Malware

Win32:VB-AENV [Trj] removal

Malware Removal

The Win32:VB-AENV [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:VB-AENV [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded pe malware family
  • Attempts to disable Windows Auto Updates
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32:VB-AENV [Trj]?



File Info:

name: 0A41203BEFAFCE6AC3DA.mlw
path: /opt/CAPEv2/storage/binaries/e3db051adcd71615aac563a551b6af62171e5771bda917c0dceb33f800a30106
crc32: 85EDF5EE
md5: 0a41203befafce6ac3da5ba6c4554f3e
sha1: 26ce89789e3d7d22161247b856a1144f59341d6b
sha256: e3db051adcd71615aac563a551b6af62171e5771bda917c0dceb33f800a30106
sha512: 388051e9798752a8c72090bdddafa85536e9924e706ebb058ea495078f843480ae5712ee19d5d83c04aa9bcca232717b8914a3213baabd90c9479f59c3a71954
ssdeep: 1536:hnKOp7M3bW1UENmGJUJaBurC53ArsD77UsMJHuomPnzqLcTJLO01DvqJWgP0gyn8:hKOp7XvlFz77UsMJHuoVDwfG
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T100E3F83B77854785D6482A7525EBC3E626A378298F0B91073958723A7CB2F301E6DF43
sha3_384: 91b3e93c14c2c7d0a336ba67b086961be0bf2a6227dc7df6c549ba7a7d7c21f17b77dcc5a7d35b821209f6b8f8200921
ep_bytes: 685c134000e8eeffffff000058000000
timestamp: 2012-09-21 05:52:15


Version Info:

Translation: 0x0409 0x04b0
ProductName: Openvpn
FileVersion: 4.35
ProductVersion: 4.35
InternalName: sender
OriginalFilename: sender.exe

Win32:VB-AENV [Trj] also known as:

BkavW32.AIDetectMalware
tehtrisGeneric.Malware
DrWebWin32.HLLW.Autoruner1.26617
MicroWorld-eScanGen:Variant.Barys.950
FireEyeGeneric.mg.0a41203befafce6a
CAT-QuickHealTrojan.Beebone.D
SkyhighBehavesLike.Win32.VBObfus.ct
McAfeeGenDownloader.rv
MalwarebytesVBObfus.Worm.Spreader.DDS
SangforSuspicious.Win32.Save.a
K7AntiVirusEmailWorm ( 0054d10f1 )
K7GWEmailWorm ( 0054d10f1 )
Cybereasonmalicious.befafc
BitDefenderThetaGen:NN.ZevbaF.36802.im0@a0J!nEbi
VirITTrojan.Win32.X-Cryptor.GDL
SymantecW32.Changeup!gen20
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/VBObfus.BV
APEXMalicious
TrendMicro-HouseCallWORM_VOBFUS.SM00
AvastWin32:VB-AENV [Trj]
ClamAVWin.Trojan.Changeup-6169544-0
KasperskyWorm.Win32.Vobfus.est
BitDefenderGen:Variant.Barys.950
NANO-AntivirusTrojan.Win32.Vobfus.coonpv
EmsisoftGen:Variant.Barys.950 (B)
GoogleDetected
F-SecureTrojan.TR/Dropper.Gen
TrendMicroWORM_VOBFUS.SM00
Trapminemalicious.high.ml.score
SophosMal/SillyFDC-Y
SentinelOneStatic AI – Malicious PE
JiangminWorm/Vobfus.jqd
VaristW32/Vobfus.AQ.gen!Eldorado
AviraTR/Dropper.Gen
MAXmalware (ai score=81)
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.999
MicrosoftWorm:Win32/Vobfus.ID
XcitiumTrojWare.Win32.Pronny.EE@4qvpy8
ArcabitTrojan.Barys.950
ViRobotWorm.Win32.A.Vobfus.143360.C
ZoneAlarmWorm.Win32.Vobfus.est
GDataGen:Variant.Barys.950
CynetMalicious (score: 100)
AhnLab-V3Worm/Win32.Vobfus.R38810
Acronissuspicious
VBA32TScope.Trojan.VB
ALYacGen:Variant.Barys.950
Cylanceunsafe
PandaTrj/Genetic.gen
RisingTrojan.VB!1.99F7 (CLASSIC)
IkarusWorm.Win32.Vobfus
MaxSecureTrojan.Malware.4579014.susgen
FortinetW32/VBObfus.AU!tr
AVGWin32:VB-AENV [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)
alibabacloudWorm:Win/Vobfus.9a748115

How to remove Win32:VB-AENV [Trj]?

Win32:VB-AENV [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment