Worm

How to remove “Worm.Win32.Vobfus.erzq”?

Malware Removal

The Worm.Win32.Vobfus.erzq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm.Win32.Vobfus.erzq virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Installs itself for autorun at Windows startup
  • Attempts to disable Windows Auto Updates
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Worm.Win32.Vobfus.erzq?



File Info:

name: AC1A191DCAFF3790BC09.mlw
path: /opt/CAPEv2/storage/binaries/08f8cc2a5f19b74dfbe84219fc1141e473b399b0f9ab79cb5abe121e4d89b40e
crc32: DF1A90A7
md5: ac1a191dcaff3790bc094c58f732fed1
sha1: 4938f0d7d81c7c44e50c3096bd2b5e14ea5166e7
sha256: 08f8cc2a5f19b74dfbe84219fc1141e473b399b0f9ab79cb5abe121e4d89b40e
sha512: e76f47a98ddf608c5c60a468ad71446cf1082e0d4486a86ec756c6407e122b0c2eb9efdd1575796aecce60b1e8bc0a499171567539167ec5bed5be668b6fb518
ssdeep: 3072:VjIMSAO/Mcy1imsW7A0g3XDYHYTvZm3ov5Q4/cMIVH5bEvhSSqeLSqnjYJC:Z770Fy1imdJgc4s2QRhH5IXF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EC347425A3D0FB3DE860C6F82944469048AAEE3768D2AC17F6D15B1677B1E47F220773
sha3_384: c65c1ce2f2f846e1875d90a576a169ad62f47a86c7b2040dbaf4f90efe98456f79cc795972e2c6ba233f50fecf2b23ea
ep_bytes: 68cc4e4000e8eeffffff000000000000
timestamp: 2012-06-07 20:29:37


Version Info:

Translation: 0x0409 0x04b0
Comments: Predefeat Causal
CompanyName: Denominava copyrightable oblongly
FileDescription: esthesiogen
LegalCopyright: presignificator ugualmente
LegalTrademarks: Antibishop dysphoric
ProductName: Smit tautonymic
FileVersion: 5.03
ProductVersion: 5.03
InternalName: kmhjkzccda
OriginalFilename: kmhjkzccda.exe

Worm.Win32.Vobfus.erzq also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.VBInject.11
CAT-QuickHealTrojan.Beebone.D
ALYacGen:Variant.VBInject.11
CylanceUnsafe
SangforVISUAL BASIC4
CrowdStrikewin/malicious_confidence_100% (D)
K7GWEmailWorm ( 0054d10f1 )
K7AntiVirusEmailWorm ( 0054d10f1 )
BaiduWin32.Trojan.VBObfus.f
VirITTrojan.Win32.SHeur4.AHKR
CyrenW32/Vobfus.BE.gen!Eldorado
ESET-NOD32Win32/Pronny.AZ
APEXMalicious
ClamAVWin.Trojan.Meredrop-313
KasperskyWorm.Win32.Vobfus.erzq
BitDefenderGen:Variant.VBInject.11
NANO-AntivirusTrojan.Win32.Diple.cmtitq
ViRobotTrojan.Win32.A.Diple.249856.K
AvastWin32:Agent-AZYN [Trj]
RisingTrojan.VB!1.99F7 (CLASSIC)
Ad-AwareGen:Variant.VBInject.11
EmsisoftGen:Variant.VBInject.11 (B)
ComodoWorm.Win32.Pronny.AK@4ogvoo
DrWebTrojan.VbCrypt.60
TrendMicroWORM_VOBFUS.SMJY
McAfee-GW-EditionBehavesLike.Win32.VBObfus.dm
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.ac1a191dcaff3790
SophosML/PE-A + Mal/VBCheMan-J
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.VBInject.11
JiangminTrojan/Vbobf.b
AviraTR/Kazy.JH.75176
MAXmalware (ai score=82)
ArcabitTrojan.VBInject.11
SUPERAntiSpywareTrojan.Agent/Gen-Viber
ZoneAlarmWorm.Win32.WBNA.ipa
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Diple.R27304
McAfeeVBObfus.da
TACHYONWorm/W32.Vobfus.249856.C
VBA32BScope.Trojan.Diple
MalwarebytesMalware.AI.3791673884
TrendMicro-HouseCallWORM_VOBFUS.SMJY
TencentWorm.Win32.Vobfus.n
YandexTrojan.GenAsa!HAD4hoZ4OnY
IkarusWorm.Win32.WBNA
MaxSecureTrojan.Diple.fjlj
FortinetW32/VBKrypt.C!tr
BitDefenderThetaGen:NN.ZevbaF.34712.pm0@amoVe!ji
AVGWin32:Agent-AZYN [Trj]
Cybereasonmalicious.dcaff3
PandaW32/Vobfus.GEW.worm

How to remove Worm.Win32.Vobfus.erzq?

Worm.Win32.Vobfus.erzq removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment