Worm

How to remove “Worm:Win32/Vobfus.DT”?

Malware Removal

The Worm:Win32/Vobfus.DT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm:Win32/Vobfus.DT virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded pe malware family
  • Attempts to disable Windows Auto Updates
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Worm:Win32/Vobfus.DT?



File Info:

name: BF823E35BDF7F9289516.mlw
path: /opt/CAPEv2/storage/binaries/fd7e735da9fa5d478bd558e4017d70d84fb04029636e99bd5441d96558d26af9
crc32: A46C5479
md5: bf823e35bdf7f9289516984d53aa978f
sha1: 62bee8ce0677dc160b7aa1b07142f5b2b23a43c2
sha256: fd7e735da9fa5d478bd558e4017d70d84fb04029636e99bd5441d96558d26af9
sha512: a76bea1be4db146ea7cc05d848e972194704c57fe63d4b7445fef35375bf4b6195dcdda85016d5e445a1c057dab64a8f2d2415956816c5d162dc52ab455de893
ssdeep: 3072:DpJc02FgyqTRlU3NhCBvu9pjZEwDxdr8JrQ3:9JlzRl+NhwWrjuwDQ2
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T128F3A4356690E63EC519C7FC2E2F879490696D3011E1F503F6E56A2A7AF2A778320783
sha3_384: 0bd41406ff73622ca343d5b7e86a169d1c26148407c70e5d6a789d956ee94c0d848e11a198898c2e51ea6958260df834
ep_bytes: 68f0454000e8f0ffffff000040000000
timestamp: 2012-02-14 20:34:17


Version Info:

Translation: 0x0409 0x04b0
ProductName: SVsSGNqD
FileVersion: 1.00
ProductVersion: 1.00
InternalName: MVPOuCNt
OriginalFilename: MVPOuCNt.exe

Worm:Win32/Vobfus.DT also known as:

BkavW32.AIDetectMalware
MicroWorld-eScanGen:Variant.Application.Symmi.11352
ClamAVWin.Trojan.Vobfus-20
CAT-QuickHealTrojan.Beebone.D
SkyhighBehavesLike.Win32.VBObfus.cm
McAfeeVBObfus.cm
MalwarebytesGeneric.Worm.AutoRun.DDS
VIPREGen:Variant.Application.Symmi.11352
SangforSuspicious.Win32.Save.vb
K7AntiVirusEmailWorm ( 0054d10f1 )
K7GWEmailWorm ( 0054d10f1 )
Cybereasonmalicious.e0677d
BaiduWin32.Worm.Pronny.d
VirITTrojan.Win32.SHeur4.QKL
SymantecW32.Changeup!gen35
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/AutoRun.VB.ASG
APEXMalicious
CynetMalicious (score: 100)
KasperskyWorm.Win32.Vobfus.erzn
BitDefenderGen:Variant.Application.Symmi.11352
NANO-AntivirusTrojan.Win32.WBNA.cqkxma
AvastWin32:VB-ABGK [Trj]
TencentWorm.Win32.Vobfus.n
TACHYONWorm/W32.Vobfus.159744.K
SophosMal/VBCheMan-B
F-SecureTrojan.TR/VB.Krypt.jdwpa
DrWebTrojan.VbCrypt.81
TrendMicroWORM_VOBFUS.SMAB
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.bf823e35bdf7f928
EmsisoftGen:Variant.Application.Symmi.11352 (B)
IkarusWorm.Win32.Vobfus
GDataGen:Variant.Application.Symmi.11352
GoogleDetected
AviraTR/VB.Krypt.jdwpa
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.1000
XcitiumWorm.Win32.Pronny.AK@4ogvoo
ArcabitTrojan.Application.Symmi.D2C58
ViRobotTrojan.Win32.A.VBKrypt.159744.ABS
ZoneAlarmWorm.Win32.Vobfus.erzn
MicrosoftWorm:Win32/Vobfus.DT
VaristW32/Vobfus.AI.gen!Eldorado
AhnLab-V3Trojan/Win32.Menti.R20177
Acronissuspicious
VBA32TScope.Trojan.VB
ALYacGen:Variant.Application.Symmi.11352
MAXmalware (ai score=70)
Cylanceunsafe
PandaW32/Vobfus.GEP.worm
TrendMicro-HouseCallWORM_VOBFUS.SMAB
RisingWorm.VobfusEx!1.99DB (CLASSIC)
YandexTrojan.GenAsa!gelp6ap9S7Y
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VBKrypt.C!tr
BitDefenderThetaGen:NN.ZevbaF.36744.jm0@amPcwZii
AVGWin32:VB-ABGK [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Worm:Win32/Vobfus.DT?

Worm:Win32/Vobfus.DT removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment