Malware

Win32/VB.TAI removal

Malware Removal

The Win32/VB.TAI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/VB.TAI virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/VB.TAI?



File Info:

name: F506416DB320FAC72A99.mlw
path: /opt/CAPEv2/storage/binaries/67ca679ec02001deafc630f9efa79c92dea186218964b47e33c867cc2ebe53ca
crc32: 5F2B9420
md5: f506416db320fac72a999953195c38ec
sha1: eea34d4ff3a2826cca43facbc69df4befddbb2a8
sha256: 67ca679ec02001deafc630f9efa79c92dea186218964b47e33c867cc2ebe53ca
sha512: 825ddccb1d779bf9b5e04aaead3a76d1bbf0cecb1880ebb955c84e0028bdc0df31d80d93d102514e65a5dab31ca48c720c5feb18abb2c0cb1ccf72ee493406fe
ssdeep: 6144:FtVdRQ/vqkg1gEagdQHhIu6OZVdRQ/vqkg1gEagd:zV7uikFgQXV7uikFg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14754D032A994901AF64746B16CB28E66B832BC305DB0CD4F7B857B6C1936787B4B0727
sha3_384: bc7d718caa278654d6bb11c247d4021b39cac0dcec4ef7c5a9fb0d2436da1a238799a808dda7df9d15aab14f078d87b2
ep_bytes: 68ece44100e8eeffffff000000000000
timestamp: 2019-09-06 03:46:55


Version Info:

Translation: 0x0804 0x04b0
CompanyName: aaaa
ProductName: 工程1
FileVersion: 1.00
ProductVersion: 1.00
InternalName: tvvehp
OriginalFilename: tvvehp.exe

Win32/VB.TAI also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Agent.4!c
MicroWorld-eScanTrojan.GenericKD.47467286
FireEyeGeneric.mg.f506416db320fac7
McAfeeRDN/Generic.dx
CylanceUnsafe
SangforTrojan.Win32.Agent.xadiqv
K7AntiVirusP2PWorm ( 0058acf51 )
AlibabaTrojan:Win32/Generic.c71720a6
K7GWP2PWorm ( 0058acf51 )
CrowdStrikewin/malicious_confidence_100% (W)
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/VB.TAI
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.Agent.xadiqv
BitDefenderTrojan.GenericKD.47467286
AvastWin32:Trojan-gen
TencentWin32.Trojan.Agent.Eacs
Ad-AwareTrojan.GenericKD.47467286
DrWebTrojan.MulDrop19.3425
TrendMicroTROJ_GEN.R032C0WKP21
McAfee-GW-EditionRDN/Generic.dx
EmsisoftTrojan.GenericKD.47467286 (B)
SentinelOneStatic AI – Malicious PE
GDataTrojan.GenericKD.47467286
WebrootW32.Malware.Gen
MAXmalware (ai score=80)
ViRobotTrojan.Win32.Z.Agent.290816.AOE
MicrosoftTrojan:Win32/Wacatac.B!ml
VBA32BScope.Trojan.Fareit
ALYacTrojan.GenericKD.47467286
MalwarebytesMachineLearning/Anomalous.93%
TrendMicro-HouseCallTROJ_GEN.R032C0WKP21
YandexTrojan.Agent!/Uc0ek+cJV8
IkarusTrojan.Win32.VB
eGambitUnsafe.AI_Score_66%
FortinetW32/PossibleThreat
BitDefenderThetaGen:NN.ZevbaCO.34294.rm0@ai9dzjob
AVGWin32:Trojan-gen
Cybereasonmalicious.ff3a28
PandaTrj/GdSda.A
MaxSecureTrojan.Malware.300983.susgen

How to remove Win32/VB.TAI?

Win32/VB.TAI removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment