Malware

Win32/VB.NTU information

Malware Removal

The Win32/VB.NTU is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Win32/VB.NTU virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (11 unique times)
  • A process created a hidden window
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

Related domains:

www.youtube.com
ocsp.pki.goog
crl.pki.goog
crls.pki.goog
www.bing.com
i.ytimg.com
fonts.googleapis.com
fonts.gstatic.com
r1—sn-bpb5oxu-3c2l.googlevideo.com
s2.symcb.com

How to determine Win32/VB.NTU?


File Info:

crc32: B808C868
md5: 8bd8bebc21846b39107a3bd9c301df49
name: 8BD8BEBC21846B39107A3BD9C301DF49.mlw
sha1: 4b3273e2ff20159e11ef7e2f170426003cececca
sha256: bf24cf051f644cbf1d1e2d2df28286c725c3d5808ce7efa11184660ff719070d
sha512: f550f0fc691c69e50301a7fe8f7d591084212a31deada78e3fd48078ad2e27ca3fd411f205664445887238d80943806e3ac558dbe41c9db59aa80a96a14657de
ssdeep: 3072:+I9LtyZ4gj7sMFkIjPvxJLtPNR7/GAoH698ArcszSxnnPgmj:pvgvnLvxJB1x/GAoa98YcszSpPt
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

Translation: 0x0409 0x04b0
InternalName: project1
FileVersion: 1.00
CompanyName: Particular
ProductName: recor
ProductVersion: 1.00
OriginalFilename: project1.exe

Win32/VB.NTU also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 00171bc41 )
LionicTrojan.Win32.Vilsel.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Click.20169
CynetMalicious (score: 100)
ALYacGen:Trojan.Heur.ii0arrm9!@piu
CylanceUnsafe
ZillyaTrojan.Vilsel.Win32.20291
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_70% (D)
AlibabaWorm:Win32/Vilsel.3919479c
K7GWTrojan ( 00171bc41 )
Cybereasonmalicious.c21846
CyrenW32/SuspPack.G.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/VB.NTU
APEXMalicious
AvastWin32:Vilsel-AL [Trj]
KasperskyTrojan.Win32.Vilsel.agwv
BitDefenderGen:Trojan.Heur.ii0arrm9!@piu
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
MicroWorld-eScanGen:Trojan.Heur.ii0arrm9!@piu
TencentWin32.Trojan.Vilsel.Eero
Ad-AwareGen:Trojan.Heur.ii0arrm9!@piu
SophosML/PE-A + Mal/Particula-A
ComodoTrojWare.Win32.PSW.Ldpinch.~NNT@1op6ij
BitDefenderThetaAI:Packer.C012702B1D
TrendMicroWORM_RUCTO.SMI
McAfee-GW-EditionBehavesLike.Win32.VirRansom.cc
FireEyeGeneric.mg.8bd8bebc21846b39
EmsisoftGen:Trojan.Heur.ii0arrm9!@piu (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Vilsel.lsw
Webrootnone
AviraTR/Crypt.CFI.Gen
eGambitGeneric.Malware
MicrosoftWorm:Win32/Ructo.C
ArcabitTrojan.Heur.E4EE28
SUPERAntiSpywareWorm.Ructo/Variant
ZoneAlarmTrojan.Win32.Midgare.bllk
GDataGen:Trojan.Heur.ii0arrm9!@piu
AhnLab-V3Trojan/Win32.MSNPass.R1900
Acronissuspicious
McAfeeGeneric BackDoor.wg
MAXmalware (ai score=100)
VBA32TScope.Malware-Cryptor.SB
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_RUCTO.SMI
YandexTrojan.Vilsel.Gen!Pac.3
IkarusTrojan.Win32.Vilsel
MaxSecureTrojan.Vilsel.agwm
FortinetW32/Vilsel.GA!tr
AVGWin32:Vilsel-AL [Trj]
Qihoo-360Win32/Trojan.Vilsel.HxMBEpsA

How to remove Win32/VB.NTU?

Win32/VB.NTU removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment