Worm

Worm:Win32/Vobfus.IX removal

Malware Removal

The Worm:Win32/Vobfus.IX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm:Win32/Vobfus.IX virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Attempts to disable Windows Auto Updates
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Worm:Win32/Vobfus.IX?



File Info:

name: A58A77F0B10F90D8061C.mlw
path: /opt/CAPEv2/storage/binaries/27c824eb84827b44c142172e47a4422f8fa1908207e6e09c01cbcd5eb394540a
crc32: CDE4B956
md5: a58a77f0b10f90d8061ce0a15593553f
sha1: b397de00d50f8e5532e6870f4dbc9f7506c88115
sha256: 27c824eb84827b44c142172e47a4422f8fa1908207e6e09c01cbcd5eb394540a
sha512: f9aed0b7eb0464fe155125a6980527f0b7faa750478efb9cafa31add9fa718f5febf5b15472e90e35f2a23f123d42021482383bcd8af632dafe8937b6f8ef3a2
ssdeep: 3072:nKqJo9iu3uXu9h4961DO+kgbQHOtEOUXsjn2:KrFhWaD3kP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10C244A2BB7565992C6542A301AE6C3F117B7BC269F0B420B67043B2E1C73F970D6876B
sha3_384: 4ddac5dcd6697e11c0f30b12038f0d1c61e572d6959b5afc4523fdf5d9dc84908ae1ba5207042551be8f4ec30b662485
ep_bytes: 68b8134000e8f0ffffff000050000000
timestamp: 2012-10-04 07:17:01


Version Info:

Translation: 0x0409 0x04b0
ProductName: Metamorphy
FileVersion: 5.37
ProductVersion: 5.37
InternalName: hazardful
OriginalFilename: hazardful.exe

Worm:Win32/Vobfus.IX also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Symmi.3150
ClamAVWin.Trojan.VB-1603
CAT-QuickHealTrojan.Beebone.D
SkyhighBehavesLike.Win32.GenDownloader.dm
McAfeeGenDownloader.rv
Cylanceunsafe
VIPREGen:Variant.Symmi.3150
SangforSuspicious.Win32.Save.vb
K7AntiVirusEmailWorm ( 0054d10f1 )
K7GWEmailWorm ( 0054d10f1 )
Cybereasonmalicious.0d50f8
BaiduWin32.Worm.Pronny.fh
VirITWorm.Win32.VB.KJ
SymantecW32.Changeup!gen20
ESET-NOD32Win32/Pronny.EZ
APEXMalicious
CynetMalicious (score: 100)
KasperskyWorm.Win32.Vobfus.rou
BitDefenderGen:Variant.Symmi.3150
NANO-AntivirusTrojan.Win32.Vobfus.crkzsi
AvastWin32:VB-AEQC [Trj]
TencentMalware.Win32.Gencirc.10b24649
TACHYONWorm/W32.Vobfus.221184
EmsisoftGen:Variant.Symmi.3150 (B)
F-SecureTrojan.TR/Downloader.Gen8
DrWebTrojan.Siggen4.28822
TrendMicroWORM_VOBFUS.SM02
FireEyeGeneric.mg.a58a77f0b10f90d8
SophosMal/SillyFDC-Y
IkarusWorm.Win32.Vobfus
GDataWin32.Trojan.PSE.1UDWI8J
JiangminTrojan/Vbobf.b
WebrootW32.Worm.Gen
GoogleDetected
AviraTR/Downloader.Gen8
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.981
XcitiumWorm.Win32.VB.PJT@4r48sc
ArcabitTrojan.Symmi.DC4E
ViRobotWorm.Win32.A.Vobfus.221184
ZoneAlarmWorm.Win32.Vobfus.rou
MicrosoftWorm:Win32/Vobfus.IX
VaristW32/VB.HE.gen!Eldorado
AhnLab-V3Worm/Win32.Vobfus.R38791
Acronissuspicious
BitDefenderThetaGen:NN.ZevbaF.36744.nm0@aigoNlni
ALYacGen:Variant.Symmi.3150
MAXmalware (ai score=84)
VBA32Worm.Vobfus
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_VOBFUS.SM02
RisingWorm.Pronny!1.E3E5 (CLASSIC)
YandexTrojan.GenAsa!j4ms6k5GSNk
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Diple.EJQE!tr
AVGWin32:VB-AEQC [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Worm:Win32/Vobfus.IX?

Worm:Win32/Vobfus.IX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment