Worm

Worm.Ludbaruma.B (B) removal instruction

Malware Removal

The Worm.Ludbaruma.B (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Worm.Ludbaruma.B (B) virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Expresses interest in specific running processes
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Checks for the presence of known windows from debuggers and forensic tools
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Network activity detected but not expressed in API logs
  • Attempts to identify installed AV products by installation directory
  • Detects VirtualBox through the presence of a registry key
  • Attempts to disable System Restore
  • Attempts to modify Explorer settings to prevent file extensions from being displayed
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

Related domains:

z.whorecord.xyz
a.tomx.xyz
redirector.gvt1.com
r3—sn-4g5ednsd.gvt1.com
update.googleapis.com

How to determine Worm.Ludbaruma.B (B)?


File Info:

crc32: 770E8BD2
md5: aa1f878d33034b03c4908a32f901a049
name: AA1F878D33034B03C4908A32F901A049.mlw
sha1: a0d622a58bc2f5c4e072c6469d5c68dbd913f749
sha256: f17071e48e8fa62e97ea78ae413d8fdf4d932befbe7ae64070dccc8e6af246c6
sha512: 2b36e22705a713189168f2d5aaf22dde08d9d7b4e3a9574b12eba2fc095a4d2f32983f746c9a38227d08bec79f329d23cdd961c051a76b705e57f068107813d5
ssdeep: 3072:aOTKYm1IIvpoutNTxZVX4/awxfodLJUBv9Bsor1rHjhMU9npQQpmuG:av1/oSNRARoYlld9n2Qpmx
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

Translation: 0x0409 0x04b0
InternalName: DATA
FileVersion: 0.00.0020
CompanyName: Oncom
ProductName: xk
ProductVersion: 0.00.0020
OriginalFilename: DATA.exe

Worm.Ludbaruma.B (B) also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanWorm.Ludbaruma.B
CylanceUnsafe
VIPREWorm.Win32.Ludbaruma.a (v)
SangforRansom.Win32.Foreign_33.se
K7AntiVirusTrojan ( 0040f6141 )
K7GWP2PWorm ( 0050fa4b1 )
Cybereasonmalicious.d33034
BaiduWin32.Worm.VB.k
SymantecW32.Cridex.B
APEXMalicious
AvastWin32:WormX-gen [Wrm]
ClamAVWin.Trojan.Generic-6333842-0
NANO-AntivirusTrojan.Win32.Regrun.dxtouo
ViRobotWorm.Win32.Ludbaruma.Gen.A
AegisLabTrojan.Win32.Regrun.tp0f
Ad-AwareWorm.Ludbaruma.B
EmsisoftWorm.Ludbaruma.B (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Regrun.gd
AviraTR/Dropper.Gen
eGambitUnsafe.AI_Score_100%
Antiy-AVLTrojan[Ransom]/Win32.Blocker
SUPERAntiSpywareWorm.Ludbaruma/Variant
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win32.IRCBot.R1456
Acronissuspicious
TACHYONTrojan/W32.VB-Ludbaruma.Zen.C
MalwarebytesGeneric.Trojan.Malicious.DDS
ZonerTrojan.Win32.67180
YandexWorm.VB!HEGRpdilMuI
MAXmalware (ai score=100)
FortinetW32/Regrun.PKE!tr
AVGWin32:WormX-gen [Wrm]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360Win32/Trojan.Ransom.624

How to remove Worm.Ludbaruma.B (B)?

Worm.Ludbaruma.B (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment