Worm

Worm:Win32/Rebhip.T removal instruction

Malware Removal

The Worm:Win32/Rebhip.T is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Worm:Win32/Rebhip.T virus can do?

  • Executable code extraction
  • Unconventionial language used in binary resources: Spanish (Modern)
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Worm:Win32/Rebhip.T?


File Info:

crc32: 47A2EF5B
md5: db4f85ebcb091aaad46567ef408f74f8
name: DB4F85EBCB091AAAD46567EF408F74F8.mlw
sha1: 8547fd87886f770f474edd4335ef08d28367e009
sha256: 0f0ecb05a0915ed5ebc0387f316d6a55c55dbd9461f00cc2cc52dfebaf949b5e
sha512: 22ed6cd9b9df86c2dce0293010bf61e6e6970cd88a511597c4c487f90e65a548d2ebc3a0f14e89f0cc10cde311691b486ab2af4c3e665f59863526d4f1582607
ssdeep: 6144:d2TTIM4i2pccccwIlPDHa07C2Nh9KZoQZyl6j1JAZ5:7M526IVHa07C2A+nWa
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

InternalName: blablablablaa
FileVersion: 1.00
CompanyName: PlAyMoBiLxD
ProductName: ZoOk
ProductVersion: 1.00
OriginalFilename: blablablablaa.exe
Translation: 0x0c0a 0x04b0

Worm:Win32/Rebhip.T also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 005700171 )
Elasticmalicious (high confidence)
DrWebTrojan.VbCrypt.250
CynetMalicious (score: 100)
ALYacGen:Variant.Razy.858975
CylanceUnsafe
ZillyaTrojan.Ruftar.Win32.6140
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
K7GWTrojan ( 005700171 )
Cybereasonmalicious.bcb091
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.SRS
APEXMalicious
AvastWin32:VBCrypt-AVO [Trj]
ClamAVWin.Trojan.Agent-413583
KasperskyTrojan-PSW.Win32.Ruftar.ptu
BitDefenderGen:Variant.Razy.858975
NANO-AntivirusTrojan.Win32.Ruftar.cojbml
ViRobotTrojan.Win32.A.PSW-Ruftar.57644
MicroWorld-eScanGen:Variant.Razy.858975
TencentMalware.Win32.Gencirc.10bb2552
Ad-AwareGen:Variant.Razy.858975
SophosML/PE-A + Troj/VBInj-GF
ComodoTrojWare.Win32.Agent.PTU@4pb3c3
BitDefenderThetaGen:NN.ZevbaF.34690.rm3@a8DWl2J
TrendMicroRansom_CERBER.SMB
McAfee-GW-EditionBehavesLike.Win32.Rontokbro.dc
FireEyeGeneric.mg.db4f85ebcb091aaa
EmsisoftGen:Variant.Razy.858975 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/PSW.Ruftar.ehn
AviraTR/Dropper.Gen
eGambitUnsafe.AI_Score_100%
Antiy-AVLTrojan/Generic.ASMalwS.2AF5C
MicrosoftWorm:Win32/Rebhip.T
GridinsoftVirus.Win32.Gen.bot!i
ArcabitTrojan.Razy.DD1B5F
GDataGen:Variant.Razy.858975
AhnLab-V3Trojan/Win32.Ruftar.R28274
McAfeeGenericRXAD-RC!DB4F85EBCB09
MAXmalware (ai score=88)
VBA32BScope.Trojan.Llac
MalwarebytesMalware.AI.2254074626
PandaTrj/Genetic.gen
TrendMicro-HouseCallRansom_CERBER.SMB
RisingWorm.Rebhip!8.B31 (TFE:3:3z4lYAJeupD)
IkarusTrojan-Ransom.Blocker
FortinetW32/Injector.VQV!tr
AVGWin32:VBCrypt-AVO [Trj]
Paloaltogeneric.ml

How to remove Worm:Win32/Rebhip.T?

Worm:Win32/Rebhip.T removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment