Malware

Win32/VB.QIK removal

Malware Removal

The Win32/VB.QIK is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/VB.QIK virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Enumerates running processes
  • Unconventionial language used in binary resources: Korean
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Attempts to modify proxy settings

How to determine Win32/VB.QIK?



File Info:

name: FD007AA040BF03CFC2CB.mlw
path: /opt/CAPEv2/storage/binaries/c4a553d1722586d51e5f82bd2707bf9462fd5a8d6abdff651190f1d3d646121d
crc32: 616F4A46
md5: fd007aa040bf03cfc2cbcb5c13d77da7
sha1: 27c8d0de1c463cb17da3ed741fb0be824095ac5a
sha256: c4a553d1722586d51e5f82bd2707bf9462fd5a8d6abdff651190f1d3d646121d
sha512: 07dc75711a4d6ebc3760fd87c3fde5fcbc4a400c4fff10fdd4257168fdc51b187ef70ef6fdd7b60b02d59859944d9f86ea80e7763b544a3d7a96a2a0ffa9799b
ssdeep: 3072:4WddblIzLyYMtDjyglZ4xySwKsXGLQt+7JB3gvaMZc4Dx7sTQaROIctH1ZvS/HRS:dUWYkX4xiWLHIVjprpIELqZevWDKj
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19F44236FB0160B42F4258BF298B23EA0B96FFC54116CBDB051156D09BB7D3E158C3AA7
sha3_384: e563426818885729ae33c6ecbfde98dd87abcf3d2bb29dade87c92535bcd9e91723cd4e0f33288d0fda154dd4f47e9c5
ep_bytes: 60be009043008dbe0080fcff5783cdff
timestamp: 2012-09-24 09:09:24


Version Info:

Translation: 0x0412 0x04b0
Comments: fou1gf89ASGF97813GFKUagfku13f13faSF
CompanyName: f31iagsf801g38fogskufbKJAS0FU13
FileDescription: ASFh13of8has89f1h3f1l3hflaf31F
LegalCopyright: F13jfvsaf183FV987FKUVK13F
LegalTrademarks: dfO31BFKUABSFKU13GF97AGSUFK13
ProductName: 13FGaskfug1389fgfbk13bfkJ1F31
FileVersion: 0.00.0001
ProductVersion: 0.00.0001
InternalName: Server
OriginalFilename: Server.dat

Win32/VB.QIK also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader7.753
MicroWorld-eScanGen:Heur.ManBat.1
FireEyeGeneric.mg.fd007aa040bf03cf
McAfeeGenericRXFV-TF!8086A29FB0DB
CylanceUnsafe
ZillyaTrojan.VB.Win32.98297
SangforTrojan.Win32.Save.a
K7AntiVirusNetWorm ( 700000151 )
K7GWNetWorm ( 700000151 )
Cybereasonmalicious.040bf0
BitDefenderThetaGen:NN.ZevbaF.34182.pmLfa4DH0gcG
VirITTrojan.Win32.DownLoader7.BCZ
CyrenW32/VBInject.J.gen!Eldorado
ESET-NOD32a variant of Win32/VB.QIK
APEXMalicious
ClamAVWin.Trojan.Swisyn-6997007-0
KasperskyTrojan.Win32.Writos.pyz
BitDefenderGen:Heur.ManBat.1
NANO-AntivirusTrojan.Win32.Writos.ecmmer
AvastWin32:Evo-gen [Susp]
TencentMalware.Win32.Gencirc.114c0b23
SophosMal/VBCheMan-C
BaiduWin32.Trojan.VB.av
VIPREBackdoor.Win32.Blohi.ba (fs)
TrendMicroBKDR_BLOHI.SM
McAfee-GW-EditionGenericRXFV-TF!8086A29FB0DB
EmsisoftGen:Heur.ManBat.1 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Writos.cg
MaxSecureTrojan.Malware.300983.susgen
AviraTR/Spy.Gen
Antiy-AVLTrojan/Generic.ASMalwS.18BAAD3
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
ViRobotTrojan.Win32.A.Writos.254731[UPX]
GDataGen:Heur.ManBat.1
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.ADH.R41875
VBA32Trojan.Writos
ALYacGen:Heur.ManBat.1
MAXmalware (ai score=83)
TrendMicro-HouseCallBKDR_BLOHI.SM
RisingBackdoor.Blohi!1.A08D (RDMK:cmRtazodKzWZgfcvPqw9isyS/KF+)
YandexTrojan.VB!KlgPahgHb9E
IkarusBackdoor.Win32.Blohi
FortinetW32/KillMBR.NAG!tr
AVGWin32:Evo-gen [Susp]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Win32/VB.QIK?

Win32/VB.QIK removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment