Malware

Win32:VB-AAYI [Trj] removal instruction

Malware Removal

The Win32:VB-AAYI [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:VB-AAYI [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Attempts to disable Windows Auto Updates
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Win32:VB-AAYI [Trj]?



File Info:

name: E21B6F602EF17FB954AE.mlw
path: /opt/CAPEv2/storage/binaries/6858c84027059ac0e7e45389372396dfea5ab34d3b6dfdedd2ea182e1704a672
crc32: 92C7E807
md5: e21b6f602ef17fb954ae0d4623d18741
sha1: b49ca125db62f8f88eaae697bc68596a157d77b1
sha256: 6858c84027059ac0e7e45389372396dfea5ab34d3b6dfdedd2ea182e1704a672
sha512: 00de313e9e83ca3f141ac3f5b15ce9a2c9ddf1ec709c257fcf757e611aff4d23fd1b5b084579c3a17b21cf3a71ede6915e4f000ff939b2cb48aa97f30e688d78
ssdeep: 3072:G3mu7ehhNrWlAIJqPYNbihKovbAM4VkRvjCKuz3EwBT3edZlSL6aOuTOunpE7bV/:G39uhNrWlAIJqPYNbihRzrNvjITEeedB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14604E52D76909B3FE459D6F5692D8398446D6E3A28D0E813FBC16B1C71F0AD2C1323A7
sha3_384: ab71983ebe1b0a33ac61a7e8222cc8e86d920f092ff5aa240ec06a297655cd2c90680240a6fde8c9f3d9f42d5e4ce80d
ep_bytes: 68943a4000e8f0ffffff000000000000
timestamp: 2012-01-26 07:06:50


Version Info:

Translation: 0x0409 0x04b0
ProductName: arkePP
FileVersion: 1.00
ProductVersion: 1.00
InternalName: yWElGGVHkP
OriginalFilename: yWElGGVHkP.exe

Win32:VB-AAYI [Trj] also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.e21b6f602ef17fb9
CAT-QuickHealWorm.VobfusVMF.S19740322
SkyhighBehavesLike.Win32.VBObfus.cm
ALYacGen:Variant.Chinky.7
MalwarebytesGeneric.Malware.AI.DDS
SangforSuspicious.Win32.Save.vb
K7AntiVirusEmailWorm ( 0054d10f1 )
K7GWEmailWorm ( 0054d10f1 )
BaiduWin32.Worm.Pronny.d
VirITTrojan.Win32.Zyx.HP
SymantecW32.Changeup!gen15
tehtrisGeneric.Malware
ESET-NOD32Win32/AutoRun.VB.ARA
APEXMalicious
McAfeeVBObfus.cu
ClamAVWin.Trojan.Changeup-6169544-0
KasperskyWorm.Win32.Vobfus.dfyz
BitDefenderGen:Variant.Chinky.7
NANO-AntivirusTrojan.Win32.VBKrypt.cihuha
SUPERAntiSpywareTrojan.Agent/Gen-Remnat[VB]
MicroWorld-eScanGen:Variant.Chinky.7
AvastWin32:VB-AAYI [Trj]
TencentWorm.Win32.Vobfus.n
EmsisoftGen:Variant.Chinky.7 (B)
F-SecureTrojan.TR/Otran.ammnb
DrWebWorm.Siggen.6885
VIPREGen:Variant.Chinky.7
Trapminemalicious.high.ml.score
SophosMal/VBCheMan-B
SentinelOneStatic AI – Malicious PE
GoogleDetected
AviraTR/Otran.ammnb
MAXmalware (ai score=82)
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.999
XcitiumTrojWare.Win32.VB.AVA@4paxk7
ArcabitTrojan.Chinky.7
ViRobotTrojan.Win32.A.VBKrypt.184320.CG
ZoneAlarmWorm.Win32.Vobfus.dfyz
GDataGen:Variant.Chinky.7
VaristW32/Vobfus.AI.gen!Eldorado
AhnLab-V3Trojan/Win32.VB.R19758
Acronissuspicious
BitDefenderThetaGen:NN.ZevbaF.36804.lm0@aC@Jsedi
TACHYONWorm/W32.Vobfus.184320
VBA32BScope.Trojan.VBCR.2512
Cylanceunsafe
PandaW32/Vobfus.GEW.worm
TrendMicro-HouseCallWORM_VOBFUS.SMAB
RisingWorm.VobfusEx!1.99DB (CLASSIC)
IkarusWorm.Vobfus
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VB.AZGU!tr
AVGWin32:VB-AAYI [Trj]
DeepInstinctMALICIOUS
alibabacloudTrojan:Win/Vobfus.9bd91453

How to remove Win32:VB-AAYI [Trj]?

Win32:VB-AAYI [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment