We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Worm:Win32/Vobfus.gen!T
Aliases: Trojan/Win32.Menti (AhnLab) W32/Vobfus.AD.gen!Eldorado (Command) W32/Vobfus.BJS (Norman) Trojan.VBGent.Gen.995 (VirusBuster) Trojan horse SHeur4.PRZ (AVG) TR/Chinky.79949 (Avira) Trojan.VbCrypt.81 (Dr.Web) Win32/AutoRun.VB.ARU worm (ESET) Worm.Win32.Vobfus (Ikarus) Worm.Win32.WBNA.bvr (Kaspersky) VBObfus.df (McAfee) Mal/ZboCheMan-A (Sophos) W32.Changeup (Symantec) WORM_VOBFUS.SMAB (Trend Micro)
Summary
Worm:Win32/Vobfus.gen!T is a generic detection for obfuscated Visual Basic (VB)-compiled malware that spreads via removable drives, and downloads additional malware from remote servers.
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
Additional remediation instructions for Worm:Win32/Vobfus.gen!T
This threat may make lasting changes to a computer's configuration that are NOT restored by detecting and removing this threat. For more information on returning an infected computer to its pre-infected state, please see the following articles:
- Changing file associations:
- Viewing hidden and/or system files:
- For Windows 7: http://windows.microsoft.com/en-US/windows7/Show-hidden-files
- For Windows Vista: http://windows.microsoft.com/en-US/windows-vista/Show-hidden-files
- For Windows XP: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/win_fcab_show_file_extensions.mspx?mfr=true
