Malware

About “Win32:VB-ACAA [Trj]” infection

Malware Removal

The Win32:VB-ACAA [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:VB-ACAA [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded pe malware family
  • Attempts to disable Windows Auto Updates
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32:VB-ACAA [Trj]?



File Info:

name: 3C90F73AEC20133AEAC4.mlw
path: /opt/CAPEv2/storage/binaries/e117e78d7a9a631118ed1d1aece3f17c16f4381b1aed1c7e9f9de831b83bdadc
crc32: 11774DAD
md5: 3c90f73aec20133aeac4c79eea860cff
sha1: 5b54e1b505a3d85cf7e8e53849815edc9d5c446e
sha256: e117e78d7a9a631118ed1d1aece3f17c16f4381b1aed1c7e9f9de831b83bdadc
sha512: a601bd8de2d9b0a0d9260c4bcf6f4a4e11cae48e34ba6a4d3573e52c58602cf05438d3b79815628eacee45623de53593a8d05b88fc2c2ad1f50c708ab1df14c1
ssdeep: 3072:+R4jBdJvRRFD1yPBYEmaHtGG2gqZ+/9A+JRjKY5Md41gfJhd:PVh1yPptGG2gqZ+FfKqDsN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11F44626963A0B73DE820C1F868875360846DED731895A40BEBD2771676F0DA7F3207A7
sha3_384: 6f5af497ce9e168f6cfcee84f89f58605a300e7da53332fb995b811b8990fae656aa2f4d0f5ea5fca7b8b673e1e631e7
ep_bytes: 6810414000e8f0ffffff000000000000
timestamp: 2012-03-28 19:53:28


Version Info:

ProductName: 
FileVersion: 1.00
ProductVersion: 1.00
InternalName: 
OriginalFilename: 
Translation: 0x0409 0x04b0

Win32:VB-ACAA [Trj] also known as:

BkavW32.AIDetectMalware
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Barys.950
FireEyeGeneric.mg.3c90f73aec20133a
CAT-QuickHealTrojan.Beebone.D
SkyhighBehavesLike.Win32.VBObfus.dm
McAfeeGeneric VB.kk
MalwarebytesGeneric.Malware.AI.DDS
SangforSuspicious.Win32.Save.vb
K7AntiVirusEmailWorm ( 0054d10f1 )
K7GWEmailWorm ( 0054d10f1 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaGen:NN.ZevbaF.36802.pm0@aquEWPmi
SymantecW32.Changeup
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/AutoRun.VB.ATZ
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Jorik.Vobfus.gtqf
BitDefenderGen:Variant.Barys.950
NANO-AntivirusTrojan.Win32.Jorik.cmtits
SUPERAntiSpywareTrojan.Agent/Gen-Vobfus
AvastWin32:VB-ACAA [Trj]
TencentWorm.Win32.Vobfus.n
SophosMal/SillyFDC-W
F-SecureWorm.WORM/Vobfus.R.100
VIPREGen:Variant.Barys.950
TrendMicroWORM_VOBFUS.SMIJ
Trapminesuspicious.low.ml.score
EmsisoftGen:Variant.Barys.950 (B)
SentinelOneStatic AI – Malicious PE
WebrootW32.Trojan.Diple.Gen
VaristW32/Vobfus.AD.gen!Eldorado
AviraWORM/Vobfus.R.100
MAXmalware (ai score=89)
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.1000
XcitiumWorm.Win32.Pronny.AK@4ogvoo
ArcabitTrojan.Barys.950
ViRobotWorm.Win32.A.WBNA.253952.CBK
ZoneAlarmTrojan.Win32.Jorik.Vobfus.gtqf
GDataGen:Variant.Barys.950
GoogleDetected
AhnLab-V3Trojan/Win32.Jorik.R22928
Acronissuspicious
ALYacGen:Variant.Barys.950
TACHYONTrojan/W32.VB-Jorik.253952.C
Cylanceunsafe
PandaW32/Vobfus.GEW.worm
TrendMicro-HouseCallWORM_VOBFUS.SMIJ
RisingWorm.VobfusEx!1.99DB (CLASSIC)
YandexTrojan.GenAsa!fcdBOcOOr18
IkarusWorm.Win32.Vobfus
FortinetW32/VBKrypt.C!tr
AVGWin32:VB-ACAA [Trj]
DeepInstinctMALICIOUS
alibabacloudWorm:Win/Vobfus.c92dcdf7

How to remove Win32:VB-ACAA [Trj]?

Win32:VB-ACAA [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment