Malware

How to remove “Win32:VB-OLS [Trj]”?

Malware Removal

The Win32:VB-OLS [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:VB-OLS [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded win api malware family
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32:VB-OLS [Trj]?



File Info:

name: 2E601C01AAFA6F384A44.mlw
path: /opt/CAPEv2/storage/binaries/a20a5584b1df0f2e51bfce8f005590efd170debf30fe990795a97d6f094328b0
crc32: D74FFEF3
md5: 2e601c01aafa6f384a44dad4f4fbe182
sha1: 6a0b82cc3811ac6746a3382dd64f91a0e88fb6b0
sha256: a20a5584b1df0f2e51bfce8f005590efd170debf30fe990795a97d6f094328b0
sha512: fa032f3a1e855c8c2d7e397ef4bb68e8db8ea29259eeb9c7a0b91a65fdfedca06e3a6295384b64b4d81cd9aa414bd31ff9cde20ddb27167a859e289ae32a5a46
ssdeep: 1536:vjaEigQk5l8m/mxEaHW4HKTpKsUTjlCfglf:vtigH5lj6lqpKs+saf
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13B7351FA7A872C42DB81513DBB6BC6D6566319CDBF8F9181612CBFA94C1CC54082E263
sha3_384: 4a8333862d113746d602e30f3edc3598d1f8d829caaf93cee421f8f33bff50f17ae12adb0765b46a61c3ce710213ed87
ep_bytes: 6848124000e8f0ffffff000000000000
timestamp: 2010-01-23 13:16:27


Version Info:

Translation: 0x0409 0x04b0
CompanyName: yyYHxEDa
ProductName: yyYHxEDa
FileVersion: 4.55
ProductVersion: 4.55
InternalName: yyYHxEDa
OriginalFilename: yyYHxEDa.exe

Win32:VB-OLS [Trj] also known as:

BkavW32.CoocunTeM.Trojan
LionicWorm.Win32.VBNA.li8h
Elasticmalicious (high confidence)
DrWebWin32.HLLW.VBNA.based
MicroWorld-eScanGen:Trojan.Chinky.2
FireEyeGeneric.mg.2e601c01aafa6f38
CAT-QuickHealTrojan.Vobfus.gen
SkyhighBehavesLike.Win32.VBObfus.lt
McAfeeVBObfus
Cylanceunsafe
SangforSuspicious.Win32.Save.vb
K7AntiVirusNetWorm ( 700000151 )
AlibabaMalware:Win32/km_2f55.None
K7GWNetWorm ( 700000151 )
Cybereasonmalicious.c3811a
BitDefenderThetaAI:Packer.04CBDD2B20
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32Win32/AutoRun.OJ
APEXMalicious
ClamAVWin.Dropper.Vobfus-9801948-0
KasperskyWorm.Win32.Vobfus.exlb
BitDefenderGen:Trojan.Chinky.2
NANO-AntivirusTrojan.Win32.VB.cnwrbm
SUPERAntiSpywareTrojan.Agent/Gen-VB[Fack77N]
AvastWin32:VB-OLS [Trj]
TencentWorm.Win32.VBna.j
TACHYONWorm/W32.Agent.77824
SophosMal/SillyFDC-D
GoogleDetected
F-SecureTrojan.TR/Chinky.B
BaiduWin32.Worm.Agent.ab
VIPREGen:Trojan.Chinky.2
TrendMicroWORM_VBNA.SM
EmsisoftGen:Trojan.Chinky.2 (B)
IkarusVirus.Win32.VB
GDataGen:Trojan.Chinky.2
VaristW32/Vobfus.D.gen!Eldorado
AviraTR/Chinky.B
Antiy-AVLWorm/Win32.Vobfus
Kingsoftmalware.kb.a.1000
XcitiumWorm.Win32.AutoRunVB.OJ0@1ouygl
ArcabitTrojan.Chinky.2
ZoneAlarmWorm.Win32.Vobfus.exlb
MicrosoftWorm:Win32/Vobfus.AC
CynetMalicious (score: 100)
AhnLab-V3Win32/Vbna4.worm.Gen
ALYacGen:Trojan.Chinky.2
MAXmalware (ai score=80)
VBA32Trojan.VB.01076
MalwarebytesGeneric.Malware.AI.DDS
PandaW32/Vobfus.CP.worm
TrendMicro-HouseCallWORM_VBNA.SM
RisingTrojan.Autorun!1.DA78 (CLASSIC)
YandexTrojan.GenAsa!xSobOHS8J40
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VBObfus.BDBD!tr
AVGWin32:VB-OLS [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32:VB-OLS [Trj]?

Win32:VB-OLS [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment