Malware

Win32:VB-OLS [Trj] removal

Malware Removal

The Win32:VB-OLS [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:VB-OLS [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded win api malware family
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32:VB-OLS [Trj]?



File Info:

name: 43AF29B5CAFF594762B9.mlw
path: /opt/CAPEv2/storage/binaries/a0ae0ba1b8544a7fab1d02c6c0b957b59f7d698b1743fc45328449f751251a74
crc32: 2DEFF52B
md5: 43af29b5caff594762b9cad8d3c700d8
sha1: 3453e1dd65d69af8c42b7df988e14cfeedcef2de
sha256: a0ae0ba1b8544a7fab1d02c6c0b957b59f7d698b1743fc45328449f751251a74
sha512: ca2e1ff4a96615a64a41cb4fe124e9c0341aa1cdd832e616c6a4e47d5fd95633d3ba87bc1ac5c049a5ba86262e9aa2b0187507a28f78fc9f114f447a0a46ae2a
ssdeep: 1536:qjMElgdk/lMK/mxEaHW4HKTpKsUTjlCfguQ:q3lgW/lMK6lqpKs+sZQ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19C7341BB7A871802DB81523D7B6FC7C256536ACC6F8F9182711CBFA95C18C644C2EA53
sha3_384: 5eb0d6439e51251110ec929e371bbbfb93a59969973cdec9abb9c535e35d543f600f82cf3882244765d797ad5b0c6f2d
ep_bytes: 6848124000e8f0ffffff000000000000
timestamp: 2010-01-23 13:16:27


Version Info:

Translation: 0x0409 0x04b0
CompanyName: IRRPDIQa
ProductName: IRRPDIQa
FileVersion: 1.34
ProductVersion: 1.34
InternalName: IRRPDIQa
OriginalFilename: IRRPDIQa.exe

Win32:VB-OLS [Trj] also known as:

BkavW32.CoocunTeM.Trojan
LionicWorm.Win32.VBNA.li8h
tehtrisGeneric.Malware
DrWebWin32.HLLW.VBNA.based
MicroWorld-eScanGen:Trojan.Chinky.2
FireEyeGeneric.mg.43af29b5caff5947
CAT-QuickHealTrojan.Vobfus.gen
SkyhighBehavesLike.Win32.VBObfus.lt
McAfeeVBObfus
MalwarebytesGeneric.Malware.AI.DDS
ZillyaWorm.VobfusGen.Win32.2
SangforSuspicious.Win32.Save.vb
K7AntiVirusTrojan ( f1000d031 )
AlibabaWorm:Win32/vobfus.1030
K7GWTrojan ( f1000d031 )
BitDefenderThetaAI:Packer.04CBDD2B20
VirITWorm.Win32.VBNA.LBK
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/AutoRun.OJ
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Dropper.Vobfus-9801948-0
KasperskyWorm.Win32.Vobfus.exlb
BitDefenderGen:Trojan.Chinky.2
NANO-AntivirusTrojan.Win32.VB.cnwrbm
SUPERAntiSpywareTrojan.Agent/Gen-VB[Fack77N]
AvastWin32:VB-OLS [Trj]
TencentWorm.Win32.VBna.j
TACHYONWorm/W32.Agent.77824
EmsisoftGen:Trojan.Chinky.2 (B)
GoogleDetected
F-SecureTrojan.TR/Chinky.B
BaiduWin32.Worm.Agent.ab
VIPREGen:Trojan.Chinky.2
TrendMicroWORM_VBNA.SM
Trapminemalicious.moderate.ml.score
SophosMal/SillyFDC-D
IkarusVirus.Win32.VB
VaristW32/Vobfus.D.gen!Eldorado
AviraTR/Chinky.B
Antiy-AVLTrojan/Win32.AutoRun
MicrosoftWorm:Win32/Vobfus.AC
XcitiumWorm.Win32.AutoRunVB.OJ0@1ouygl
ArcabitTrojan.Chinky.2
ZoneAlarmWorm.Win32.Vobfus.exlb
GDataGen:Trojan.Chinky.2
CynetMalicious (score: 100)
AhnLab-V3Win32/Vbna4.worm.Gen
VBA32Trojan.VB.01076
ALYacGen:Trojan.Chinky.2
MAXmalware (ai score=88)
Cylanceunsafe
PandaW32/Vobfus.CP.worm
TrendMicro-HouseCallWORM_VBNA.SM
RisingTrojan.Autorun!1.DA78 (CLASSIC)
YandexTrojan.GenAsa!xSobOHS8J40
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VBObfus.BDBD!tr
AVGWin32:VB-OLS [Trj]
DeepInstinctMALICIOUS
alibabacloudTrojan:Win/Vobfus.2c0d54da

How to remove Win32:VB-OLS [Trj]?

Win32:VB-OLS [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment