Trojan

Trojan.Win32.Nockat.fuf removal

Malware Removal

The Trojan.Win32.Nockat.fuf is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Nockat.fuf virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Reads data out of its own binary image
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Spoofs its process name and/or associated pathname to appear as a legitimate process
  • Harvests information related to installed instant messenger clients
  • Creates a slightly modified copy of itself
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Trojan.Win32.Nockat.fuf?



File Info:

crc32: 2938A356
md5: d1c94e38f7bc1a9856f4bf5aa1c339c5
name: D1C94E38F7BC1A9856F4BF5AA1C339C5.mlw
sha1: 7c346651c7e43432d647bba5b5af1f2802e2bd62
sha256: 5b6f41306a6d9c214f8c30b5a61ebf53b4b3450e78df802673cb9c2e52d3b86b
sha512: 00fb720d5254e137d82a4e4d9c53446902813dbeafb1414fa7479cfce279f3b2e004363bf0ca22a995114334826aa7befcc82b7ca8a616005127c5a5c28d9d7f
ssdeep: 3072:LI7XE4hTUfukGzfg3Dp1SyQ1aTy/HiKsqC:s7XE41Ufu3k3N1SyQ1a2Yq
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

Translation: 0x0409 0x04b0
InternalName: abshdjakmz50
FileVersion: 7.04.0005
CompanyName: Nintendo     
Comments: Balfour2
ProductName: Cosmorganic7
ProductVersion: 7.04.0005
FileDescription: Imod
OriginalFilename: abshdjakmz50.exe

Trojan.Win32.Nockat.fuf also known as:

BkavW32.AIDetectVM.malware2
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Stealer.17779
MicroWorld-eScanGen:Heur.PonyStealer.Am0@dWXrE4bi
FireEyeGeneric.mg.d1c94e38f7bc1a98
ALYacGen:Heur.PonyStealer.Am0@dWXrE4bi
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusTrojan ( 0051474e1 )
BitDefenderGen:Heur.PonyStealer.Am0@dWXrE4bi
K7GWTrojan ( 0051474e1 )
Cybereasonmalicious.8f7bc1
BitDefenderThetaAI:Packer.7422501A21
CyrenW32/Trojan.SJQG-4417
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:VB-AJKL [Trj]
ClamAVWin.Packer.VbPack-0-6334882-0
KasperskyTrojan.Win32.Nockat.fuf
NANO-AntivirusTrojan.Win32.Nockat.hzndxv
ViRobotTrojan.Win32.Agent.430080.AG
RisingStealer.Fareit!8.170 (CLOUD)
Ad-AwareGen:Heur.PonyStealer.Am0@dWXrE4bi
TACHYONTrojan/W32.VB-naKocTb.430080
EmsisoftGen:Heur.PonyStealer.Am0@dWXrE4bi (B)
ComodoMalware@#14bz4fw47u4e9
F-SecureHeuristic.HEUR/AGEN.1112794
TrendMicroTSPY_HPFAREIT.SM2
McAfee-GW-EditionBehavesLike.Win32.Fareit.gz
SophosML/PE-A + Mal/FareitVB-L
SentinelOneStatic AI – Malicious PE
JiangminTrojan.naKocTb.anp
eGambitUnsafe.AI_Score_99%
AviraHEUR/AGEN.1112794
Antiy-AVLTrojan/Win32.TSGeneric
MicrosoftVirTool:Win32/VBInject.ACV!bit
ArcabitTrojan.PonyStealer.ED21A0
ZoneAlarmTrojan.Win32.Nockat.fuf
GDataGen:Heur.PonyStealer.Am0@dWXrE4bi
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Fareit.C2090490
McAfeeFareit-FMP!D1C94E38F7BC
MAXmalware (ai score=100)
VBA32BScope.TrojanPSW.Fareit
MalwarebytesSpyware.LokiBot
PandaTrj/GdSda.A
ZonerTrojan.Win32.61273
ESET-NOD32Win32/PSW.Fareit.L
TrendMicro-HouseCallTSPY_HPFAREIT.SM2
YandexTrojan.GenAsa!QtPAj52AItE
IkarusTrojan.Win32.PSW
FortinetW32/Injector.ECCL!tr
AVGWin32:VB-AJKL [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360Win32/Trojan.ad1

How to remove Trojan.Win32.Nockat.fuf?

Trojan.Win32.Nockat.fuf removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment