Should I remove "Win32/Filecoder.NPA"?

The Win32/Filecoder.NPA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Filecoder.NPA virus can do?

A process created a hidden window
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
Installs itself for autorun at Windows startup
Stores JavaScript or a script command in the registry, likely for persistence or configuration
Exhibits possible ransomware file modification behavior
Writes a potential ransom message to disk
Network activity detected but not expressed in API logs
Creates a copy of itself
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Win32/Filecoder.NPA?


File Info:
crc32: F896FA04
md5: b25ec00193e1c6170d2329d5a7406065
name: B25EC00193E1C6170D2329D5A7406065.mlw
sha1: 85160e130bc498a0135137e3968cb85c0c15e5bb
sha256: 9d925f5f3a3633b4b2dc1cd13c5f11d3aac5cf6b55991c0c90e52658c6ccb894
sha512: 25b45e4c3b553dd33290a6d83ffea454399be5b3b0e8581483295d6480122f9009b0b785763dbad84fca2cea7b14bdb4e3e67ff7cf25bf0a796d68f344ca7bed
ssdeep: 192:nKtUX3AWtAPir8j55wTwtH+fYAo6h7XbSKO5TP:KtKNtCiow8t+fFh7Lb0TP
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Win32/Filecoder.NPA also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.Encoder.30574
MicroWorld-eScan	Gen:Trojan.AV-Killer.amW@aO3vYkp
FireEye	Generic.mg.b25ec00193e1c617
Qihoo-360	Win32/Trojan.Anti.afe
ALYac	Gen:Trojan.AV-Killer.amW@aO3vYkp
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005451b81 )
BitDefender	Gen:Trojan.AV-Killer.amW@aO3vYkp
K7GW	Trojan ( 005451b81 )
Cybereason	malicious.193e1c
BitDefenderTheta	AI:Packer.1DFEA2521E
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	HEUR:Trojan.Win32.AntiAV
Alibaba	Trojan:Win32/Filecoder.f3ee1c90
NANO-Antivirus	Trojan.Win32.Filecoder.gtgwrw
AegisLab	Trojan.Win32.AntiAV.4!c
Tencent	Win32.Trojan.Filecoder.Pdcg
Ad-Aware	Gen:Trojan.AV-Killer.amW@aO3vYkp
Emsisoft	Gen:Trojan.AV-Killer.amW@aO3vYkp (B)
F-Secure	Trojan.TR/Crypt.ZPACK.Gen
TrendMicro	Ransom.Win32.LOCKCRYPT.SM
McAfee-GW-Edition	BehavesLike.Win32.Generic.lh
Sophos	ML/PE-A + Mal/EncPk-ZC
Ikarus	Trojan-Ransom.FileCrypter
Webroot	W32.Malware.Gen
Avira	TR/Crypt.ZPACK.Gen
Antiy-AVL	Trojan/Win32.AntiAV
Microsoft	Trojan:Win32/Ymacco.AB9D
Arcabit	Trojan.AV-Killer.ED030B
ZoneAlarm	HEUR:Trojan.Win32.AntiAV
GData	Gen:Trojan.AV-Killer.amW@aO3vYkp
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.AntiAV.C2982142
Acronis	suspicious
McAfee	Artemis!B25EC00193E1
MAX	malware (ai score=82)
VBA32	BScope.TrojanRansom.Encoder
Malwarebytes	Generic.Malware/Suspicious
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Filecoder.NPA
TrendMicro-HouseCall	Ransom.Win32.LOCKCRYPT.SM
Rising	Trojan.Filecoder!8.68 (CLOUD)
Yandex	Trojan.GenAsa!7tQJNCHkC14
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/Filecoder.NPA!tr.ransom
AVG	Win32:Trojan-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (D)
MaxSecure	Trojan.Malware.425.susgen

How to remove Win32/Filecoder.NPA?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Should I remove “Win32/Filecoder.NPA”?