Win32.Worm.VB.NNA information

The Win32.Worm.VB.NNA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32.Worm.VB.NNA virus can do?

Sample contains Overlay data
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Win32.Worm.VB.NNA?


File Info:
name: A57D8C50F8AA897021FE.mlw
path: /opt/CAPEv2/storage/binaries/89c80f5233b1e3e28819c82f78446077925c7251083814e90427dbb351bc34e5
crc32: 9C171A88
md5: a57d8c50f8aa897021fe6db1d4d719c1
sha1: 374a3e31d0cc224400ec807d9a55cfd24ad644cd
sha256: 89c80f5233b1e3e28819c82f78446077925c7251083814e90427dbb351bc34e5
sha512: e35d19da6b7116e51bd1bbeb90b98ec2cf767afe5629149e0a61498890f88c6ab25f33771eaf1e4e4be647ae2f2122e4f0d22647ebf54633408e5969e06fd4ae
ssdeep: 49152:cKmoG7emVUbWsKmoG7emVUbWpiPDkYOMwwnMb4PmyVjAld:cP7BVUfP7BVUeigYOXwnS4rVjAld
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10EF5D602631340B7D55134B0C45A7B980360AFB83E67E6ABFE54751AFA72BC644373BA
sha3_384: f02614eae2ce275589809af702cbe942fbd30d576fe69c38ff3cc3f5af597425e1546da8a79d55b916bd5119d4d07559
ep_bytes: e8ad0b0000e98cffffffcccccccccc8b
timestamp: 2004-08-04 05:59:09

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Internet Connection Wizard Reminder
FileVersion: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
InternalName: ICWRMIND
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: ICWRMIND.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.00.2900.2180
Translation: 0x0409 0x04b0

Win32.Worm.VB.NNA also known as:

Bkav	W32.AIDetectMalware
Lionic	Virus.Win32.VB.n!c
tehtris	Generic.Malware
MicroWorld-eScan	Win32.Worm.VB.NNA
ClamAV	Win.Worm.Virfire-6814275-0
FireEye	Win32.Worm.VB.NNA
ALYac	Win32.Worm.VB.NNA
Malwarebytes	Generic.Malware.AI.DDS
Zillya	Trojan.GenericKD.Win32.154594
Sangfor	Worm.Win32.VB.DiskBinder
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	Trojan:Win32/Virut.82c7d157
K7GW	Riskware ( 0040eff71 )
CrowdStrike	win/malicious_confidence_70% (W)
Baidu	Win32.Trojan.VB.t
Cyren	W32/Cerbu.X.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Generik.COHEODJ
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	UDS:Virus.Win32.VB.gh
BitDefender	Win32.Worm.VB.NNA
Avast	Win32:Evo-gen [Trj]
Tencent	Malware.Win32.Gencirc.13c04eaf
Emsisoft	Win32.Worm.VB.NNA (B)
F-Secure	Malware.W32/VirFire
DrWeb	Win32.HLLP.Woner
VIPRE	Win32.Worm.VB.NNA
McAfee-GW-Edition	BehavesLike.Win32.RealProtect.wh
Sophos	Mal/Generic-S
Ikarus	Trojan.SuspectCRC
GData	Win32.Trojan.PSE.1WFDCAS
Avira	W32/VirFire
Antiy-AVL	Worm/Win32.AutoRun.vx
Arcabit	Win32.Worm.VB.NNA
ZoneAlarm	UDS:Virus.Win32.VB.gh
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
Acronis	suspicious
McAfee	Artemis!A57D8C50F8AA
MAX	malware (ai score=80)
Cylance	unsafe
Panda	Trj/Chgt.AC
Rising	Dropper.Agent!1.D2B7 (CLASSIC)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Ipamor.D77B!tr
BitDefenderTheta	Gen:NN.ZexaF.36350.lp3@aOld3Nki
AVG	Win32:Evo-gen [Trj]
Cybereason	malicious.0f8aa8
DeepInstinct	MALICIOUS

How to remove Win32.Worm.VB.NNA?

Win32.Worm.VB.NNA removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X