Worm

Worm.Win32.VBNA.arxw removal tips

Malware Removal

The Worm.Win32.VBNA.arxw is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm.Win32.VBNA.arxw virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Injection (inter-process)
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Worm.Win32.VBNA.arxw?



File Info:

name: 50A1A23430F164823669.mlw
path: /opt/CAPEv2/storage/binaries/56447be167f6025f6a35e624ef5f20637f28b1074cd061f4d73a904750b8797b
crc32: 706ABEE7
md5: 50a1a23430f1648236692c8f54bc8781
sha1: 391be37f75679a21124d9918383459598ddcd2ed
sha256: 56447be167f6025f6a35e624ef5f20637f28b1074cd061f4d73a904750b8797b
sha512: 5fe36c80dc42883f63eced021eb6a8e48d5eef5b9a6934fd433ee1c7da2a6897a99d2325ec74ee203610cb9039f671d3f1a95f982a7ba5b81541d05cad16f51e
ssdeep: 6144:9pco961DifkpJFhSpe/+Ij7NweeJEKlJ85eg/0ISDhfq:9pc+6RisJXKIj3e6Rvd/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E8242E54B38099BBF4B08DFAA7A50353009C5D38A9C57213F3C99B1A7579CE682707EB
sha3_384: 47ad9858b62769798b67c78db918cf649429358252bd69fc83254a142fd8146d5ea188a0954541b8a2688c7a82edd69e
ep_bytes: 68d03d4000e8f0ffffff000000000000
timestamp: 2011-03-04 03:50:08


Version Info:

Translation: 0x0409 0x04b0
ProductName: bETSQXOuyoBOvRCvHk
FileVersion: 4.40
ProductVersion: 4.40
InternalName: drZAfvtL
OriginalFilename: drZAfvtL.exe

Worm.Win32.VBNA.arxw also known as:

BkavW32.AIDetectMalware
MicroWorld-eScanGen:Variant.Symmi.86696
FireEyeGeneric.mg.50a1a23430f16482
CAT-QuickHealWorm.VbnaVMF.S19741000
McAfeeVBObfus.g
MalwarebytesGeneric.Malware.AI.DDS
SangforSuspicious.Win32.Save.vb
K7AntiVirusNetWorm ( 700000151 )
K7GWNetWorm ( 700000151 )
Cybereasonmalicious.430f16
BitDefenderThetaAI:Packer.D001F01920
VirITWorm.Win32.VBNA.ARXW
CyrenW32/Vobfus.P.gen!Eldorado
SymantecW32.Changeup
Elasticmalicious (high confidence)
ESET-NOD32Win32/AutoRun.VB.ABZ
APEXMalicious
ClamAVWin.Trojan.Changeup-6169544-0
KasperskyWorm.Win32.VBNA.arxw
BitDefenderGen:Variant.Symmi.86696
NANO-AntivirusTrojan.Win32.VB.cojabz
SUPERAntiSpywareTrojan.Agent/Gen-ZBot
AvastWin32:VB-RUG [Wrm]
EmsisoftGen:Variant.Symmi.86696 (B)
BaiduWin32.Worm.VB.tn
F-SecureTrojan.TR/Kazy.14392.19
DrWebTrojan.VbCrypt.60
VIPREGen:Variant.Symmi.86696
TrendMicroWORM_VBNA.SMTJ
McAfee-GW-EditionBehavesLike.Win32.VBObfus.dm
SophosMal/SillyFDC-M
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Symmi.86696
GoogleDetected
AviraTR/Kazy.14392.19
MAXmalware (ai score=81)
Antiy-AVLWorm/Win32.WBNA.gen
ArcabitTrojan.Symmi.D152A8
ZoneAlarmWorm.Win32.VBNA.arxw
MicrosoftWorm:Win32/Vobfus.gen!F
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.VBKrypt.R3426
VBA32Trojan.VB.01301
ALYacGen:Variant.Symmi.86696
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_VBNA.SMTJ
RisingWorm.Autorun!8.50 (TFE:3:EBRTs3XFnC)
YandexTrojan.GenAsa!39zTfSj+If8
IkarusTrojan.Win32.Genome
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VBKrypt.CA!tr
AVGWin32:VB-RUG [Wrm]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Worm.Win32.VBNA.arxw?

Worm.Win32.VBNA.arxw removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment