Malware

Win32:VB-AEMB [Trj] removal instruction

Malware Removal

The Win32:VB-AEMB [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32:VB-AEMB [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Attempts to disable Windows Auto Updates
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32:VB-AEMB [Trj]?


File Info:

name: E543BF791D08E0ECA738.mlw
path: /opt/CAPEv2/storage/binaries/39fa86059d9cdba3f14747691c637a2c34c2ae6cc6f386ca489e41793ffaea52
crc32: 7B293A22
md5: e543bf791d08e0eca738c08c0aef902b
sha1: e1a0e8e032f28fddf87c34159e37e0a29af39630
sha256: 39fa86059d9cdba3f14747691c637a2c34c2ae6cc6f386ca489e41793ffaea52
sha512: 7c56295d3beb788510f49b5b0a20115fca024f614d4bbb20e4f51ed100aab01370a212eb9278c3425f8b7803fd8b5d4f15a0cfb9adc0343f35519c1fc6b5b40e
ssdeep: 768:vAr68qOJ+TtzxfwHpFeh6gM1rA8dOsc7jUq4RkA5o3K1DfsvtzsXjLft+9o1mm:vArHqlZzxILFjnAzA5o6BfItoXjLl0hm
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17F93D63FBB169881E55CA27416F6CBF516FB7C57270B100BA74037AA28E6E041DACD93
sha3_384: 246b0f594c65d676b36564d67fb61336c55124231c05139081432b199103ba773fc61244f757a2c3af48bdf1b8213eb1
ep_bytes: 6828124000e8f0ffffff000000000000
timestamp: 2012-09-14 05:23:58

Version Info:

Translation: 0x0409 0x04b0
ProductName: acopon
FileVersion: 2.69
ProductVersion: 2.69
InternalName: topsailite
OriginalFilename: topsailite.exe

Win32:VB-AEMB [Trj] also known as:

BkavW32.AIDetectMalware
tehtrisGeneric.Malware
DrWebWin32.HLLW.Autoruner1.25776
MicroWorld-eScanGen:Variant.Barys.950
ClamAVWin.Trojan.Changeup-6169544-0
FireEyeGeneric.mg.e543bf791d08e0ec
CAT-QuickHealTrojan.Beebone.D
ALYacGen:Variant.Barys.950
MalwarebytesPronny.Worm.Spreader.DDS
SangforSuspicious.Win32.Save.a
K7AntiVirusEmailWorm ( 0054d10f1 )
K7GWEmailWorm ( 0054d10f1 )
Cybereasonmalicious.91d08e
BitDefenderThetaGen:NN.ZevbaF.36196.fm0@a0r3F3pi
VirITWorm.Win32.X-Autorun.BMDK
CyrenW32/Vobfus.AT.gen!Eldorado
SymantecW32.Changeup!gen20
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Pronny.BJ
APEXMalicious
CynetMalicious (score: 100)
KasperskyWorm.Win32.Vobfus.dhlj
BitDefenderGen:Variant.Barys.950
NANO-AntivirusTrojan.Win32.Autoruner1.jvjuka
SUPERAntiSpywareTrojan.Agent/Gen-Vobfus
AvastWin32:VB-AEMB [Trj]
TencentWorm.Win32.Vobfus.ha
EmsisoftGen:Variant.Barys.950 (B)
F-SecureTrojan.TR/Dropper.Gen
VIPREGen:Variant.Barys.950
TrendMicroWORM_VOBFUS.SM02
McAfee-GW-EditionBehavesLike.Win32.VBObfus.mm
Trapminemalicious.high.ml.score
SophosMal/BeeBone-AE
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Barys.950
JiangminTrojan/Vbobf.b
WebrootW32.Trojan.Agent.Gen
AviraTR/Dropper.Gen
Antiy-AVLWorm/Win32.WBNA.gen
XcitiumTrojWare.Win32.Pronny.EB@4qtzpj
ArcabitTrojan.Barys.950
ZoneAlarmWorm.Win32.Vobfus.dhlj
MicrosoftWorm:Win32/Vobfus.HU
GoogleDetected
AhnLab-V3Trojan/Win32.Menti.R36560
McAfeeGenDownloader.rv
MAXmalware (ai score=86)
VBA32Trojan.Agent
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_VOBFUS.SM02
RisingTrojan.VB!1.99F7 (CLASSIC)
YandexTrojan.GenAsa!6+Gc6qr5vwQ
IkarusTrojan.Win32.Agent
MaxSecureTrojan.Malware.5486835.susgen
FortinetW32/Diple.EJQE!tr
AVGWin32:VB-AEMB [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Win32:VB-AEMB [Trj]?

Win32:VB-AEMB [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment