Worm

Worm.Win32.Vobfus.dfdb removal

Malware Removal

The Worm.Win32.Vobfus.dfdb is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm.Win32.Vobfus.dfdb virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded win api malware family
  • Attempts to disable Windows Auto Updates
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Worm.Win32.Vobfus.dfdb?



File Info:

name: 1C1C551F9810FBCD28B0.mlw
path: /opt/CAPEv2/storage/binaries/b123a4a75212df1f9ac4fb2ced44e9c6041feffb34865ed68938d745b8743b50
crc32: 319B6F9B
md5: 1c1c551f9810fbcd28b0a54b1ea85aa0
sha1: ee7237a3b3323f1bee3b45d1b4550e1f799f94f4
sha256: b123a4a75212df1f9ac4fb2ced44e9c6041feffb34865ed68938d745b8743b50
sha512: c9cd0b49bcb7b7fe66307ab0237cb6644e42d4b35ad82dcefccc975463aba377d093b0d3a2525c54a1ef6bf1e31ae9beb75d14ac50a1e534aecf8c30ce32c402
ssdeep: 6144:n55hk3vnS/Gi+YdQEp9szHR8uBAoE0EOIp5Jlu:Dhk3vnS/Gi+YdQEp9szHR8uBAotSfu
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FA34C63DB2A0A73EE425D6F52C998399005EAD3615D4E84BF7C22B1976F0DE38231793
sha3_384: eabcd7e0b2863ec01dac5ce00c83e80c5738f8c1fed0e263ec7000399cde51d0d541b099821535bbd0bf3e491e4ce373
ep_bytes: 68fc4a4000e8eeffffff000000000000
timestamp: 2012-02-06 20:53:01


Version Info:

Translation: 0x0409 0x04b0
ProductName: HWQzzO
FileVersion: 1.00
ProductVersion: 1.00
InternalName: aBJYgq
OriginalFilename: aBJYgq.exe

Worm.Win32.Vobfus.dfdb also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Chinky.7
FireEyeGeneric.mg.1c1c551f9810fbcd
CAT-QuickHealTrojan.Beebone.D
McAfeeVBObfus.df
ALYacGen:Variant.Chinky.7
MalwarebytesGeneric.Malware.AI.DDS
VIPREGen:Variant.Chinky.7
SangforSuspicious.Win32.Save.vb
K7AntiVirusEmailWorm ( 0054d10f1 )
K7GWEmailWorm ( 0054d10f1 )
CrowdStrikewin/malicious_confidence_100% (W)
BaiduWin32.Worm.Pronny.d
VirITTrojan.Win32.Zyx.HW
SymantecW32.Changeup
tehtrisGeneric.Malware
ESET-NOD32Win32/AutoRun.VB.ARU
APEXMalicious
CynetMalicious (score: 100)
KasperskyWorm.Win32.Vobfus.dfdb
BitDefenderGen:Variant.Chinky.7
NANO-AntivirusTrojan.Win32.WBNA.csfhkf
AvastWin32:VB-ABBN [Trj]
EmsisoftGen:Variant.Chinky.7 (B)
F-SecureTrojan.TR/Chinky.70993
DrWebTrojan.VbCrypt.81
TrendMicroWORM_VOBFUS.SMAB
Trapminesuspicious.low.ml.score
SophosMal/ZboCheMan-B
SentinelOneStatic AI – Malicious PE
AviraTR/Chinky.70993
MAXmalware (ai score=82)
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.999
XcitiumWorm.Win32.Pronny.AK@4ogvoo
ArcabitTrojan.Chinky.7
ViRobotWorm.Win32.A.WBNA.241664.JY
ZoneAlarmWorm.Win32.Vobfus.dfdb
GDataGen:Variant.Chinky.7
VaristW32/Vobfus.AI.gen!Eldorado
AhnLab-V3Worm/Win32.WBNA.R20484
Acronissuspicious
BitDefenderThetaGen:NN.ZevbaF.36802.om0@aaorsCji
TACHYONWorm/W32.Vobfus.241664.B
VBA32BScope.Malware-Cryptor.VBCR.7212
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_VOBFUS.SMAB
RisingWorm.VobfusEx!1.99DB (CLASSIC)
YandexTrojan.GenAsa!Gd8K7rB2haM
IkarusTrojan.Win32.Otran
FortinetW32/VB.AZGU!tr
AVGWin32:VB-ABBN [Trj]
DeepInstinctMALICIOUS
alibabacloudTrojan.Win.UnkAgent

How to remove Worm.Win32.Vobfus.dfdb?

Worm.Win32.Vobfus.dfdb removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment