Malware

Win32:VB-VHZ [Trj] removal tips

Malware Removal

The Win32:VB-VHZ [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:VB-VHZ [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Win32:VB-VHZ [Trj]?



File Info:

name: DE64629AEFEA9D3B6896.mlw
path: /opt/CAPEv2/storage/binaries/f65726d8798ed9083914a26e7e3d1bdc6d0ad147e4aca65b9ce0c41d5abf2d03
crc32: 2D11EF10
md5: de64629aefea9d3b68961f642bd1f973
sha1: 21ea61510687eb16a6d138ad3ad927068b59d62c
sha256: f65726d8798ed9083914a26e7e3d1bdc6d0ad147e4aca65b9ce0c41d5abf2d03
sha512: fc0ccfd297473cfb775b11a27d427b7852be303463e8d67bc45400a0a4bc3cdf0fce2505064df4808538c2be3faff3a1d3d5e183d938f60bfab681c5e52d8137
ssdeep: 3072:7mW4wjefQn7WbIqH0ybZBiOllyEmcP82+aVdOt66VGegmH:7mLQn7WbIqH0ybZBiOllyE5D+aVkjseN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T135D372177624507FD155E8F57A29C25A30292F7A17A0BC83B7C0AB19AEB00E3B5F570B
sha3_384: 07e1ad4fd78802e99e9397080bc56a8d2f9d2dfb7e47d5b5d0b0b823a5db8a3c427ca33590374132707c46ea50d74b5a
ep_bytes: 68d4324000e8f0ffffff000000000000
timestamp: 2011-06-14 06:14:28


Version Info:

Translation: 0x0409 0x04b0
ProductName: xoNDWPmFIeaGgzNwiDn
FileVersion: 1.00
ProductVersion: 1.00
InternalName: jQkciVjjXhUtzq
OriginalFilename: jQkciVjjXhUtzq.exe

Win32:VB-VHZ [Trj] also known as:

BkavW32.AIDetectMalware
LionicWorm.Win32.WBNA.lr3L
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Agent.GBXS
ClamAVWin.Trojan.Changeup-6169544-0
CAT-QuickHealTrojan.Vobfus.gen
McAfeeVBObfus.g
Cylanceunsafe
ZillyaTrojan.VBKrypt.Win32.796589
SangforSuspicious.Win32.Save.vb
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaMalware:Win32/km_2ff17.None
K7GWEmailWorm ( 0054d10f1 )
K7AntiVirusEmailWorm ( 0054d10f1 )
BitDefenderThetaAI:Packer.472CD37E20
VirITTrojan.Win32.Zyx.BW
CyrenW32/Vobfus.W.gen!Eldorado
SymantecW32.Changeup
ESET-NOD32a variant of Win32/AutoRun.VB.ADL
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.VBKrypt.drhe
BitDefenderTrojan.Agent.GBXS
NANO-AntivirusTrojan.Win32.VBKrypt.cinawx
SUPERAntiSpywareTrojan.Agent/Gen-Vban
AvastWin32:VB-VHZ [Trj]
TencentTrojan.Win32.VB.sh
TACHYONTrojan/W32.VB-VBKrypt.139264.Y
EmsisoftTrojan.Agent.GBXS (B)
BaiduWin32.Trojan.VB.j
F-SecureTrojan.TR/Kazy.267492
DrWebTrojan.VbCrypt.60
VIPRETrojan.Agent.GBXS
TrendMicroWORM_VOBFUS.SMHF
McAfee-GW-EditionBehavesLike.Win32.VBObfus.cm
Trapminesuspicious.low.ml.score
FireEyeGeneric.mg.de64629aefea9d3b
SophosW32/SillyFDC-GC
SentinelOneStatic AI – Malicious PE
GDataTrojan.Agent.GBXS
AviraTR/Kazy.267492
Antiy-AVLWorm/Win32.WBNA.gen
XcitiumTrojWare.Win32.Kazy.AH@3r0szr
ArcabitTrojan.Agent.GBXS
ZoneAlarmTrojan.Win32.VBKrypt.drhe
MicrosoftWorm:Win32/Vobfus.CJ
GoogleDetected
AhnLab-V3Trojan/Win32.Tdss.R8428
VBA32Worm.WBNA
ALYacTrojan.Agent.GBXS
MAXmalware (ai score=81)
MalwarebytesGeneric.Worm.AutoRun.DDS
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_VOBFUS.SMHF
RisingTrojan.Win32.Fednu.swz (CLASSIC)
YandexTrojan.GenAsa!2+cUlzS9nqo
IkarusWorm.Win32.Vobfus
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/WBNA.AOW!worm
AVGWin32:VB-VHZ [Trj]
DeepInstinctMALICIOUS

How to remove Win32:VB-VHZ [Trj]?

Win32:VB-VHZ [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment