Worm

Worm:Win32/Vesser.D removal instruction

Malware Removal

The Worm:Win32/Vesser.D is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm:Win32/Vesser.D virus can do?

  • Uses Windows utilities for basic functionality
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Attempts to modify proxy settings
  • CAPE detected injection into a browser process, likely for Man-In-Browser (MITB) infostealing
  • Creates a copy of itself
  • Touches a file containing cookies, possibly for information gathering
  • Attempts to modify Explorer settings to prevent file extensions from being displayed
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Uses suspicious command line tools or Windows utilities

How to determine Worm:Win32/Vesser.D?



File Info:

name: A4BBE2806D2194CCA1C4.mlw
path: /opt/CAPEv2/storage/binaries/8e665ca0709352b1d847a0ea0e80a064cc7df2049e81048146ee6f5eb1c91503
crc32: 9833884C
md5: a4bbe2806d2194cca1c4b2e9922442f8
sha1: c7195713846a1eff4f1071e46f04492c37a5c464
sha256: 8e665ca0709352b1d847a0ea0e80a064cc7df2049e81048146ee6f5eb1c91503
sha512: a70ac86ea64498c5267da18d75022ac742ba8498c53821c957f3abf786cd534b73052417a6fbbae4ff6e63fbf0737d8e1afa39f7540b5cdc8a305970e25134ff
ssdeep: 1536:IB1qOZ6Teg/bqDLujkeqQLC1fAnnBvoCfl19q2Bba4SQ1t4H:U1hG/WDLoL0fAnnBvoCfJNaqb4
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T196A3BF43BAE784BAEA90553114959B35937B7E32013785C3EB08FEE67D311A0AD36783
sha3_384: bc40fcfb8941a336b0313641809983256c921dfe72ccc367abfa73be91377a26ac4849c4a0e442b4ab162648763b118e
ep_bytes: 558bec6aff6868c7400068d48e400064
timestamp: 2007-08-10 13:16:20


Version Info:

Comments: 
CompanyName: Microsoft Corporation
FileDescription: Event Viewer Snapin
FileVersion: 5.00.2175.1
InternalName: NetODBC
LegalCopyright: Copyright (C) Microsoft Corp. 1997-1999
LegalTrademarks: 
OriginalFilename: NetODBC.EXE
PrivateBuild: 
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2175.1
SpecialBuild: 
Translation: 0x0409 0x04b0

Worm:Win32/Vesser.D also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.ExplorerHijack.gq0@aywHIrhi
SkyhighBehavesLike.Win32.Sality.ch
McAfeeW32/Vesser.worm.b
VIPREGen:Trojan.ExplorerHijack.gq0@aywHIrhi
SangforSuspicious.Win32.Save.ins
K7AntiVirusRiskware ( 0040eff71 )
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.3846a1
ArcabitTrojan.ExplorerHijack.ED91A2
SymantecW32.Snaban
ESET-NOD32Win32/AutoRun.Spy.KeyLogger.X
CynetMalicious (score: 100)
APEXMalicious
KasperskyVirus.Win32.Agent.de
BitDefenderGen:Trojan.ExplorerHijack.gq0@aywHIrhi
NANO-AntivirusTrojan.Win32.Inject1.bbdxix
AvastWin32:Agent-AABT [Trj]
TencentMalware.Win32.Gencirc.11806dac
EmsisoftGen:Trojan.ExplorerHijack.gq0@aywHIrhi (B)
F-SecureTrojan.TR/Patched.Ren.Gen
DrWebTrojan.Inject1.9762
ZillyaWorm.AutoRun.Win32.345545
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.a4bbe2806d2194cc
SophosMal/SillyFDC-A
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Peed.nq
WebrootW32.Trojan.Gen
VaristW32/Injector.D.gen!Eldorado
AviraTR/Patched.Ren.Gen
MAXmalware (ai score=80)
Kingsoftmalware.kb.a.1000
XcitiumWorm.Win32.Snaban.RCA@642j
MicrosoftWorm:Win32/Vesser.D
ZoneAlarmVirus.Win32.Agent.de
GDataGen:Trojan.ExplorerHijack.gq0@aywHIrhi
GoogleDetected
AhnLab-V3Win-Trojan/Akdoor.Gen
BitDefenderThetaAI:Packer.46AD9F461D
ALYacGen:Trojan.ExplorerHijack.gq0@aywHIrhi
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R011C0CLP23
RisingWorm.VBInjectEx!1.99E6 (CLASSIC)
YandexTrojan.GenAsa!WEX9Lz+r/jI
IkarusWorm.Win32.AutoRun
MaxSecureTrojan.Malware.300983.susgen
AVGWin32:Agent-AABT [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Worm:Win32/Vesser.D?

Worm:Win32/Vesser.D removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment