Worm

Worm:Win32/Autorun!VW information

Malware Removal

The Worm:Win32/Autorun!VW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm:Win32/Autorun!VW virus can do?

  • Possible date expiration check, exits too soon after checking local time
  • A process created a hidden window
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Creates a slightly modified copy of itself
  • Anomalous binary characteristics

How to determine Worm:Win32/Autorun!VW?



File Info:

crc32: 1AB50546
md5: 28790b9a32f2d013b7f49a7e85c6ca85
name: 28790B9A32F2D013B7F49A7E85C6CA85.mlw
sha1: 8231a6d6acc8978059192685bd141fa39fb4a2b9
sha256: b6adb9d41dee2eddd95aeb5952a708f5cce8bd162cd40f11d79ac58978031c9a
sha512: ae192210ee4ea2380053bcc3d7b53598d33b613008ec63f13e5ba04908ba193eb328dd64477e8da7502773ac3e7a962fc661ff6db837e5a2e1235a0818fbdf03
ssdeep: 6144:FW0Tva/M5iBcHMBUPVI9Q3SBMi5/EAy/wkTWmtfeZMp7YM4YqD:FJoM5iBcHMBoVIiTAkw4WmtWZMI
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xffa9 Microsoft Corporation. All rights reserved.
InternalName: winlogon
FileVersion: 6.1.7600.16385
CompanyName: Microsoft Corporation
PrivateBuild: WINLOGON.EXE.MUI
LegalTrademarks: xffa9 Microsoft Corporation. All rights reserved.
Comments:                                                                                                                                                                                                                                                                    
ProductName: Microsoftxffae Windowsxffae Operating System
SpecialBuild: 6.1.7600.16385
ProductVersion: 6.1.7600.16385
FileDescription: Windows Logon Application
OriginalFilename: WINLOGON.EXE.MUI
Translation: 0x0409 0x04b0

Worm:Win32/Autorun!VW also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 003f46bb1 )
LionicTrojan.Win32.Blocker.tppy
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader8.6947
CAT-QuickHealTrojan.Small.gen
ALYacGen:Heur.Mint.Porcupine.Cu0@ayq97Ueig
CylanceUnsafe
ZillyaTrojan.Blocker.Win32.14824
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
K7GWTrojan ( 003f46bb1 )
Cybereasonmalicious.a32f2d
CyrenW32/SmallDl.F.gen!Eldorado
SymantecDownloader
ESET-NOD32a variant of Win32/Rodecap.BA
APEXMalicious
AvastWin32:Rodecap-G [Cryp]
CynetMalicious (score: 100)
KasperskyTrojan-Ransom.Win32.Blocker.ahio
BitDefenderGen:Heur.Mint.Porcupine.Cu0@ayq97Ueig
NANO-AntivirusTrojan.Win32.Blocker.cszdni
MicroWorld-eScanGen:Heur.Mint.Porcupine.Cu0@ayq97Ueig
TencentMalware.Win32.Gencirc.10b413de
Ad-AwareGen:Heur.Mint.Porcupine.Cu0@ayq97Ueig
SophosMal/Generic-S + Mal/Qbot-P
BitDefenderThetaGen:NN.ZexaF.34790.Cu0@ayq97Uei
VIPRETrojan.Win32.Small.bhn (v)
TrendMicroWORM_AUTORUN_GG3109E2.UVPM
McAfee-GW-EditionBehavesLike.Win32.Generic.gh
FireEyeGeneric.mg.28790b9a32f2d013
EmsisoftGen:Heur.Mint.Porcupine.Cu0@ayq97Ueig (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojan.Blocker.omv
WebrootW32.Small.Bhn
AviraTR/Crypt.XPACK.Gen5
Antiy-AVLTrojan/Generic.ASMalwS.17BBB0
MicrosoftWorm:Win32/Autorun.gen!VW
GDataGen:Heur.Mint.Porcupine.Cu0@ayq97Ueig
TACHYONTrojan/W32.Blocker.470016.B
AhnLab-V3Trojan/Win32.Small.R46937
Acronissuspicious
McAfeeGenericRXFD-JK!28790B9A32F2
MAXmalware (ai score=99)
VBA32BScope.Trojan.Downloader
MalwarebytesMalware.AI.3688521299
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_AUTORUN_GG3109E2.UVPM
RisingTrojan.Rodecap!1.AEDF (CLASSIC)
YandexTrojan.Blocker!DOIf+3y1JBM
IkarusTrojan.Win32.Small
FortinetW32/Rodecap.BA!tr
AVGWin32:Rodecap-G [Cryp]
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.Blocker.HgIASOYA

How to remove Worm:Win32/Autorun!VW?

Worm:Win32/Autorun!VW removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment