Malware

Win32/VB.NOY removal

Malware Removal

The Win32/VB.NOY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/VB.NOY virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality

How to determine Win32/VB.NOY?



File Info:

name: B90DB6F6C9902EC99FAE.mlw
path: /opt/CAPEv2/storage/binaries/fa67eb5ed8790444ff48c71f3c5c312ac4c9972f7604fb9e57b39d39632eb56c
crc32: 64FAF7CF
md5: b90db6f6c9902ec99faebffe1dfe0f81
sha1: 8637be3474c4248d078766ece4a6969807036395
sha256: fa67eb5ed8790444ff48c71f3c5c312ac4c9972f7604fb9e57b39d39632eb56c
sha512: fb1826d992b11e60561bca0176af1bed8b45c2492d696c7612cfc6ede674ff2f2825dd62b007b5227dc90bc245ae538717257ce494ab8b723dfb068049049aca
ssdeep: 24576:8Ny96H0OzQzzT9+KA7wnNTBIWWh4f1tLeyWcRq4aeXVav9Mk4vITeqmFYANCodoo:8HMYwnNTBIWWhipXqrv9MRITeqmFYO+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EF160743BAB5EC26F57C38F1D894E9716D2D7C110AA3B8A775B9F76E88335805B10322
sha3_384: 9c0c2cafeaad0caa5a16ebdeb65b63ea22a99202cda9498d1489f2015cf7f8a1ea05f7a4cef30696139c3d0a35c07309
ep_bytes: 60be003041008dbe00e0feff5783cdff
timestamp: 2008-06-09 03:48:26


Version Info:

Translation: 0x0804 0x04b0
CompanyName: 2146
ProductName:  
FileVersion: 1.00
ProductVersion: 1.00
InternalName: avp
OriginalFilename: avp.exe

Win32/VB.NOY also known as:

BkavW32.FamVT.VB.SoulPack.PE
Elasticmalicious (high confidence)
MicroWorld-eScanWin32.Worm.SoulClose.C
FireEyeGeneric.mg.b90db6f6c9902ec9
McAfeeArtemis!B90DB6F6C990
CylanceUnsafe
ZillyaVirus.VB.Win32.177
SangforTrojan.Win32.Save.a
K7AntiVirusRiskware ( 0015e4f01 )
K7GWRiskware ( 0015e4f01 )
Cybereasonmalicious.6c9902
BitDefenderThetaAI:Packer.C5804BE920
CyrenW32/Worm.Soul.gen!Eldorado
SymantecW32.Fujacks.C
ESET-NOD32Win32/VB.NOY
BaiduWin32.Worm.VB.bc
ClamAVWin.Malware.Generic-9884574-0
KasperskyVirus.Win32.VB.lc
BitDefenderWin32.Worm.SoulClose.C
NANO-AntivirusVirus.Win32.VB.bpcbgk
SUPERAntiSpywareWorm.SoulClose
AvastWin32:VB-JGI
TencentMalware.Win32.Gencirc.10b40d68
Ad-AwareWin32.Worm.SoulClose.C
SophosML/PE-A + W32/OYSoul-Gen
ComodoWorm.Win32.VB.NOY@bf0m
DrWebWin32.HLLP.Soul
VIPREVirus.Win32.Soulclose.a (v)
McAfee-GW-EditionBehavesLike.Win32.Dropper.rm
SentinelOneStatic AI – Malicious PE
EmsisoftWin32.Worm.SoulClose.C (B)
APEXMalicious
GDataWin32.Worm.SoulClose.C
JiangminWorm.Generic.vk
eGambitUnsafe.AI_Score_99%
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASBOL.21
MicrosoftVirus:Win32/Soulclose.A
CynetMalicious (score: 100)
AhnLab-V3Win32/Soulclose.X1317
VBA32Trojan.VBRA.07562
MAXmalware (ai score=83)
MalwarebytesMalware.AI.4289551135
RisingSpyware.Zbot!1.648A (RDMK:cmRtazqLDg4ulrx7OkcIBzYKfc32)
YandexWorm.VB!y/pweIhDvLs
IkarusVirus.Win32.VB.lc
MaxSecureVirus.W32.VB.lc
FortinetW32/OpenSoul.A
AVGWin32:VB-JGI
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Win32/VB.NOY?

Win32/VB.NOY removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment