Categories: Worm

How to remove “Worm:Win32/Vobfus.EH”?

The Worm:Win32/Vobfus.EH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Worm:Win32/Vobfus.EH virus can do?

Behavioural detection: Executable code extraction – unpacking
Attempts to connect to a dead IP:Port (1 unique times)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Dynamic (imported) function loading detected
Enumerates running processes
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Behavioural detection: Injection (inter-process)
Installs itself for autorun at Windows startup
Attempts to disable Windows Auto Updates
Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Worm:Win32/Vobfus.EH?


File Info:
name: 5CF7C1CC6A295A6F4830.mlwpath: /opt/CAPEv2/storage/binaries/e1e5b2c7b502de9457ef24139db4a5f5beb3416b7f4ce845e4ad75cd21a7b059crc32: B7D321B4md5: 5cf7c1cc6a295a6f48306de538c12ab4sha1: dd2b063098235842f707cb78876159cd4dde774asha256: e1e5b2c7b502de9457ef24139db4a5f5beb3416b7f4ce845e4ad75cd21a7b059sha512: cc59a95287abc659f8983232a06f26c8cee313df85767ef4fdb32e8504b6c70c448f5c8b4f6c6d82f5727630ebe9214e399dcf972ca656657a1a5774ad139efbssdeep: 1536:vtl0cc6BnmLaUOB+dGrNjjmJ2NuKuFr1M5BK:U6BmeUOB++jOZtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1A2A3CA9F3BA11277FF780534A9F2B5FA1592A1CCEA0B410D772035E45ADAE013C2CA5Bsha3_384: 92b2ddf762074378574508f3f7ed97f0031a360286eb0ed0cab95cf9c394931faab5a909a75cf6e5e16bea4f2bcb9605ep_bytes: 6894124000e8f0ffffff000048000000timestamp: 1999-04-16 11:29:07
Version Info:
0: [No Data]

Worm:Win32/Vobfus.EH also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.82864
FireEye	Generic.mg.5cf7c1cc6a295a6f
CAT-QuickHeal	Trojan.Beebone.D
McAfee	W32/Autorun.worm.aaeh
Sangfor	[MICROSOFT VISUAL BASIC V6.0]
K7AntiVirus	EmailWorm ( 0054d10f1 )
K7GW	EmailWorm ( 0054d10f1 )
Cybereason	malicious.c6a295
Baidu	Win32.Worm.VB.nn
VirIT	Trojan.Win32.Generic.CKVZ
Cyren	W32/VBKrypt.BFE.gen!Eldorado
Symantec	W32.Changeup
tehtris	Generic.Malware
ESET-NOD32	Win32/AutoRun.VB.AVO
APEX	Malicious
ClamAV	Win.Trojan.Changeup-6169544-0
Kaspersky	Trojan.Win32.Jorik.Vobfus.ahog
BitDefender	Trojan.GenericKDZ.82864
NANO-Antivirus	Trojan.Win32.Jorik.cihugs
Avast	Win32:VB-ACGS [Trj]
Tencent	Trojan.Win32.Jorik.pa
Ad-Aware	Trojan.GenericKDZ.82864
TACHYON	Trojan/W32.VB-Jorik.98304.K
Sophos	ML/PE-A + W32/Vobfus-AH
Comodo	Worm.Win32.VB.AUA@4o7zkg
DrWeb	Win32.HLLW.Autoruner1.14788
TrendMicro	WORM_VOBFUS.SMJA
McAfee-GW-Edition	BehavesLike.Win32.PWSZbot.nm
Emsisoft	Trojan.GenericKDZ.82864 (B)
Ikarus	Trojan.Patched
GData	Trojan.GenericKDZ.82864
Avira	TR/Jorik.Vobfus.ahog
Antiy-AVL	Worm/Win32.WBNA.gen
Arcabit	Trojan.Generic.D143B0
ViRobot	Worm.Win32.A.VBNA.102400.AZ
ZoneAlarm	Trojan.Win32.Jorik.Vobfus.ahog
Microsoft	Worm:Win32/Vobfus.EH
Cynet	Malicious (score: 100)
AhnLab-V3	Worm/Win.Vobfus.R440143
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZevbaF.34606.gqW@aatrYTmi
ALYac	Trojan.GenericKDZ.82864
MAX	malware (ai score=85)
VBA32	Trojan.Jorik
Malwarebytes	Generic.Trojan.Malicious.DDS
TrendMicro-HouseCall	WORM_VOBFUS.SMJA
Rising	Worm.Win32.Vobfus.af (CLASSIC)
Yandex	Trojan.GenAsa!n9vpFGRhqIs
SentinelOne	Static AI – Malicious PE
MaxSecure	Worm.VBNA.b
Fortinet	W32/VBObfus.AU!tr
AVG	Win32:VB-ACGS [Trj]
Panda	W32/Vobfus.GEW.worm
CrowdStrike	win/malicious_confidence_100% (D)