Worm

Should I remove “Worm.Win32.Vobfus.ersn”?

Malware Removal

The Worm.Win32.Vobfus.ersn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Worm.Win32.Vobfus.ersn virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Worm.Win32.Vobfus.ersn?


File Info:

name: E1DA8CCDBE09CFC313DA.mlw
path: /opt/CAPEv2/storage/binaries/d195e791b2f7fbc7782ab146ca149729fe14ce4b29bc4ec7315ea488a7983757
crc32: 53877976
md5: e1da8ccdbe09cfc313da53dd66059cd6
sha1: 41bf6a434cfa458c1c35d6c8e6f9973d075e8d68
sha256: d195e791b2f7fbc7782ab146ca149729fe14ce4b29bc4ec7315ea488a7983757
sha512: 1b63745327a177c0961b94af2933884c4373ccddab86d0de27043bec76feee1013c9a9f12ed088a0822af2c91e5d43194ef60db8d1b395866d0f8b9400c9ebed
ssdeep: 1536:nYcIRG5JXj98txpTp3E5zkons4MBikY+msHH0o4vwo3L2YRTB6m8AJ0SJ:74QJ589pE5zkPBir+miUoUEYRTB6ZYJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16B04932A73C1F63BD529C6F42D1643A4806EAD351196AD13F7C64B1AB3F6E938221743
sha3_384: 7bde3c21f8a618a09e7d6a29a54ab86ecf4886cb45fec1f7819da32f182136888061d91fb8f0bf770392dfd898f3974a
ep_bytes: 68f0304000e8eeffffff000000000000
timestamp: 2004-08-20 00:55:18

Version Info:

Translation: 0x0409 0x04b0
ProductName: xxOAndsbeQAlOpF
FileVersion: 1.00
ProductVersion: 1.00
InternalName: bNetfKMhrNThQMXzij
OriginalFilename: bNetfKMhrNThQMXzij.exe

Worm.Win32.Vobfus.ersn also known as:

BkavW32.AIDetectMalware
DrWebTrojan.VbCrypt.60
MicroWorld-eScanTrojan.GenericKDZ.83630
FireEyeGeneric.mg.e1da8ccdbe09cfc3
CAT-QuickHealTrojan.Beebone.D
ALYacTrojan.GenericKDZ.83630
MalwarebytesGeneric.Worm.AutoRun.DDS
VIPRETrojan.GenericKDZ.83630
SangforTrojan.Win32.Save.a
K7AntiVirusEmailWorm ( 0054d10f1 )
K7GWEmailWorm ( 0054d10f1 )
Cybereasonmalicious.dbe09c
BitDefenderThetaAI:Packer.E8419DD61F
VirITTrojan.Win32.SHeur3.CHRJ
CyrenW32/S-43739e52!Eldorado
SymantecW32.Changeup
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/AutoRun.VB.AHJ
APEXMalicious
ClamAVWin.Trojan.Changeup-6169544-0
KasperskyWorm.Win32.Vobfus.ersn
BitDefenderTrojan.GenericKDZ.83630
NANO-AntivirusTrojan.Win32.WBNA.covkiz
AvastWin32:Vitro [Inf]
TencentWorm.Win32.Vobfus.fe
EmsisoftTrojan.GenericKDZ.83630 (B)
F-SecureTrojan.TR/Patched.Ren.Gen
BaiduWin32.Worm.Pronny.d
TrendMicroWORM_VOBFUS.SMHE
McAfee-GW-EditionBehavesLike.Win32.VBObfus.ct
Trapminemalicious.high.ml.score
SophosMal/SillyFDC-T
SentinelOneStatic AI – Malicious PE
GDataTrojan.GenericKDZ.83630
GoogleDetected
AviraTR/Patched.Ren.Gen
Antiy-AVLWorm/Win32.WBNA.gen
XcitiumWorm.Win32.WBNA.BUL@4mk1d5
ArcabitTrojan.Generic.D146AE
ZoneAlarmWorm.Win32.Vobfus.ersn
MicrosoftWorm:Win32/Vobfus.CS
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.VBKrypt.R117465
Acronissuspicious
McAfeeVBObfus.g
TACHYONTrojan/W32.VB-Krypt.176128.C
VBA32TScope.Trojan.VB
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_VOBFUS.SMHE
RisingWorm.Win32.WBNA.h (CLASSIC)
YandexTrojan.GenAsa!wxeafdy0FYg
IkarusTrojan.Diple
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VBObfus.G!tr
AVGWin32:Vitro [Inf]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Worm.Win32.Vobfus.ersn?

Worm.Win32.Vobfus.ersn removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment