What is "Worm.Win32.Vobfus.dhos"?

The Worm.Win32.Vobfus.dhos is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Worm.Win32.Vobfus.dhos virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
A process attempted to delay the analysis task.
Expresses interest in specific running processes
Reads data out of its own binary image
Drops a binary and executes it
Installs itself for autorun at Windows startup
Creates a hidden or system file
Creates a slightly modified copy of itself
Anomalous binary characteristics
Attempts to modify Explorer settings to prevent hidden files from being displayed

Related domains:

ns1.player1253.com

ns1.videoall.net

ns1.mediashares.org

How to determine Worm.Win32.Vobfus.dhos?


File Info:
crc32: 3D5B7F3F
md5: b944d90da74b819efedf789cedb9c848
name: B944D90DA74B819EFEDF789CEDB9C848.mlw
sha1: 798a16bbe0100542642e32b942aeb863c0da1027
sha256: 7d7361f1675479ff9088ad2039d918c1ea44e54c53ad1b19ed312502e7b10bed
sha512: 01053ddfe94bd216e37380f18b98e3c7a007c2aae3d67dbe7ea72f9bbf99facaa5a3fbb24614c953ae2717017e866e133fcda4062184bdbc75cf3788863e04dd
ssdeep: 3072:Zl04lgYg9bVtgfzFHfzb51QRPr8GDi1B:ZlFg59joFJyr8Gu
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
Translation: 0x0409 0x04b0
InternalName: XKlje6904
FileVersion: 4.61
CompanyName: XKlje6904
ProductName: XKlje82
ProductVersion: 4.61
OriginalFilename: XKlje6904.exe

Worm.Win32.Vobfus.dhos also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.VBKrypt.23
FireEye	Generic.mg.b944d90da74b819e
Qihoo-360	HEUR/QVM03.0.08BC.Malware.Gen
McAfee	Downloader-CJX.gen.o
Malwarebytes	Generic.Trojan.Malicious.DDS
SUPERAntiSpyware	Trojan.Agent/Gen-Trafog
K7AntiVirus	Trojan-Downloader ( 001ff72a1 )
K7GW	Trojan-Downloader ( 001ff72a1 )
Cybereason	malicious.da74b8
Baidu	Win32.Worm.AutoRun.cj
Cyren	W32/VB.BR.gen!Eldorado
Symantec	W32.Changeup!gen10
TotalDefense	Win32/Vobfus.I!generic
APEX	Malicious
Avast	Win32:VB-QRI [Drp]
ClamAV	Win.Trojan.Changeup-6169544-0
Kaspersky	Worm.Win32.Vobfus.dhos
BitDefender	Gen:Variant.VBKrypt.23
NANO-Antivirus	Trojan.Win32.Autoruner.coonjn
ViRobot	Trojan.Win32.A.VBKrypt.258048.CN
Ad-Aware	Gen:Variant.VBKrypt.23
Emsisoft	Gen:Variant.VBKrypt.23 (B)
Comodo	Worm.Win32.VB.YK@4on2wz
F-Secure	Trojan.TR/Dropper.Gen
DrWeb	Win32.HLLW.Autoruner.42131
VIPRE	Trojan.Win32.Vobfus.a (v)
TrendMicro	WORM_VBNA.SMTB
McAfee-GW-Edition	BehavesLike.Win32.Downloader.dm
Sophos	ML/PE-A + Mal/SillyFDC-I
SentinelOne	Static AI – Malicious PE – Worm
GData	Gen:Variant.VBKrypt.23
Jiangmin	Trojan/Generic.arygj
Avira	TR/Dropper.Gen
Antiy-AVL	Worm/Win32.WBNA.gen
Arcabit	Trojan.VBKrypt.23
ZoneAlarm	Worm.Win32.Vobfus.dhos
Microsoft	Worm:Win32/Vobfus.gen!E
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.VBKrypt.R2546
Acronis	suspicious
BitDefenderTheta	AI:Packer.34FBDFFB20
ALYac	Gen:Variant.VBKrypt.23
TACHYON	Trojan/W32.VB-Krypt.258048
VBA32	Trojan.VBRA.07070
ESET-NOD32	Win32/AutoRun.VB.YK
TrendMicro-HouseCall	WORM_VBNA.SMTB
Rising	Worm.Agent!1.D163 (CLASSIC)
Yandex	Trojan.GenAsa!kzGc1bM1Y3c
MAX	malware (ai score=88)
Fortinet	W32/AutoRun.XM!worm
AVG	Win32:VB-QRI [Drp]
Panda	Generic Malware
CrowdStrike	win/malicious_confidence_100% (D)

How to remove Worm.Win32.Vobfus.dhos?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “Worm.Win32.Vobfus.dhos”?