Worm

Worm.Win32.Vobfus.eryf removal instruction

Malware Removal

The Worm.Win32.Vobfus.eryf is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm.Win32.Vobfus.eryf virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded pe malware family
  • Attempts to disable Windows Auto Updates
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Worm.Win32.Vobfus.eryf?



File Info:

name: 0FDEA9C9850484A5C221.mlw
path: /opt/CAPEv2/storage/binaries/4295166c1843f8814e1ec4d0d2ae42904ea4e5d03804fc55a3c5ac90d07e686d
crc32: 95EA612B
md5: 0fdea9c9850484a5c221457c4772a320
sha1: a9531f913409e5fae95d7cfd2aa77b8f6477ac99
sha256: 4295166c1843f8814e1ec4d0d2ae42904ea4e5d03804fc55a3c5ac90d07e686d
sha512: 16d7469f249b7b178e3b9ffdd8e7d1638e6c8c3570e7e7ce9b7577224e39e560faf2225898eb678adc1a9ad30b513d23bd5d3c420896f1b14406faa1fb44b327
ssdeep: 3072:zyhdVAXY71idPAahELGzMshNXTDFE+7jF6XTjon:zyhzAY+oYqFshNTDT756XTI
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1ED0451256240E23DF020DAFD775442964DA86EB2D1D2A81BE2F8FB1137F4B5653B07A3
sha3_384: d31aa6ef6c3986897a2e3027c18e92ab10f1d247096c6f7609b06d56571d9511adedb4afbb2b35ed6e1a1f44970ce691
ep_bytes: 68cc484000e8eeffffff000058000000
timestamp: 2012-06-19 07:43:48


Version Info:

Translation: 0x0409 0x04b0
Comments: Papillitis
CompanyName: Protostegidae Ejection
FileDescription: Fuye Actinocutitis
LegalCopyright: Seymour pseudolateral Reichsland
LegalTrademarks: Inexhaustibly palingenic
ProductName: Somatization ripiegasti
FileVersion: 6.05
ProductVersion: 6.05
InternalName: kcgtsqgx
OriginalFilename: kcgtsqgx.exe

Worm.Win32.Vobfus.eryf also known as:

BkavW32.AIDetectMalware
LionicWorm.Win32.WBNA.luev
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Symmi.769
ClamAVWin.Trojan.Changeup-6169544-0
FireEyeGeneric.mg.0fdea9c9850484a5
CAT-QuickHealTrojan.Beebone.D
SkyhighBehavesLike.Win32.VBObfus.cm
McAfeeGenDownloader.oq
Cylanceunsafe
ZillyaWorm.Vobfus.Win32.1236398
SangforTrojan.Win32.Save.a
K7AntiVirusEmailWorm ( 0054d10f1 )
AlibabaWorm:Win32/Vobfus.45483058
K7GWEmailWorm ( 0054d10f1 )
Cybereasonmalicious.13409e
BitDefenderThetaAI:Packer.8C6F0C1A20
VirITTrojan.Win32.Generic.ABKN
SymantecW32.Changeup
ESET-NOD32Win32/AutoRun.VB.AWV
APEXMalicious
CynetMalicious (score: 100)
KasperskyWorm.Win32.Vobfus.eryf
BitDefenderGen:Variant.Symmi.769
NANO-AntivirusTrojan.Win32.WBNA.cmtiuh
SUPERAntiSpywareTrojan.Agent/Gen-Vban
AvastWin32:VB-ADKF [Trj]
TencentWorm.Win32.Vobfus.n
TACHYONWorm/W32.Vobfus.184320.C
SophosW32/Autorun-BXZ
BaiduWin32.Trojan.VBObfus.f
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.VbCrypt.60
VIPREGen:Variant.Symmi.769
TrendMicroWORM_VOBFUS.SMIV
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Symmi.769 (B)
IkarusTrojan.Win32.Meredrop
GDataGen:Variant.Symmi.769
JiangminTrojan/Vbobf.b
WebrootW32.Malware.Gen
AviraTR/Dropper.Gen
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.1000
XcitiumWorm.Win32.VB.AUA@4o7zkg
ArcabitTrojan.Symmi.769
ViRobotWorm.Win32.A.WBNA.184320.K
ZoneAlarmWorm.Win32.Vobfus.eryf
MicrosoftWorm:Win32/Vobfus!pz
VaristW32/Vobfus.BE.gen!Eldorado
AhnLab-V3Worm/Win32.WBNA.R28275
Acronissuspicious
VBA32BScope.Trojan.VB.Onechki
ALYacGen:Variant.Symmi.769
MAXmalware (ai score=88)
MalwarebytesGeneric.Malware.AI.DDS
PandaW32/Vobfus.GEW.worm
TrendMicro-HouseCallWORM_VOBFUS.SMIV
RisingWorm.Autorun!8.50 (TFE:5:lDL8jlgcPOU)
YandexTrojan.GenAsa!voQa7MUqIZQ
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VBKrypt.C!tr
AVGWin32:VB-ADKF [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Worm.Win32.Vobfus.eryf?

Worm.Win32.Vobfus.eryf removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment