• Home
  • About Us
    • Our Mission
    • Our Testing
    • Resources
    • Best Antivirus 2011
  • Recent News
    • Virus Removal Guides
    • Antivirus News
  • Installation Guide
  • Advanced Virus Removal
  • FAQ’s
  • Contact Us

Worm:Win32/Vobfus.AC Trojan Virus Infection Removal

Posted by ThreatDetector
/ January 4, 2012 / Posted in Uncategorized


Worm:Win32/Vobfus.AC Trojan Virus Infection Removal



The Worm:Win32/Vobfus.AC trojan virus is a dangerous trojan virus infection affecting computer users worldwide. It also goes by the name Worm:Win32/Vobfus.AC and Worm.Win32.VBNA. This trojan was discovered on January 4th, 2012, by various trojan detection and prevention sources including Antivirus Help Center.


The Worm:Win32/Vobfus.AC trojan is extremely similar to other trojans in its method of operation. It can perform file system changes, memory modifications, registry value changes, and registry key changes. These types of trojan infections cause serious harm to your computer operating system as well as all files saved in your computer.


Trojans are also very popular for computer hackers due to their ability to install key loggers and other programs used for identity theft. A trojan can log the password to your online bank account and then forward it back to the trojan creator. The Worm:Win32/Vobfus.AC trojan virus may be capable of performing these malicious actions.


If you have been infected with Worm:Win32/Vobfus.AC, or any other trojan virus, it is highly recommended that you scan your computer and remove any infections that are found immediately.


  • 1. Start Virus Removal
  • 2. Retry The Download
  • 3. Advanced Removal Page
Our recommended virus removal program is called PC Tools Internet Security 2011. We have tested many different virus removal programs and after our testing we put our full 100% confidence with PC Tools for all trojan virus infections on your computer. PC Tools Internet Security 2011 will get rid of the virus on your computer!

Start Virus Removal Download

Did the download not start? Proceed to Step 2.
If you have tried to download the installation file and it will not start to download, keep clicking on the download link. Click on it at least 10 times until the download begins. If you continuously click and try to download the virus removal program, it will over-ride the infections attempt at stopping you.

Start Virus Removal Download

Still having trouble? Proceed to Step 3.
If you have tried both steps and it still hasn’t worked, please visit our Advanced Removal Page for advanced instructions and troubleshooting by clicking the button below.

Start Virus Removal Download

Modified System Files


Filename(s): c:\autorun.inf
File Size: 354 bytes
MD5: 0x2BE14DCA256FC9BECC561B04EAF43401
SHA-1: 0xD355A0FD27311563BAB401BCBBCEA859A13E29EF
Alias: Mal/AutoInf-B


Filename(s): %UserProfile%\liouyim.exe
File Size: 182,272 bytes
MD5: 0x27262440F22CADE8D2A39066CE9A31F7
SHA-1: 0x1330E9F3E9FD92DAF57F1633FCA291FFDB532FBD
Alias: Worm:Win32/Vobfus.AC Worm.Win32.VBNA


Filename(s): c:\vqswk.exe
File Size: 103,140 bytes
MD5: 0xD70D9B17D1086B92E48809FA630DABA6
SHA-1: 0x3EFF914C397A641B6AFFB0F15E255593F04B87EF
Alias: Malware.Sality W32.Sality!dr Virus.Win32.Sality.ag Troj/SalLoad-C Worm:Win32/Sality.AU Virus.Win32.Sality Win32/Kashu.E


Filename(s):
File Size: 182,272 bytes
MD5: 0xD540C9BFB944FEEA0555C0962AD88B76
SHA-1: 0x644A13D55E35914C1B49DFA19756BC16DCE28A22
Alias: Worm:Win32/Vobfus.AC Worm.Win32.VBNA
Memory Modifications


Process Name: [filename of the sample #1]
Process Filename: [file and pathname of the sample #1]
Main Module Size: 200,704 bytes


Process Name: liouyim.exe
Process Filename: %UserProfile%\liouyim.exe
Main Module Size: 200,704 bytes


Process Name: vqswk.exe
Process Filename: c:\vqswk.exe
Main Module Size: 86,016 bytes

Modified Registry Values
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

UacDisableNotify = 0×00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

AntiVirusOverride = 0×00000001

AntiVirusDisableNotify = 0×00000001

FirewallDisableNotify = 0×00000001

FirewallOverride = 0×00000001

UpdatesDisableNotify = 0×00000001

UacDisableNotify = 0×00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

EnableLUA = 0×00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system]

DisableTaskMgr = 0×00000001

DisableRegistryTools = 0×00000001
[HKEY_CURRENT_USER\Software\Apcrmkeh\-72398023]

1919251285 = 0×00000082

-456464726 = 0×00000000

1462786559 = 0×00000000

-912929452 = 0×00000023

1006321833 = 0x000001E5

-1369394178 = “0D00687474703A2F2F616273757264697374616E2E756E61732E637A2F78732E6A706700687474703A2F2F636F6D6D756E697479726573706F6E64616C61726D2E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F616369626164656D696E736161742E636F6D2F78732E6A706700687474703A2F2

549857107 = “4F7D820B432F26FEC78339B723FD1BE48E844F898DB33C8628BF961D1FE34A2DDA61339CFAB4653A8540A21159436F3E050E0D5733FBA12C751F6F75BCED727A627777851ADDE6FC4641F1F705AA46F283F829042ADAB8F154B6418FC0E2FF812CF7DB6F97F16B0DB03D5A0E63B243FD868CDB3B12A4382F091F9599D
[HKEY_CURRENT_USER\Software\Apcrmkeh]

U1_0 = 0xDDFE2A59

U2_0 = 0x00001ED5

U3_0 = 0x01036A29

U4_0 = 0×00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

AntiVirusOverride =

FirewallOverride =



Leave a comment

Click here to cancel reply.

Virus Removal Guides

  • Security Sphere 2012
  • Computer Virus Infection alert! Thinkpoint virus removal available here!

Antivirus News

  • How to Install Windows 8 in VirtualBox
  • Computer Virus Infection alert! Thinkpoint virus removal available here!
  • 9-18-10 Who Will Have The Best Antivirus Software for 2011, Want to Know?

Help Center

  • Home
  • About Us
  • Our Testing
  • Trojan Virus Removal
  • Antivirus Installation

Resources

    Boot Into Safe Mode
  • Find Your Web Browser

PC Tools 2011

  • Download PC Tools
  • Trojan Virus Scan
  • Troubleshooting

Safe Site

  • McAfee Site Advisor
  • Google Safe Browsing
  • Webutation
Antivirus Help Center Search

Copyright © 2011 - Antivirus Help Center - All rights reserved. Terms & Conditions and Privacy Policy