Worm

Worm.Win32.VBNA.aitt removal instruction

Malware Removal

The Worm.Win32.VBNA.aitt is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm.Win32.VBNA.aitt virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Worm.Win32.VBNA.aitt?



File Info:

name: E549B7BBF339568A67C0.mlw
path: /opt/CAPEv2/storage/binaries/56ca85e74393f431be89d1eb15ec659a514be22a84c9689f3a0c89fccdc12a3c
crc32: 45BFE0E9
md5: e549b7bbf339568a67c053ffdc617b0d
sha1: 5191e39e90f99da7397dca03712c1f29b43eeadc
sha256: 56ca85e74393f431be89d1eb15ec659a514be22a84c9689f3a0c89fccdc12a3c
sha512: daa2ca57a719192a3b020f6e8b5be4e41952c33fa121dfc80dd81f761b21b8e4ba28fff5734a775f3e437a0caeabe361ca2c4ccc5c6006a96cceaac691f91a97
ssdeep: 1536:GNcgoNQY1ObCYUXhXAXzXakcUckn98kMEW73:zRG0kcUckn98kMEQ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12A43716EFE05144BD60D6A313E67CA9F1EB364CE2F4F1A87251873789D36E103825A1B
sha3_384: 7c00a635ef849200c12d847b66e7f57df6b6ffccf732e751f6f6e3afede2fb7a6a5b687cbf682d814f8719c069dca605
ep_bytes: 6874124000e8eeffffff000040000000
timestamp: 2010-07-08 11:37:18


Version Info:

Translation: 0x0409 0x04b0
ProductName: u
FileVersion: 1.47
ProductVersion: 1.47
InternalName: XXqAJjIG
OriginalFilename: XXqAJjIG.exe

Worm.Win32.VBNA.aitt also known as:

BkavW32.AIDetectMalware
LionicWorm.Win32.VBNA.lmeS
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.e549b7bbf339568a
CAT-QuickHealWorm.VBNA.gen
SkyhighBehavesLike.Win32.VBObfus.qm
McAfeeDownloader-CJX.d
Cylanceunsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( f1000d011 )
AlibabaWorm:Win32/vobfus.1030
K7GWTrojan ( f1000d011 )
ArcabitTrojan.Midie.DEA01
BaiduWin32.Worm.VB.as
VirITWorm.Win32.VB.12.O
SymantecW32.Changeup
ESET-NOD32Win32/AutoRun.VB.RD
APEXMalicious
ClamAVWin.Trojan.VB-1146
KasperskyWorm.Win32.VBNA.aitt
BitDefenderGen:Variant.Midie.59905
NANO-AntivirusTrojan.Win32.Inject.covlpb
MicroWorld-eScanGen:Variant.Midie.59905
AvastWin32:VB-PQX [Wrm]
TencentWorm.Win32.VBNA.hew
EmsisoftGen:Variant.Midie.59905 (B)
F-SecureWorm:W32/Vobfus.AX
DrWebTrojan.Inject.8955
VIPREGen:Variant.Midie.59905
TrendMicroWORM_ESFURY.SMA
Trapminemalicious.high.ml.score
SophosW32/Autorun-BFG
SentinelOneStatic AI – Malicious PE
WebrootW32.Obfuscated.Gen
VaristW32/Vobfus.I.gen!Eldorado
AviraTR/Dldr.Gaat.A
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.1000
XcitiumTrojWare.Win32.VB.SWA@527lh3
MicrosoftWorm:Win32/Vobfus.R
ZoneAlarmWorm.Win32.VBNA.aitt
GDataGen:Variant.Midie.59905
GoogleDetected
AhnLab-V3Win32/Vbna4.worm.Gen
ALYacGen:Variant.Midie.59905
MAXmalware (ai score=87)
VBA32Worm.VBNA
MalwarebytesGeneric.Malware.AI.DDS
PandaW32/Vobfus.EQ
TrendMicro-HouseCallWORM_ESFURY.SMA
RisingWorm.VobfusEx!1.99EB (CLASSIC)
YandexTrojan.GenAsa!9Rfy1WXFFUs
IkarusWorm.Win32.Vobfus
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.ADYA!tr
BitDefenderThetaAI:Packer.4AF00E1E20
AVGWin32:VB-PQX [Wrm]
DeepInstinctMALICIOUS
alibabacloudTrojan.Win.UnkAgent

How to remove Worm.Win32.VBNA.aitt?

Worm.Win32.VBNA.aitt removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment