Malware

Win32:VB-ABPL [Trj] removal

Malware Removal

The Win32:VB-ABPL [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:VB-ABPL [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded win api malware family
  • Attempts to disable Windows Auto Updates
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32:VB-ABPL [Trj]?



File Info:

name: 8164B30DDAB371277559.mlw
path: /opt/CAPEv2/storage/binaries/50f321b74b27ba0d2c55b1891088bd416b1f88b2f33a76eaf2373d1b290d575f
crc32: 773FDE21
md5: 8164b30ddab371277559e78dced083aa
sha1: 218b4dfab5142919e2e973bda6b6c89b3f0a778a
sha256: 50f321b74b27ba0d2c55b1891088bd416b1f88b2f33a76eaf2373d1b290d575f
sha512: 56360e69f4e949cd24cbb56958c584a11484e1312785560540e3c3b15a5b033d671d764386cab83685038078afb91f7519e43ea689db03c35d0a8f6e3aadb6df
ssdeep: 6144:Mc9qnhctRnmMhpL9J53sTRi52mwzBkvQ:192cjnDnL9J53sFi52mwivQ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19834C639B390F73EE521C2F92D9987A4402EAD3505E1E407F7C12B1A36F1AD792217A7
sha3_384: 818033a091cf9b93cbaf95fc931487e14cfd7e4e929c51c8e32052b759b2c5bcd4e1abcf7e55f1895d1cbde51b92718c
ep_bytes: 68084c4000e8eeffffff000000000000
timestamp: 2012-03-07 19:48:16


Version Info:

Translation: 0x0409 0x04b0
ProductName: IebUvFc
FileVersion: 1.00
ProductVersion: 1.00
InternalName: NWTToQ
OriginalFilename: NWTToQ.exe

Win32:VB-ABPL [Trj] also known as:

BkavW32.AIDetectMalware
AVGWin32:VB-ABPL [Trj]
Elasticmalicious (high confidence)
DrWebTrojan.VbCrypt.81
MicroWorld-eScanGen:Variant.Chinky.7
FireEyeGeneric.mg.8164b30ddab37127
CAT-QuickHealTrojan.Beebone.D
SkyhighBehavesLike.Win32.VBObfus.dm
McAfeeVBObfus.ek
MalwarebytesGeneric.Worm.AutoRun.DDS
VIPREGen:Variant.Chinky.7
SangforSuspicious.Win32.Save.vb
K7AntiVirusEmailWorm ( 0054d10f1 )
K7GWEmailWorm ( 0054d10f1 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaGen:NN.ZevbaF.36802.om0@aOJHRhfi
VirITTrojan.Win32.Zyx.PA
SymantecW32.Changeup
tehtrisGeneric.Malware
ESET-NOD32Win32/AutoRun.VB.ASV
CynetMalicious (score: 100)
APEXMalicious
AvastWin32:VB-ABPL [Trj]
ClamAVWin.Trojan.Changeup-6169544-0
KasperskyWorm.Win32.Vobfus.eexi
BitDefenderGen:Variant.Chinky.7
NANO-AntivirusTrojan.Win32.Inject.covlqa
SUPERAntiSpywareTrojan.Agent/Gen-Vobfus
TencentWorm.Win32.Vobfus.hu
EmsisoftGen:Variant.Chinky.7 (B)
F-SecureTrojan.TR/Kazy.62009.2
BaiduWin32.Trojan.Inject.n
TrendMicroWORM_VOBFUS.SMAB
Trapminemalicious.high.ml.score
SophosMal/SillyFDC-V
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Vbobf.b
GoogleDetected
AviraTR/Kazy.62009.2
MAXmalware (ai score=87)
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.1000
MicrosoftWorm:Win32/Vobfus!pz
XcitiumTrojWare.Win32.Kazy.ST@4okmnf
ArcabitTrojan.Chinky.7
ViRobotTrojan.Win32.A.VB.237568.G
ZoneAlarmWorm.Win32.Vobfus.eexi
GDataWin32.Worm.Vobfus.L
VaristW32/Vobfus.BE.gen!Eldorado
AhnLab-V3Trojan/Win32.Menti.R20177
Acronissuspicious
ALYacGen:Variant.Chinky.7
VBA32BScope.Trojan.Ymacco
Cylanceunsafe
PandaW32/Vobfus.GEW.worm
TrendMicro-HouseCallWORM_VOBFUS.SMAB
RisingWorm.VobfusEx!1.99DC (CLASSIC)
YandexTrojan.GenAsa!Br32YRZH23s
IkarusWorm.Win32.Vobfus
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VBKrypt.C!tr
Cybereasonmalicious.ddab37
DeepInstinctMALICIOUS
alibabacloudTrojan:Win/Vobfus.02c0f826

How to remove Win32:VB-ABPL [Trj]?

Win32:VB-ABPL [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment