Malware

Should I remove “Win32:VB-AEMA [Trj]”?

Malware Removal

The Win32:VB-AEMA [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:VB-AEMA [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Attempts to disable Windows Auto Updates
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32:VB-AEMA [Trj]?



File Info:

name: 289F67A7A4E244839944.mlw
path: /opt/CAPEv2/storage/binaries/c719e249b3f83b94b7c236c9d7769c7d1f77ed5ef27076ff99dcb1def8538813
crc32: 7E29D36D
md5: 289f67a7a4e2448399446c8f38d9b420
sha1: 1cce1e7335dc97678a44388729ff7d1515cf380c
sha256: c719e249b3f83b94b7c236c9d7769c7d1f77ed5ef27076ff99dcb1def8538813
sha512: 2703cabfb2df655feaa239879ba6100bd1aca4d452c5b30d1d3ffc3c84baf6523d416bc4bab96cbf7c1eaeab19e41ec9287e3fb1c3fd9ea7337aae27de9e5d61
ssdeep: 768:vH6jxOJETcngIHpFeh6RM1rA8dOsk7jbqqRkA5okK1Dfsvu+Yh9o1XjLftmz:vHcx/AnPLFUnzJA5o9BfIu+I+XjLlm
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12893D73FBB55E884D59CA2781AFACBF615E37C591B0F504622503BBA29E7F001D6CA43
sha3_384: 1c82f3c7a5d080514cbd689e9ce34f1dd312fe11d7b6f1a28e3b39dadc1a4443bf5d03378ff1d551c0451c1a203a90c5
ep_bytes: 6828124000e8f0ffffff000000000000
timestamp: 2012-09-14 05:20:26


Version Info:

Translation: 0x0409 0x04b0
ProductName: acopon
FileVersion: 2.69
ProductVersion: 2.69
InternalName: topsailite
OriginalFilename: topsailite.exe

Win32:VB-AEMA [Trj] also known as:

BkavW32.AIDetectMalware
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Barys.950
FireEyeGeneric.mg.289f67a7a4e24483
CAT-QuickHealTrojan.Beebone.D
McAfeeGenDownloader.rv
Cylanceunsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusEmailWorm ( 0054d10f1 )
K7GWEmailWorm ( 0054d10f1 )
Cybereasonmalicious.7a4e24
VirITWorm.Win32.X-Autorun.BMDK
CyrenW32/Vobfus.AT.gen!Eldorado
SymantecW32.Changeup!gen20
Elasticmalicious (high confidence)
ESET-NOD32Win32/Pronny.DZ
APEXMalicious
ClamAVWin.Trojan.Changeup-6169544-0
KasperskyWorm.Win32.Vobfus.agzv
BitDefenderGen:Variant.Barys.950
NANO-AntivirusTrojan.Win32.Vobfus.covlpk
SUPERAntiSpywareTrojan.Agent/Gen-Vobfus
AvastWin32:VB-AEMA [Trj]
TencentMalware.Win32.Gencirc.10b19d76
TACHYONTrojan/W32.Agent.90112
SophosMal/BeeBone-AE
F-SecureTrojan.TR/Dropper.Gen
DrWebWin32.HLLW.Autoruner1.25776
VIPREGen:Variant.Barys.950
TrendMicroWORM_VOBFUS.SM02
McAfee-GW-EditionBehavesLike.Win32.VBObfus.mt
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Barys.950 (B)
IkarusTrojan.Win32.Agent
GDataGen:Variant.Barys.950
JiangminTrojan/Vbobf.b
WebrootW32.Obfuscated.Gen
AviraTR/Dropper.Gen
Antiy-AVLWorm/Win32.WBNA.gen
XcitiumTrojWare.Win32.Pronny.EB@4qtzpj
ArcabitTrojan.Barys.950
ZoneAlarmWorm.Win32.Vobfus.agzv
MicrosoftWorm:Win32/Vobfus.HU
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Menti.R27300
BitDefenderThetaAI:Packer.4F4BB35520
ALYacGen:Variant.Barys.950
MAXmalware (ai score=82)
VBA32Trojan.Agent
MalwarebytesPronny.Worm.Spreader.DDS
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_VOBFUS.SM02
RisingTrojan.VB!1.99F7 (CLASSIC)
YandexTrojan.GenAsa!6+Gc6qr5vwQ
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.10096891.susgen
FortinetW32/Diple.EJQE!tr
AVGWin32:VB-AEMA [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32:VB-AEMA [Trj]?

Win32:VB-AEMA [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment