Worm

Worm.VB removal guide

Malware Removal

The Worm.VB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm.VB virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Presents an Authenticode digital signature
  • Dynamic (imported) function loading detected
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Worm.VB?



File Info:

name: F96746DC51EF80A653FD.mlw
path: /opt/CAPEv2/storage/binaries/fdedf216304f3283adc03f4bf12baa5697ee522cf0b38435d3b0fadc8d74147b
crc32: 81EE57AA
md5: f96746dc51ef80a653fd867f56fb9815
sha1: 616e72affe23ff8fc852371e29dad76b12dbc9e5
sha256: fdedf216304f3283adc03f4bf12baa5697ee522cf0b38435d3b0fadc8d74147b
sha512: 80676ad10b1358f8d60f9238d5cc8d4544f46e13a06da6e721b516f3400570082998011dc158fbee20e773b73072a75f34e465ecb0f1813df7e25bd3bb0d6458
ssdeep: 24576:tmXVavwIT8P/oXSaGFmXVavwIT8P/oXSaG8alYjboGxZqwijaahIJpXMT9+Dc+lg:tHvbTrrGFHvbTrrGPlYvoGxUSJpXMu
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T121D5060DFEA08C75E16245354466932E96757D109B238ECB63807E9EFFB2FC0A925732
sha3_384: fa91d6b867d6eb3c4b82283f1b537449a4ee9eb808de45c6c90670ab9c811a68d4df6be8c4a305f4e4b0c58826bf166f
ep_bytes: e863060000e978feffffcccccccccccc
timestamp: 2021-02-24 21:27:00


Version Info:

CompanyName: Adobe Systems Incorporated
FileDescription: AcroTextExtractor
FileVersion: 21.1.20142.424128
LegalCopyright: Copyright 1984-2021 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename: AcroTextExtractor.exe
ProductName: Adobe Acrobat text extractor for non-PDF files
ProductVersion: 21.1.20142.424128
Translation: 0x0409 0x04b0

Worm.VB also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Fugrafa.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Fugrafa.213388
FireEyeGen:Variant.Fugrafa.213388
McAfeeArtemis!F96746DC51EF
CylanceUnsafe
SangforTrojan.Win32.Save.a
BitDefenderGen:Variant.Fugrafa.213388
CyrenW32/Fugrafa.AB.gen!Eldorado
SymantecML.Attribute.HighConfidence
AvastWin32:Malware-gen
CynetMalicious (score: 100)
RisingWorm.VB!1.DA41 (CLOUD)
Ad-AwareGen:Variant.Fugrafa.213388
EmsisoftGen:Variant.Fugrafa.213388 (B)
McAfee-GW-EditionBehavesLike.Win32.Autorun.vm
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
MicrosoftTrojan:Win32/Wacatac.B!ml
GridinsoftRansom.Win32.Wacatac.sa
GDataWin32.Trojan.PSE.136NMWS
VBA32Worm.VB
ALYacGen:Variant.Fugrafa.213388
MalwarebytesMalware.AI.3696146603
TrendMicro-HouseCallTROJ_GEN.R03BH0CAB22
YandexTrojan.Agent!vGmSoUnC6tc
MAXmalware (ai score=81)
FortinetW32/Fugrafa.A069!tr
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_80% (W)

How to remove Worm.VB?

Worm.VB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment