Worm.Forbix is Malwarebytes’ detection name for a specific worm that is written in Visual Basic. Worms automatically spread to other PC’s and other connected devices by copying themselves to removable drives, network shares, and other protocols such as IRC and email.
Worm.Forbix may run silently in the background and may not provide any indication of infection to the user. Worm.Forbix will seek out connected devices and attempt to copies itself to any system found. Worm.Forbix may create shortcut files (.lnk) using a naming convention similar to files found on the infected system. Shortcut files created by Worm.Forbix will contain the malware code and will be used to infect future systems and devices.
Worm.Forbix may be distributed using various methods. This software may be spread through USB devices or any connected network device. This software may be packaged with free online software, or could be disguised as a harmless program and distributed by email. Alternatively, this software may be installed by websites using software vulnerabilities. Infections that occur in this manner are usually silent and happen without user knowledge or consent.
Worm.Forbix is a detection-only rule since the worm is no longer actively spread and the C2 servers are down. Despite this it still manages to show up now and then.
Malwarebytes can detect and remove many Worm.Forbix infections without further user interaction.
You can use the Malwarebytes Anti-Malware Nebula console to scan endpoints.
Choose the Scan + Quarantine option. Afterwards you can check the Detections page to see which threats were found.
On the Quarantine page you can see which threats were quarantined and restore them if necessary.
Select your language