Malware

Win32:VB-AAXF [Trj] removal guide

Malware Removal

The Win32:VB-AAXF [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:VB-AAXF [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded pe malware family
  • Attempts to disable Windows Auto Updates
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32:VB-AAXF [Trj]?



File Info:

name: F33708A591681AAAE5CF.mlw
path: /opt/CAPEv2/storage/binaries/0965b69e355aabba23e0ddeb948d4dac65e5afed1247a4bd76759d26aa32d967
crc32: 8379A320
md5: f33708a591681aaae5cfc2f7d3e2a334
sha1: 0da493efda76929660758bf3500c1e20efeb3506
sha256: 0965b69e355aabba23e0ddeb948d4dac65e5afed1247a4bd76759d26aa32d967
sha512: bcfaa44d44a0bcb0be0eb7a115bb11bde7c8709b6531f1b4c31c346e86deb0a2ef35befb5e0c61f4a4471b27a4c7416065aae6904587bbe2f84f54ccad7c2a60
ssdeep: 6144:rp4VGIrqJQNbufrI4ukDnx/8vtvwzsmMAEu3Wev5kBirl87VFt6En9x7Xf7oufaB:rp43mGbMrI4ukDnx/8vtvwzsmMAEGHvN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15424183E72A0A33AE112D5F52D6A969409AF2C362184E417FBC17B187AF19F3D131327
sha3_384: d8b1cbfc2e40e93772028129b58cc0359770a7acd8751c8d3cb05db9c42b7e097f4c50006f0cf6962c2ebdbc1165ec69
ep_bytes: 68443c4000e8f0ffffff000040000000
timestamp: 1970-01-01 00:00:00


Version Info:

Translation: 0x0409 0x04b0
ProductName: MrQsQoeXe
FileVersion: 1.00
ProductVersion: 1.00
InternalName: TOFxXPFxDM
OriginalFilename: TOFxXPFxDM.exe

Win32:VB-AAXF [Trj] also known as:

BkavW32.AIDetectMalware
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Chinky.7
CAT-QuickHealWorm.VobfusVMF.S21191123
SkyhighBehavesLike.Win32.VBObfus.dm
McAfeeVBObfus.df
MalwarebytesGeneric.Malware.AI.DDS
VIPREGen:Variant.Chinky.7
SangforSuspicious.Win32.Save.vb
K7AntiVirusEmailWorm ( 0054d10f1 )
K7GWEmailWorm ( 0054d10f1 )
BaiduWin32.Worm.Pronny.d
VirITTrojan.Win32.Zyx.HR
SymantecW32.Changeup!gen15
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/AutoRun.VB.ARD
APEXMalicious
TrendMicro-HouseCallWORM_VOBFUS.SM00
ClamAVWin.Trojan.Vobfus-5
KasperskyWorm.Win32.Vobfus.dgju
BitDefenderGen:Variant.Chinky.7
NANO-AntivirusTrojan.Win32.WBNA.covkdj
SUPERAntiSpywareTrojan.Agent/Gen-Remnat[VB]
AvastWin32:VB-AAXF [Trj]
TencentWorm.Win32.Vobfus.n
TACHYONWorm/W32.Vobfus.217088.F
EmsisoftGen:Variant.Chinky.7 (B)
F-SecureTrojan.TR/VBKrypt.qwesd
DrWebTrojan.VbCrypt.81
TrendMicroWORM_VOBFUS.SM00
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.f33708a591681aaa
SophosMal/SillyFDC-U
IkarusTrojan.Win32.Otran
GoogleDetected
AviraTR/VBKrypt.qwesd
VaristW32/Vobfus.AI.gen!Eldorado
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.1000
MicrosoftWorm:Win32/Vobfus!pz
XcitiumTrojWare.Win32.Diple.EMIB@4pez3w
ArcabitTrojan.Chinky.7
ViRobotTrojan.Win32.A.VBKrypt.217088.BV
ZoneAlarmWorm.Win32.Vobfus.dgju
GDataWin32.Trojan.VB.AJO
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Menti.R21120
Acronissuspicious
BitDefenderThetaGen:NN.ZevbaF.36804.nm0@aWvxpppi
ALYacGen:Variant.Chinky.7
MAXmalware (ai score=80)
VBA32BScope.Trojan.VBCR.2512
Cylanceunsafe
PandaTrj/Genetic.gen
RisingTrojan.VB!1.99F7 (CLASSIC)
YandexTrojan.GenAsa!89bUH6XkhAo
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VB.AZGU!tr
AVGWin32:VB-AAXF [Trj]
DeepInstinctMALICIOUS
alibabacloudTrojan:Win/Vobfus.f9de3392

How to remove Win32:VB-AAXF [Trj]?

Win32:VB-AAXF [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment