Worm

How to remove “Worm.Win32.Vobfus.efkf”?

Malware Removal

The Worm.Win32.Vobfus.efkf is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Worm.Win32.Vobfus.efkf virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded win api malware family
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Worm.Win32.Vobfus.efkf?


File Info:

name: 0D6B71AE78CD97CB627B.mlw
path: /opt/CAPEv2/storage/binaries/e1f25ae5a7017922826f4caefc02e0612b3ae3a3eb9307c226c96319bae5e368
crc32: C8FDB0CF
md5: 0d6b71ae78cd97cb627bf09cfe9c7fbe
sha1: 99b6396e41a501fecbfb3ce75e564f4d0b1cc924
sha256: e1f25ae5a7017922826f4caefc02e0612b3ae3a3eb9307c226c96319bae5e368
sha512: ca6772768596a4d31cec2705331ba8b50b3dcf3a23fd0d5b0ced4c7dee8eee7c0b9ab387cd168ca53ef13a3e1a55a2daa882906cdc10aafcc674665c73da6c4d
ssdeep: 6144:fjM5CElofkFWQPtnRneqAKnvmb7/D269fgwMty0e6ndv0DEQ:fo5CLkFfnRnWKnvmb7/D26qndv0DV
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EF44A5136E29B03BF64388F0292C5717385A9D7A2695BC9772827F1425B1AD3B9F430F
sha3_384: 5406ae88b0d5b1d3925ab333706444f88e8432f254bb1cbde9c29b052783fafd7d3a30f9f70d943fdb22a237d240bebc
ep_bytes: 68583e4000e8f0ffffff000000000000
timestamp: 2010-07-25 03:18:34

Version Info:

0: [No Data]

Worm.Win32.Vobfus.efkf also known as:

BkavW32.AIDetectMalware
LionicWorm.Win32.WBNA.low6
Elasticmalicious (high confidence)
DrWebTrojan.VbCrypt.60
MicroWorld-eScanGen:Variant.Barys.2263
FireEyeGeneric.mg.0d6b71ae78cd97cb
CAT-QuickHealWorm.VobfusVMF.S20098470
SkyhighBehavesLike.Win32.Generic.dm
McAfeeVBObfus.bu
Cylanceunsafe
ZillyaWorm.Vobfus.Win32.1515078
SangforSuspicious.Win32.Save.vb
AlibabaMalware:Win32/km_2faa.None
K7GWEmailWorm ( 0054d10f1 )
K7AntiVirusEmailWorm ( 0054d10f1 )
BitDefenderThetaGen:NN.ZevbaF.36804.pqW@aeyZgzni
VirITTrojan.Win32.SHeur4.GCR
SymantecW32.Changeup
tehtrisGeneric.Malware
ESET-NOD32Win32/AutoRun.VB.AON
APEXMalicious
TrendMicro-HouseCallWORM_VOBFUS.SMAB
AvastWin32:Virtu-F [Inf]
ClamAVWin.Worm.VB-1514
KasperskyWorm.Win32.Vobfus.efkf
BitDefenderGen:Variant.Barys.2263
NANO-AntivirusTrojan.Win32.VB.mjxgo
TencentWorm.Win32.Vobfus.n
EmsisoftGen:Variant.Barys.2263 (B)
F-SecureTrojan.TR/Otran.allue
BaiduWin32.Worm.VB.pw
VIPREGen:Variant.Barys.2263
TrendMicroWORM_VOBFUS.SMAB
Trapminemalicious.high.ml.score
SophosW32/Autorun-BTQ
Paloaltogeneric.ml
MAXmalware (ai score=84)
GoogleDetected
AviraTR/Otran.allue
VaristW32/Vobfus.AA.gen!Eldorado
Antiy-AVLVirus/Win64.Expiro.rsrc
Kingsoftmalware.kb.a.1000
MicrosoftWorm:Win32/Vobfus
XcitiumWorm.Win32.VB.AUA@4o7zkg
ArcabitTrojan.Barys.D8D7
ZoneAlarmWorm.Win32.Vobfus.efkf
GDataGen:Variant.Barys.2263
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Diple.R15226
Acronissuspicious
VBA32BScope.Trojan.Diple
ALYacGen:Variant.Barys.2263
TACHYONTrojan/W32.Agent.253952.C
MalwarebytesGeneric.Malware.AI.DDS
PandaW32/Vobfus.GEP.worm
RisingWorm.VobfusEx!1.99DB (CLASSIC)
YandexTrojan.GenAsa!d6yKmr78f/w
IkarusWorm.Win32.AutoRun
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.F
AVGWin32:Virtu-F [Inf]
DeepInstinctMALICIOUS
alibabacloudWorm:Win/Vobfus.6508cdfd

How to remove Worm.Win32.Vobfus.efkf?

Worm.Win32.Vobfus.efkf removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment