• Home
  • About Us
    • Our Mission
    • Our Testing
    • Resources
    • Best Antivirus 2011
  • Recent News
    • Virus Removal Guides
    • Antivirus News
  • Installation Guide
  • Advanced Virus Removal
  • FAQ’s
  • Contact Us

Worm:Win32/Vobfus.AC Trojan Virus Infection Removal

Posted by ThreatDetector
/ January 4, 2012 / Posted in Uncategorized


Worm:Win32/Vobfus.AC Trojan Virus Infection Removal



The Worm:Win32/Vobfus.AC trojan virus is a dangerous trojan virus infection affecting computer users worldwide. It also goes by the name Worm:Win32/Vobfus.AC and Worm.Win32.VBNA. This trojan was discovered on January 4th, 2012, by various trojan detection and prevention sources including Antivirus Help Center.


The Worm:Win32/Vobfus.AC trojan is extremely similar to other trojans in its method of operation. It can perform file system changes, memory modifications, registry value changes, and registry key changes. These types of trojan infections cause serious harm to your computer operating system as well as all files saved in your computer.


Trojans are also very popular for computer hackers due to their ability to install key loggers and other programs used for identity theft. A trojan can log the password to your online bank account and then forward it back to the trojan creator. The Worm:Win32/Vobfus.AC trojan virus may be capable of performing these malicious actions.


If you have been infected with Worm:Win32/Vobfus.AC, or any other trojan virus, it is highly recommended that you scan your computer and remove any infections that are found immediately.


  • 1. Start Virus Removal
  • 2. Retry The Download
  • 3. Advanced Removal Page
Our recommended virus removal program is called PC Tools Internet Security 2011. We have tested many different virus removal programs and after our testing we put our full 100% confidence with PC Tools for all trojan virus infections on your computer. PC Tools Internet Security 2011 will get rid of the virus on your computer!

Start Virus Removal Download

Did the download not start? Proceed to Step 2.
If you have tried to download the installation file and it will not start to download, keep clicking on the download link. Click on it at least 10 times until the download begins. If you continuously click and try to download the virus removal program, it will over-ride the infections attempt at stopping you.

Start Virus Removal Download

Still having trouble? Proceed to Step 3.
If you have tried both steps and it still hasn’t worked, please visit our Advanced Removal Page for advanced instructions and troubleshooting by clicking the button below.

Start Virus Removal Download

Modified System Files


Filename(s): c:\autorun.inf
File Size: 263 bytes
MD5: 0x696842CDD21DE0E3DBEBB8174AB28316
SHA-1: 0x694EF8DBB3D3B082EB9DC0A3AE40EB4E4F57BAF5
Alias: Mal/AutoInf-B


Filename(s): c:\bjpmjo.exe
File Size: 103,140 bytes
MD5: 0x4A4493CEA8FF05BFBD853CBA2E558315
SHA-1: 0xDE299CC3418D2736CAC156EA94FCE773E21E19BA
Alias: Malware.Sality W32.Sality!dr Virus.Win32.Sality.ag Troj/SalLoad-C Worm:Win32/Sality.AU Virus.Win32.Sality Win32/Kashu.E


Filename(s): %UserProfile%\buesee.exe
File Size: 182,272 bytes
MD5: 0xC50CB3B898584C4BEB559773D06646BA
SHA-1: 0xB09C7E48F367AEBAAF4EAA12885A89B1E732BAD5
Alias: Worm:Win32/Vobfus.AC Worm.Win32.VBNA


Filename(s):
File Size: 182,272 bytes
MD5: 0xC032EA9430CF43FC9A9DFA36029EDEA4
SHA-1: 0xE1B6743DAD894D8860ED64742D885A74E8A5F9FF
Alias: Worm:Win32/Vobfus.AC Worm.Win32.VBNA
Memory Modifications


Process Name: [filename of the sample #1]
Process Filename: [file and pathname of the sample #1]
Main Module Size: 200,704 bytes


Process Name: buesee.exe
Process Filename: %UserProfile%\buesee.exe
Main Module Size: 200,704 bytes


Process Name: bjpmjo.exe
Process Filename: c:\bjpmjo.exe
Main Module Size: 77,824 bytes

Modified Registry Values
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

UacDisableNotify = 0×00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

AntiVirusOverride = 0×00000001

AntiVirusDisableNotify = 0×00000001

FirewallDisableNotify = 0×00000001

FirewallOverride = 0×00000001

UpdatesDisableNotify = 0×00000001

UacDisableNotify = 0×00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

EnableLUA = 0×00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system]

DisableTaskMgr = 0×00000001

DisableRegistryTools = 0×00000001
[HKEY_CURRENT_USER\Software\Apcrmkeh\-72398023]

1919251285 = 0×00000082

-456464726 = 0×00000000

1462786559 = 0×00000000

-912929452 = 0×00000023

1006321833 = 0x000001E5

-1369394178 = “0D00687474703A2F2F616273757264697374616E2E756E61732E637A2F78732E6A706700687474703A2F2F636F6D6D756E697479726573706F6E64616C61726D2E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F616369626164656D696E736161742E636F6D2F78732E6A706700687474703A2F2

549857107 = “4F7D820B432F26FEC78339B723FD1BE48E844F898DB33C8628BF961D1FE34A2DDA61339CFAB4653A8540A21159436F3E050E0D5733FBA12C751F6F75BCED727A627777851ADDE6FC4641F1F705AA46F283F829042ADAB8F154B6418FC0E2FF812CF7DB6F97F16B0DB03D5A0E63B243FD868CDB3B12A4382F091F9599D
[HKEY_CURRENT_USER\Software\Apcrmkeh]

U1_0 = 0xDDFE2A59

U2_0 = 0x00001ED5

U3_0 = 0x01036A29

U4_0 = 0×00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

AntiVirusOverride =

FirewallOverride =



Leave a comment

Click here to cancel reply.

Virus Removal Guides

  • Security Sphere 2012
  • Computer Virus Infection alert! Thinkpoint virus removal available here!

Antivirus News

  • How to Install Windows 8 in VirtualBox
  • Computer Virus Infection alert! Thinkpoint virus removal available here!
  • 9-18-10 Who Will Have The Best Antivirus Software for 2011, Want to Know?

Help Center

  • Home
  • About Us
  • Our Testing
  • Trojan Virus Removal
  • Antivirus Installation

Resources

    Boot Into Safe Mode
  • Find Your Web Browser

PC Tools 2011

  • Download PC Tools
  • Trojan Virus Scan
  • Troubleshooting

Safe Site

  • McAfee Site Advisor
  • Google Safe Browsing
  • Webutation
Antivirus Help Center Search

Copyright © 2011 - Antivirus Help Center - All rights reserved. Terms & Conditions and Privacy Policy