Malware

Win32:AutoRun-BSW [Wrm] malicious file

Malware Removal

The Win32:AutoRun-BSW [Wrm] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:AutoRun-BSW [Wrm] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded pe malware family
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32:AutoRun-BSW [Wrm]?



File Info:

name: B726F0C1895AF4E02ABD.mlw
path: /opt/CAPEv2/storage/binaries/1e7a732797228764476330f159540f82dac7f9ab3449cc1568269224c380b1ba
crc32: 60B8E419
md5: b726f0c1895af4e02abd8f01d54216c9
sha1: 3d1275a27cb2480b8c2d93e53c43d3be1df0f26d
sha256: 1e7a732797228764476330f159540f82dac7f9ab3449cc1568269224c380b1ba
sha512: 9866b4f2d052b4ae111026828d571e6b2466551d5f2337c69c1259ad297a9074b2ea42bebad7fdb96f55fb4f10b9336171a3e439dbf37eb0f11c8d5213699437
ssdeep: 1536:5fXlA7WeNMyE+klwWH1CLS0MJPnHwEZHLTlBAMpdMOGJBdYlZxPAkXzcwA8peFZl:R1A7WV+kwWH1CLSBXbHLAkXz2hnBQc
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15614BC10B3E2658AC29AED74205FF1C761B6B179557B8C01A5172B602B0DECAE73C3B7
sha3_384: e1a87251ddbe0e1507f32f73d6f4dc48d49b8788a6fb49320f1cbfe30c25905bf31231be61dfba1f3bc77c7359b25e5f
ep_bytes: 6880114000e8f0ffffff000000000000
timestamp: 2011-01-01 05:35:37


Version Info:

Translation: 0x0409 0x04b0
CompanyName: UserXP
ProductName: 778VBRUN
FileVersion: 3.36
ProductVersion: 3.36
InternalName: ZZIIq45
OriginalFilename: ZZIIq45.exe

Win32:AutoRun-BSW [Wrm] also known as:

BkavW32.AIDetectMalware
LionicWorm.Win32.AutoRun.o!c
AVGWin32:AutoRun-BSW [Wrm]
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.VBKrypt.23
FireEyeGeneric.mg.b726f0c1895af4e0
SkyhighBehavesLike.Win32.VBObfus.dt
McAfeeDownloader-CJX.gen.n
MalwarebytesMalware.AI.1620571030
SangforSuspicious.Win32.Save.vb
K7AntiVirusTrojan ( 001f4fd51 )
AlibabaWorm:Win32/vobfus.1030
K7GWTrojan ( 001f4fd51 )
BitDefenderThetaAI:Packer.0CAAE8D320
VirITWorm.Win32.VB.AB
SymantecW32.Changeup!gen10
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/AutoRun.AFC
CynetMalicious (score: 100)
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Changeup-6169544-0
KasperskyWorm.Win32.AutoRun.bzbm
BitDefenderGen:Variant.VBKrypt.23
NANO-AntivirusTrojan.Win32.AutoRun.covksi
AvastWin32:AutoRun-BSW [Wrm]
TencentWorm.Win32.AutoRun.hd
EmsisoftGen:Variant.VBKrypt.23 (B)
BaiduWin32.Worm.AutoRun.cj
F-SecureTrojan.TR/Dropper.Gen
DrWebWin32.HLLW.Autoruner.40801
VIPREGen:Variant.VBKrypt.23
TrendMicroWORM_VOBFUS.SMIA
Trapminemalicious.high.ml.score
SophosMal/Generic-R
SentinelOneStatic AI – Malicious PE
JiangminWorm/AutoRun.alsz
VaristW32/VB.BR.gen!Eldorado
AviraTR/Dropper.Gen
MAXmalware (ai score=84)
Antiy-AVLWorm/Win32.WBNA.gen
MicrosoftWorm:Win32/Vobfus.gen!E
ArcabitTrojan.VBKrypt.23
ViRobotWorm.Win32.A.AutoRun.204800.C
ZoneAlarmWorm.Win32.AutoRun.bzbm
GDataWin32.Worm.AutoRun.U
GoogleDetected
AhnLab-V3Trojan/Win.VBKrypt.R485082
ALYacGen:Variant.VBKrypt.23
TACHYONWorm/W32.VB-AutoRun.204800
VBA32SScope.Trojan.VBRA.13438
Cylanceunsafe
PandaGeneric Malware
TrendMicro-HouseCallWORM_VOBFUS.SMIA
RisingWorm.Vobfus!8.10E (TFE:3:FaJNLDAnTpO)
YandexTrojan.GenAsa!MU/GrobZj7s
IkarusTrojan.Win32.VBKrypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/AutoRun.XM!worm
DeepInstinctMALICIOUS
alibabacloudTrojan[dropper]:Win/Autorun.f8a439a0

How to remove Win32:AutoRun-BSW [Wrm]?

Win32:AutoRun-BSW [Wrm] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment