Malware

How to remove “Win32:VB-WWE [Trj]”?

Malware Removal

The Win32:VB-WWE [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:VB-WWE [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Win32:VB-WWE [Trj]?



File Info:

name: E8AD7A562FD4E7239A72.mlw
path: /opt/CAPEv2/storage/binaries/dd92fa309e91cb91cfedc85026dbcaabb54adfb9c1f476d81c5187fc9a6b897f
crc32: 998B9449
md5: e8ad7a562fd4e7239a72cb9015d88371
sha1: a6fc8f8b3de4c68e6b95d2958e15ff9a379a4f7f
sha256: dd92fa309e91cb91cfedc85026dbcaabb54adfb9c1f476d81c5187fc9a6b897f
sha512: e06b12a97b2b78b67e8282ceadb46e8a32585d49033b037cbaec161e824a215706c7f9d9ce27d581a6ed1ec78072ed2adea6a89fdfa8430beddcf561600085dd
ssdeep: 3072:OPmexwriVcBcv3JlRFeWHP3T1l6IWZQ49uoXTcaG9:OezriVcBYZZe6vr6IWa
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16BD3A22E7790E67ED026CBF42D1A43A09069AC3525E6AD03F3C65F15B7F2E979220743
sha3_384: 774076389f36ad46604fb5a50ed865c5493e59e1a0dd8372a5a50f45a283bb627aa49e69028533f40878a14272aceb4c
ep_bytes: 68b0394000e8eeffffff000050000000
timestamp: 2011-07-27 14:45:20


Version Info:

Translation: 0x0409 0x04b0
ProductName: qQZgjeVAbCjmy
FileVersion: 1.00
ProductVersion: 1.00
InternalName: wtjZeDxGSHRV
OriginalFilename: wtjZeDxGSHRV.exe

Win32:VB-WWE [Trj] also known as:

BkavW32.AIDetectMalware
MicroWorld-eScanGen:Heur.PonyStealer.MLT.1
ClamAVWin.Packed.Score-7640427-0
FireEyeGeneric.mg.e8ad7a562fd4e723
CAT-QuickHealTrojan.Vobfus.gen
ALYacGen:Heur.PonyStealer.MLT.1
Cylanceunsafe
SangforTrojan.Win32.Save.a
K7AntiVirusEmailWorm ( 0054d10f1 )
K7GWEmailWorm ( 0054d10f1 )
CrowdStrikewin/malicious_confidence_100% (W)
BaiduWin32.Worm.Pronny.d
VirITTrojan.Win32.VBKrypt.FEFZ
CyrenW32/Vobfus.W.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/AutoRun.VB.AIZ
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.VB.atxw
BitDefenderGen:Heur.PonyStealer.MLT.1
NANO-AntivirusTrojan.Win32.VB.covkox
SUPERAntiSpywareTrojan.Agent/Gen-Vban
AvastWin32:VB-WWE [Trj]
TACHYONTrojan/W32.VB-VBKrypt.135168
EmsisoftGen:Heur.PonyStealer.MLT.1 (B)
F-SecureWorm.WORM/Vobfus.dazrc
DrWebTrojan.VbCrypt.60
VIPREGen:Heur.PonyStealer.MLT.1
TrendMicroTROJ_VB.SMOD
McAfee-GW-EditionBehavesLike.Win32.VBObfus.cm
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
GDataGen:Heur.PonyStealer.MLT.1
AviraWORM/Vobfus.dazrc
Antiy-AVLWorm/Win32.WBNA.gen
XcitiumWorm.Win32.Vobfus.DQ@5q5mm8
ArcabitTrojan.PonyStealer.MLT.1
ViRobotTrojan.Win32.A.VB.135168.AF
ZoneAlarmTrojan.Win32.VB.atxw
MicrosoftWorm:Win32/Vobfus.DA
GoogleDetected
AhnLab-V3Trojan/Win32.VBKrypt.R10525
McAfeeVBObfus.g
MAXmalware (ai score=86)
VBA32BScope.Trojan.Diple
MalwarebytesMalware.AI.3161126503
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_VB.SMOD
RisingWorm.Vobfus!8.10E (TFE:3:zHcZ5K8AASJ)
YandexTrojan.GenAsa!k7JGFlnR7CE
IkarusWorm.Gamarue
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VBObfus.G!tr
BitDefenderThetaAI:Packer.E7FE892B20
AVGWin32:VB-WWE [Trj]
Cybereasonmalicious.62fd4e
DeepInstinctMALICIOUS

How to remove Win32:VB-WWE [Trj]?

Win32:VB-WWE [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment