W32.Nimnul.F4 removal

The W32.Nimnul.F4 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What W32.Nimnul.F4 virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
Reads data out of its own binary image
A process created a hidden window
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Deletes its original binary from disk
Checks for the presence of known windows from debuggers and forensic tools
Installs itself for autorun at Windows startup
Creates a hidden or system file
Likely virus infection of existing system binary
Detects VirtualBox through the presence of a registry key
Attempts to modify proxy settings

Related domains:

z.whorecord.xyz

a.tomx.xyz

ddos.dnsnb8.net

How to determine W32.Nimnul.F4?


File Info:
crc32: CF5EF1E3
md5: c4f44ebad69309421f00f0cbdf93dded
name: C4F44EBAD69309421F00F0CBDF93DDED.mlw
sha1: 041cd19248eade722757b7a8487cf5c0b7d6c89b
sha256: dcf02889e710eba4da9e7c351bb9f72dbba08e9e8323a02b72df2d8dec4b0d47
sha512: e3c9c113b360315a9d90f0ccd0a552806679ef1bea9b9790aff0b8c3ed93adb5a1d46de1faeedce2e909acee7a5baa3d3831ded352654909434362ab9587473e
ssdeep: 384:kXZQaD7U8iu4YsAa7ZA0UvH2lsRv21yW7GbAxur6+Y9PffPz:EQGPL4vzZq2o9W7GsxBbPr
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

W32.Nimnul.F4 also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Riskware ( 0040eff71 )
Elastic	malicious (high confidence)
DrWeb	BackDoor.Darkshell.246
Cynet	Malicious (score: 100)
CAT-QuickHeal	W32.Nimnul.F4
ALYac	Trojan.Downloader.JQJR
Cylance	Unsafe
Zillya	Downloader.Banload.Win32.56343
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	virus:Win32/InfectPE.ali2000007
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.ad6930
Cyren	W32/Downloader.WXUE-4498
Symantec	W32.Wapomi.C!inf
ESET-NOD32	Win32/Wapomi.BA
Zoner	Virus.Win32.21902
APEX	Malicious
TotalDefense	Win32/Tnega.FSQNIcB
Avast	Win32:Malware-gen
ClamAV	Win.Trojan.Downloader-64720
Kaspersky	Trojan.Win32.Agent.xadzcq
BitDefender	Trojan.Downloader.JQJR
NANO-Antivirus	Trojan.Win32.Banload.cstqaj
MicroWorld-eScan	Trojan.Downloader.JQJR
Tencent	Trojan.Win32.Small.aab
Ad-Aware	Trojan.Downloader.JQJR
Sophos	Mal/Generic-R + W32/Nimnul-A
Comodo	TrojWare.Win32.Trojan.XPack.~gen1@1rwlif
BitDefenderTheta	AI:Packer.659502481E
VIPRE	Trojan.Win32.Small.z (v)
TrendMicro	Mal_DLDER
McAfee-GW-Edition	BehavesLike.Win32.Generic.lc
FireEye	Generic.mg.c4f44ebad6930942
Emsisoft	Trojan.Downloader.JQJR (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	TrojanDownloader.Banload.bpxt
Avira	TR/Dldr.Small.Z.haljq
eGambit	Unsafe.AI_Score_99%
Kingsoft	Heur.SSC.2205964.0010.(kcloud)
Microsoft	TrojanDownloader:Win32/Small.gen!Z
Gridinsoft	Trojan.Win32.Downloader.zv!s1
ZoneAlarm	Trojan.Win32.Agent.xadzcq
GData	Trojan.Downloader.JQJR
AhnLab-V3	Trojan/Win32.Agent.R94615
Acronis	suspicious
McAfee	Artemis!C4F44EBAD693
MAX	malware (ai score=81)
VBA32	TrojanDownloader.Banload
Malwarebytes	Malware.Heuristic.1003
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	Mal_DLDER
Rising	Win32.Wapomi.a (CLOUD)
Yandex	BackDoor.Darkshell!bbpw5cNU8q4
Ikarus	Win32.Jadtre
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Nimnul.F
AVG	Win32:Malware-gen
Qihoo-360	Win32/TrojanDownloader.Small.Hw0AvGIA

How to remove W32.Nimnul.F4?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.