Win32/TrojanDownloader.VB.PAT removal tips

The Win32/TrojanDownloader.VB.PAT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/TrojanDownloader.VB.PAT virus can do?

Behavioural detection: Executable code extraction – unpacking
Performs HTTP requests potentially not found in PCAP.
Authenticode signature is invalid
Attempts to modify proxy settings

How to determine Win32/TrojanDownloader.VB.PAT?


File Info:
name: 17D0705BCC65EB16F6C8.mlw
path: /opt/CAPEv2/storage/binaries/f4d370320aced2efbfb6a2025cdac386c3704e78444b22f4115e06e538e10b11
crc32: 93A83F9E
md5: 17d0705bcc65eb16f6c8aee6cc0c384f
sha1: d5ee06407f03f10dc3a22609351386d77260f170
sha256: f4d370320aced2efbfb6a2025cdac386c3704e78444b22f4115e06e538e10b11
sha512: 22841cbc044f62f63d7bb2fdad89b69415da0c79003ad8f0ca8a8a46b31b0db56dcd29e5b42b3e8a88bed8a73d0b6d7d14a01016e04df83e7a30e97a9038568d
ssdeep: 96:/lxkL76be2L99j7CSV6ODzuDR3wDRR+82SDu8bwyU1XhSbL4ccKtAQC1NcCBJ127:/TOqL3DVUYLfu8bwczcKdQOyBSX/i
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T151B23217B66C549DF09A467915239BE6AD622C309A08AC0AFB167F1C68B10D3FCF4747
sha3_384: 56540484ca363cc835cc99a07b9c7adb664a4f1a7a93f0689b6a0e0c15c9e96168d0424a911b5ae67420cb9b30a0904c
ep_bytes: 6818134000e8f0ffffff000000000000
timestamp: 2009-12-03 05:28:45

Version Info:
Translation: 0x0409 0x04b0
ProductName: Project1
FileVersion: 1.00
ProductVersion: 1.00
InternalName: cran
OriginalFilename: cran.exe

Win32/TrojanDownloader.VB.PAT also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.VB.a!c
FireEye	Generic.mg.17d0705bcc65eb16
Skyhigh	BehavesLike.Win32.Infected.mz
McAfee	Artemis!17D0705BCC65
Cylance	unsafe
K7GW	Trojan-Downloader ( 0055e3da1 )
K7AntiVirus	Trojan-Downloader ( 0055e3da1 )
BitDefenderTheta	Gen:NN.ZevbaF.36792.bm0@aSSvlEai
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of Win32/TrojanDownloader.VB.PAT
APEX	Malicious
Cynet	Malicious (score: 99)
Kaspersky	Trojan-Downloader.Win32.VB.aima
NANO-Antivirus	Trojan.Win32.Gendal.opfru
Avast	FileRepMalware [Trj]
Tencent	Win32.Trojan-Downloader.Vb.Mcnw
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Gendal.5824132
DrWeb	Trojan.DownLoader5.18955
Zillya	Downloader.VB.Win32.34594
Ikarus	Trojan.Win32.VB
Jiangmin	TrojanDownloader.VB.dygw
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/Gendal.5824132
Antiy-AVL	Trojan[Downloader]/Win32.VB
Microsoft	TrojanDownloader:Win32/Tearspear!gmb
ViRobot	Trojan.Win32.A.Downloader.24576.JE
ZoneAlarm	Trojan-Downloader.Win32.VB.aima
VBA32	BScope.Trojan.Neurevt
Malwarebytes	Generic.Malware/Suspicious
Panda	Generic Malware
Rising	Downloader.VB!8.1EB (TFE:5:B1YbD7wbWoC)
Yandex	Trojan.GenAsa!KPiYldJuFrs
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/VB.AIMA!tr.dldr
AVG	FileRepMalware [Trj]
DeepInstinct	MALICIOUS

How to remove Win32/TrojanDownloader.VB.PAT?

Win32/TrojanDownloader.VB.PAT removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X