Malware

Win32:AutoRun-BGQ [Wrm] removal instruction

Malware Removal

The Win32:AutoRun-BGQ [Wrm] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:AutoRun-BGQ [Wrm] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Win32:AutoRun-BGQ [Wrm]?



File Info:

name: 02D1CDD696B070299815.mlw
path: /opt/CAPEv2/storage/binaries/c3e0d0e7a026e0799d70db2952e968a171a57e0ccdca2a545d565a13540c8a8f
crc32: 0F576737
md5: 02d1cdd696b070299815b3cc57dda47f
sha1: 2df73589e8e7977098fe9b535333b3aae15661fc
sha256: c3e0d0e7a026e0799d70db2952e968a171a57e0ccdca2a545d565a13540c8a8f
sha512: 16bf6b41507565693b6221bf01fd4bfe2963552a63d2a5007bb8b935d5fa4e9c1eb5fa6892c1b8b5c4bf36a132d8e1adb2c12c0af27671eab2e1c3a8f8fb2415
ssdeep: 768:RkIrC2TSFHZ+xOF4/i/BEYkp7P6lweQDhDmpU5GFrrEzWsdSE0d8pUHIkI0Fo:RB4FIxO+2G40OIk7o
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16973A47AB8C20456D949433F332BCAE701137D0DAF5BA159B29C6FBE4C18E544D2A633
sha3_384: bb421703ca4fe2bc5212f429f3b962ae7b86e475a0ce456a87793982971dd9bdddc3c27303cc49f82d5ac0dbceb5ec13
ep_bytes: 68f0124000e8eeffffff000000000000
timestamp: 2009-12-10 13:38:26


Version Info:

Translation: 0x0409 0x04b0
CompanyName: CeeuUlTR
ProductName: CeeuUlTR
FileVersion: 4.66
ProductVersion: 4.66
InternalName: CeeuUlTR
OriginalFilename: CeeuUlTR.exe

Win32:AutoRun-BGQ [Wrm] also known as:

BkavW32.nuotik.Fam.Worm
LionicWorm.Win32.VBNA.lmeS
Elasticmalicious (high confidence)
DrWebTrojan.Siggen.34201
MicroWorld-eScanGen:Trojan.Chinky.2
FireEyeGeneric.mg.02d1cdd696b07029
CAT-QuickHealTrojan.Vobfus.gen
McAfeeDownloader-CBJ
CylanceUnsafe
ZillyaTrojan.VB.Win32.448367
SangforSuspicious.Win32.Save.a
K7AntiVirusNetWorm ( 700000151 )
AlibabaMalware:Win32/km_2f59.None
K7GWNetWorm ( 700000151 )
Cybereasonmalicious.696b07
BitDefenderThetaAI:Packer.0CF34A2820
VirITTrojan.Win32.VB.ZTL
CyrenW32/Vobfus.D.gen!Eldorado
SymantecW32.Changeup
ESET-NOD32Win32/AutoRun.VB.IO
TrendMicro-HouseCallWORM_VBNA.SM
Paloaltogeneric.ml
ClamAVWin.Trojan.VB-1207
KasperskyTrojan.Win32.VB.ztl
BitDefenderGen:Trojan.Chinky.2
NANO-AntivirusTrojan.Win32.VB.eeymjz
SUPERAntiSpywareTrojan.Agent/Gen-VB[Fack77N]
TACHYONTrojan/W32.VB-Agent.77824.IH
SophosMal/Generic-R + Mal/SillyFDC-C
ComodoTrojWare.Win32.VBChinky.a0@1mjeds
BaiduWin32.Worm.Autorun.z
VIPREWorm.Win32.Vobfus.gen (v)
TrendMicroWORM_VBNA.SM
McAfee-GW-EditionBehavesLike.Win32.VBObfus.lm
EmsisoftGen:Trojan.Chinky.2 (B)
IkarusVirus.Worm
AviraTR/VB.Chinky.a
Antiy-AVLTrojan/Generic.ASCommon.F
MicrosoftTrojan:Win32/Zbot.DQ!MTB
ZoneAlarmTrojan.Win32.VB.ztl
GDataGen:Trojan.Chinky.2
CynetMalicious (score: 100)
AhnLab-V3Win32/Vbna4.worm.Gen
VBA32TScope.Trojan.VB
ALYacGen:Trojan.Chinky.2
MAXmalware (ai score=81)
MalwarebytesMalware.AI.3323533945
PandaW32/Vobfus.BF
APEXMalicious
RisingWorm.Autorun!8.50 (CLOUD)
YandexTrojan.GenAsa!BuQA6xuGzUk
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.VB.ZTL
FortinetW32/VBNA.D!tr
AVGWin32:AutoRun-BGQ [Wrm]
AvastWin32:AutoRun-BGQ [Wrm]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32:AutoRun-BGQ [Wrm]?

Win32:AutoRun-BGQ [Wrm] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment