Worm

Worm:Win32/Vobfus.SF removal

Malware Removal

The Worm:Win32/Vobfus.SF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm:Win32/Vobfus.SF virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Worm:Win32/Vobfus.SF?



File Info:

name: 91B6E51B58D79EAF2D36.mlw
path: /opt/CAPEv2/storage/binaries/ca2e4eabd6a80fc37be641c0bcb8a97d6f4732b925e5f3f419ca90032c6fb718
crc32: 9EA3E93F
md5: 91b6e51b58d79eaf2d3674f7a464ce62
sha1: 9876964c0e8b17e07b894f748bf01fd1a8d3439c
sha256: ca2e4eabd6a80fc37be641c0bcb8a97d6f4732b925e5f3f419ca90032c6fb718
sha512: a0d9a13ce5c5b304125c674ff5d6fb4693e8989178e8d94d9077dddd53e480cb509a2bfa6cf0114edee0d54dfab584dc97a93be98efc7a8d2b9dfb59e6807519
ssdeep: 3072:ptDgF/CmeGMS6WLI3kTB58hahpkzFhPAOJ0NAW/pe4oQZiEtCdC:kqmeGMS6Wc3kn9ADPAOJ0NJUW/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T171E3B42A7691F33AD814C6F83D1A82D4947DEC3221D16C17F7C26B1A76B1DABD220793
sha3_384: 3c5ae658b83ec5339d30ef69b4016a881ac0b30d1dc9d07b344579330ae989f281120dd83b0bdcea8fdbb3cbc83d75f3
ep_bytes: 68a0334000e8f0ffffff000000000000
timestamp: 2011-09-19 04:36:56


Version Info:

Translation: 0x0409 0x04b0
ProductName: dgsosESub
FileVersion: 1.00
ProductVersion: 1.00
InternalName: lOJLIdIu
OriginalFilename: lOJLIdIu.exe

Worm:Win32/Vobfus.SF also known as:

BkavW32.AIDetectMalware
AVGWin32:VB-ABDC [Drp]
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.95020
CAT-QuickHealTrojan.Vobfus.gen
ALYacTrojan.GenericKDZ.95020
MalwarebytesMalware.AI.4077351422
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
K7GWEmailWorm ( 0054d10f1 )
K7AntiVirusEmailWorm ( 0054d10f1 )
BaiduWin32.Worm.Pronny.d
VirITWorm.Win32.Generic.AZOL
CyrenW32/Vobfus.V.gen!Eldorado
SymantecW32.Changeup!gen15
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/AutoRun.VB.ALT
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Trojan.Changeup-6169544-0
KasperskyWorm.Win32.WBNA.bcc
BitDefenderTrojan.GenericKDZ.95020
NANO-AntivirusTrojan.Win32.VB.coonye
SUPERAntiSpywareTrojan.Agent/Gen-Vobfus
AvastWin32:VB-ABDC [Drp]
TencentTrojan.Win32.Koobface.p
TACHYONWorm/W32.WBNA.155648.B
EmsisoftTrojan.GenericKDZ.95020 (B)
F-SecureTrojan.TR/Spy.Agent.155646
DrWebTrojan.VbCrypt.60
VIPRETrojan.GenericKDZ.95020
TrendMicroWORM_VOBFUS.SMHE
McAfee-GW-EditionBehavesLike.Win32.VBObfus.cm
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.91b6e51b58d79eaf
SophosMal/VB-XV
IkarusWorm.Win32.WBNA
GDataTrojan.GenericKDZ.95020
AviraTR/Spy.Agent.155646
Antiy-AVLWorm/Win32.WBNA.gen
XcitiumTrojWare.Win32.VB.AVA@4paxk7
ArcabitTrojan.Generic.D1732C
ZoneAlarmWorm.Win32.WBNA.bcc
MicrosoftWorm:Win32/Vobfus.SF
GoogleDetected
AhnLab-V3Trojan/Win32.Diple.R13793
McAfeeVBObfus.bn
MAXmalware (ai score=83)
VBA32Trojan.Varydrop.1821
Cylanceunsafe
PandaW32/Vobfus.GEW.worm
TrendMicro-HouseCallWORM_VOBFUS.SMHE
RisingWorm.Vobfus!1.99C7 (CLASSIC)
YandexTrojan.GenAsa!y/83So69OLc
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VB.CNE!worm
BitDefenderThetaAI:Packer.26485F5820
DeepInstinctMALICIOUS

How to remove Worm:Win32/Vobfus.SF?

Worm:Win32/Vobfus.SF removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment