Worm

Worm:Win32/VB.FM removal tips

Malware Removal

The Worm:Win32/VB.FM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm:Win32/VB.FM virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Deletes executed files from disk
  • Anomalous binary characteristics

How to determine Worm:Win32/VB.FM?



File Info:

name: E7B68059EA69EE7AC560.mlw
path: /opt/CAPEv2/storage/binaries/022c996fb3c93ce4f3f21de93a0940cc4b29604a7d18ab42b3de99b3cdb7883b
crc32: 61BDF369
md5: e7b68059ea69ee7ac560e93d2f29b120
sha1: c14b3d33eede850e1bb2fa863b148ce3dad1e66c
sha256: 022c996fb3c93ce4f3f21de93a0940cc4b29604a7d18ab42b3de99b3cdb7883b
sha512: db584f076e4ec622ad653c32e63baaf38496e5b0e9689088942752189bdff6ec48450ec8f660ec8c967b88ed06e239fa572623e5c0b68e0c32f28b23fb59cf2b
ssdeep: 12288:uzR+9kqPx3IeTceYUzwHJem7OzwHJednI:gRlqhIeTceYqwpemIwpednI
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BAC49E41EA00A278D8C365F17909CB3BA9366D12DB1649C39BB83DD67F701E25A7630F
sha3_384: 2a3e0f62a2a4f32b5e803c2584ee30174eb92ef686a8865ad66ebf3f992d1d7f1ed8abc734a4bb4e1b2cbbeef05acf99
ep_bytes: 68c83b4000e8f0ffffff000000000000
timestamp: 2007-04-20 11:55:45


Version Info:

Translation: 0x0804 0x04b0
ProductName:  
FileVersion: 1.00
ProductVersion: 1.00
InternalName: avp
OriginalFilename: avp.exe

Worm:Win32/VB.FM also known as:

BkavW32.AIDetectMalware
LionicVirus.Win32.VB.lhVA
Elasticmalicious (high confidence)
MicroWorld-eScanDropped:Win32.Worm.VB.GF
SkyhighBehavesLike.Win32.Fujacks.hh
McAfeeGenericR-ERA!E7B68059EA69
Cylanceunsafe
SangforSuspicious.Win32.Save.vb
K7AntiVirusTrojan ( 000ef5af1 )
Alibabavirus:Win32/InfectPE.ali2000007
K7GWTrojan ( 000ef5af1 )
Cybereasonmalicious.3eede8
ArcabitWin32.Worm.VB.GF
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32Win32/VB.GO
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Worm.VB-658
KasperskyWorm.Win32.VB.go
BitDefenderDropped:Win32.Worm.VB.GF
NANO-AntivirusTrojan.Win32.VB.lotx
AvastWin32:VB-EJQ [Wrm]
RisingWorm.VB.akx (CLASSIC)
EmsisoftDropped:Win32.Worm.VB.GF (B)
F-SecureTrojan.TR/VB.Downloader.Gen
DrWebTrojan.Siggen4.21498
ZillyaWorm.VB.Win32.1603
TrendMicroWORM_VB.FWK
FireEyeGeneric.mg.e7b68059ea69ee7a
SophosMal/VBWorm-C
IkarusHackTool.Win32.Kiser
JiangminWorm/VB.pje
VaristW32/VBKrypt.BFB.gen!Eldorado
AviraTR/VB.Downloader.Gen
MAXmalware (ai score=82)
Antiy-AVLWorm/Win32.VB
Kingsoftmalware.kb.a.1000
XcitiumWorm.Win32.VB.GO@4737
MicrosoftWorm:Win32/VB.FM
ViRobotWorm.Win32.VB.61440.B
ZoneAlarmWorm.Win32.VB.go
GDataWin32.Worm.Agent.BIL
GoogleDetected
AhnLab-V3Worm/Win32.VB.R70863
BitDefenderThetaAI:Packer.2E166C6A1D
ALYacDropped:Win32.Worm.VB.GF
VBA32TScope.Trojan.VB
MalwarebytesGeneric.Malware/Suspicious
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_VB.FWK
TencentVirus.Win32.VB.zf
YandexTrojan.GenAsa!Bx8Fg9B1WP8
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.85306.susgen
FortinetW32/Generic.AP.19EE958!tr
AVGWin32:VB-EJQ [Wrm]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Worm:Win32/VB.FM?

Worm:Win32/VB.FM removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment