Worm.Ludbaruma.A3 removal instruction

Malware Removal

The Worm.Ludbaruma.A3 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Worm.Ludbaruma.A3 virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Checks for the presence of known windows from debuggers and forensic tools
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Network activity detected but not expressed in API logs
  • Detects VirtualBox through the presence of a registry key
  • Anomalous binary characteristics

How to determine Worm.Ludbaruma.A3?


File Info:

crc32: F351B04B
md5: bcd5e0d273c1f2b7b215703a6284a8c9
name: BCD5E0D273C1F2B7B215703A6284A8C9.mlw
sha1: ec35f1ca972898b76b00e6e5436dc2c15e65826f
sha256: 4d3141ac9b54295bc1c9b6543a62b2e9cb182d89e223eb0be9afc4c4f2bb0113
sha512: eeda84b742edf359b849ada757b7023be38bccf9b29130521474fd472095b5c8cd5bbfcd7425f1bdb85cde070a62fb7e8a40bb839c6b497dafda49d483a89979
ssdeep: 3072:Ax/5F/E7tEf0me+p+tYlpJH7iXQNgggHlxDZiYLK5Wpht4xZVX42:AxhF4cs+wWJH7igNgjdFKsCRf
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

Translation: 0x0409 0x04b0
InternalName: DATA
FileVersion: 0.00.0020
CompanyName: Oncom
ProductName: xk
ProductVersion: 0.00.0020
OriginalFilename: DATA.exe

Worm.Ludbaruma.A3 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.VB.OJW
FireEyeGeneric.mg.bcd5e0d273c1f2b7
CAT-QuickHealWorm.Ludbaruma.A3
Qihoo-360Win32/Worm.FakeFolder.HU
McAfeeW32/Rontokbro.gen@MM
CylanceUnsafe
VIPREWorm.Win32.Ludbaruma.a (v)
SangforRansom.Win32.Foreign_11.se
K7AntiVirusTrojan ( 0040f6141 )
BitDefenderTrojan.VB.OJW
K7GWP2PWorm ( 0050fa4b1 )
Cybereasonmalicious.273c1f
BitDefenderThetaAI:Packer.D9B5E1A91D
CyrenW32/S-2ee348b2!Eldorado
SymantecSMG.Heur!gen
BaiduWin32.Worm.VB.k
APEXMalicious
AvastWin32:Emotet-AI [Trj]
ClamAVWin.Worm.Untukmu-5949608-0
KasperskyTrojan-Ransom.Win32.Blocker.kpuo
NANO-AntivirusTrojan.Win32.Regrun.dxtouo
ViRobotTrojan.Win32.Ludbaruma.Gen.A
RisingRansom.Blocker!8.12A (TFE:dGZlOgWKyi/lv9zO9g)
Ad-AwareTrojan.VB.OJW
SophosML/PE-A + W32/Mato-N
ComodoTrojWare.Win32.Injector.FZZA@57zyc0
F-SecureTrojan.TR/Agent.gdnw
DrWebTrojan.DownLoader7.3730
ZillyaTrojan.RegrunGen.Win32.1
TrendMicroTSPY_LUDBARUMA_BK083EDB.TOMC
McAfee-GW-EditionBehavesLike.Win32.Rontokbro.dm
EmsisoftTrojan.VB.OJW (B)
IkarusTrojan.AgentMB.VB
JiangminTrojan.Blocker.tav
AviraTR/Agent.gdnw
MAXmalware (ai score=80)
Antiy-AVLTrojan/Win32.Unknown
MicrosoftWorm:Win32/Ludbaruma.A
ArcabitTrojan.VB.OJW
SUPERAntiSpywareWorm.Ludbaruma/Variant
ZoneAlarmTrojan-Ransom.Win32.Blocker.kpuo
GDataWin32.Worm.Ludbaruma.A
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win32.IRCBot.R1456
Acronissuspicious
VBA32TScope.Trojan.VB
ALYacTrojan.VB.OJW
TACHYONTrojan/W32.VB-Ludbaruma.Zen.B
MalwarebytesGeneric.Trojan.Malicious.DDS
PandaTrj/Genetic.gen
ZonerTrojan.Win32.70598
ESET-NOD32Win32/VB.ORD
TrendMicro-HouseCallTSPY_LUDBARUMA_BK083EDB.TOMC
TencentTrojan-Ransom.Win32.Blocker.kalr
YandexTrojan.GenAsa!3Dzo+yWZn14
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_100%
FortinetW32/Regrun.PKE!tr
AVGWin32:Emotet-AI [Trj]
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureTrojan-Ransom.Win32.Blocker.kpuo

How to remove Worm.Ludbaruma.A3?

Worm.Ludbaruma.A3 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment