Trojan

Should I remove “Win32/TrojanDownloader.VB.RSS”?

Malware Removal

The Win32/TrojanDownloader.VB.RSS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/TrojanDownloader.VB.RSS virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Unconventionial language used in binary resources: Spanish (Modern)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Win32/TrojanDownloader.VB.RSS?



File Info:

name: E7C4CB667C8BC55E68B5.mlw
path: /opt/CAPEv2/storage/binaries/4d7456c377aa4e901385e08dec4d5cfee3340b38cdc174a60c5baf5c9fafce4e
crc32: D9FF4D09
md5: e7c4cb667c8bc55e68b528fb0afd873c
sha1: 265b5bf3ccdf82fd8babea7477efe25defad28b2
sha256: 4d7456c377aa4e901385e08dec4d5cfee3340b38cdc174a60c5baf5c9fafce4e
sha512: 45d8c94cb05faff3a8d834d18e63288ffb73c7fd56003935ee96c67ad186c4737cc293d939f3a288bef3cd24fda96a97478f25f6eee819d55545d12d7d45d8b4
ssdeep: 48:ygMf3sIgfkHfFIsrTfMiGBvYhRKp+viL9QRI153iSeJY8JTavLCFNw8d4pxeMCwc:sfvNlYUaKi12Nw8dZ4M
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17BC1B646F75D9C96E0830C339D338776A421FC609EA683477EA43B9F3CB1160D6269A2
sha3_384: 9b97221b5c44bbcb2167959733770b77705bf0f75e255d14772ad663a045ae9043d072d82ffe488b2ceac7bb1d9d9579
ep_bytes: 60be005040008dbe00c0ffff57eb0b90
timestamp: 2022-02-01 03:46:04


Version Info:

Translation: 0x0c0a 0x04b0
ProductName: xflashupx64
FileVersion: 1.00
ProductVersion: 1.00
InternalName: sa
OriginalFilename: sa.scr

Win32/TrojanDownloader.VB.RSS also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.38922401
FireEyeGeneric.mg.e7c4cb667c8bc55e
ALYacTrojan.GenericKD.38922401
MalwarebytesTrojan.Downloader
SangforPUP.Win32.Caypnamer.A!ml
K7GWTrojan-Downloader ( 0058e2bd1 )
ArcabitTrojan.Generic.D251E8A1
BitDefenderThetaGen:NN.ZevbaF.34212.amKfaCSc@1O
ESET-NOD32a variant of Win32/TrojanDownloader.VB.RSS
TrendMicro-HouseCallTROJ_GEN.R002H0CBA22
BitDefenderTrojan.GenericKD.38922401
AvastWin32:Trojan-gen
Ad-AwareTrojan.GenericKD.38922401
SophosGeneric PUA CG (PUA)
McAfee-GW-EditionBehavesLike.Win32.Trojan.zt
EmsisoftTrojan.GenericKD.38922401 (B)
SentinelOneStatic AI – Suspicious PE
WebrootW32.Trojan.Gen
MAXmalware (ai score=86)
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Sabsik.TE.B!ml
GDataTrojan.GenericKD.38922401
CynetMalicious (score: 100)
McAfeeArtemis!E7C4CB667C8B
CylanceUnsafe
APEXMalicious
RisingDownloader.VB!8.1EB (CLOUD)
YandexTrojan.GenAsa!Yt0c8Q9TVy8
MaxSecureTrojan.Malware.300983.susgen
FortinetPossibleThreat.PALLAS.H
AVGWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Win32/TrojanDownloader.VB.RSS?

Win32/TrojanDownloader.VB.RSS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment