2EA484AB4083E85544A1FBD724440DE4E6ACEFC160FF210769B5E9F
sha3_384: 0acfe58bd902103acba2de550cc1cf8d9a6ed955f9dda4a7f66a6cea180b08067c85a434f18a888087a58d48deb03a25
ep_bytes: 683c6d4000e8eeffffff000000000000
timestamp: 2010-11-13 09:54:37

Version Info:
Translation: 0x0409 0x04b0
CompanyName: Bunga Aria
ProductName: Win32Host
FileVersion: 1.00
ProductVersion: 1.00
InternalName: Win32Host
OriginalFilename: Win32Host.exe

Win32/Spy.VB.NNG also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Multi.Generic.4!c
CAT-QuickHeal	Trojan.MultiVMF.S21697399
McAfee	Artemis!F2CECBC52937
Malwarebytes	Generic.Malware/Suspicious
Zillya	Trojan.VB.Win32.325021
Sangfor	Riskware.Win32.Agent.ky
Alibaba	TrojanSpy:Win32/Generic.e38b27ef
BitDefenderTheta	Gen:NN.ZevbaF.36318.em0@aiyA6Cli
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Spy.VB.NNG
APEX	Malicious
Cynet	Malicious (score: 99)
Kaspersky	UDS:DangerousObject.Multi.Generic
NANO-Antivirus	Trojan.Win32.VB.cyouot
Avast	Win32:Malware-gen
Tencent	Win32.Trojan.Agen.Nsmw
F-Secure	Heuristic.HEUR/AGEN.1336448
McAfee-GW-Edition	BehavesLike.Win32.Infected.km
Trapmine	suspicious.low.ml.score
Ikarus	Trojan-Spy.Agent
Webroot	W32.Malware.Gen
Avira	HEUR/AGEN.1336448
Antiy-AVL	Trojan[Spy]/Win32.VB
Xcitium	Malware@#1n5bb8trhq8ql
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
VBA32	Trojan.Wacatac
MAX	malware (ai score=99)
Cylance	unsafe
Rising	Malware.Undefined!8.C (TFE:5:Uu5PoSjtdLE)
Yandex	Trojan.GenAsa!BbAT+nXzXoY
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/VB.NNG!tr.spy
AVG	Win32:Malware-gen
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_90% (W)

How to remove Win32/Spy.VB.NNG?

Win32/Spy.VB.NNG removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X