About “Win32/Nevereg.A” infection

The Win32/Nevereg.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/Nevereg.A virus can do?

Dynamic (imported) function loading detected
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Likely virus infection of existing system binary
Anomalous binary characteristics

How to determine Win32/Nevereg.A?


File Info:
name: AF2AB6FE624EF5D51250.mlw
path: /opt/CAPEv2/storage/binaries/e4cd2bc081addc1059dc57a03fc8bb9ac0954177faf028b4b7cd29fa2c6a106d
crc32: E3CF0E22
md5: af2ab6fe624ef5d51250636ea5aa5f69
sha1: 625c3e9753fca6dabe05c4c6df0d41bd85a2513b
sha256: e4cd2bc081addc1059dc57a03fc8bb9ac0954177faf028b4b7cd29fa2c6a106d
sha512: 0d1774bfce44a52256c2f5caef7b6681f772608b6aa961e3e66dc0aa2828af60bcb62ff73e1856ee22406e54db23d9e308d1ea508eb056d719e8c94ff69777a1
ssdeep: 768:9GvbqsQdX5BhGEnOsIzfJ4i4g5p0syi+hvN18K3H8T6++3Kd8VVrGaJat:4zqsQ5PIt4+/yfeB6rXVrGaQ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12F336C97F2D3D93ED2210AFD5C068248E92FB6223D6628D17EF90F0C4A6F3845D2D599
sha3_384: f71290c1500939ac56c08ac931b2426b62ee29bdf10c0b49be35006a10ab37607dd1326abac2548a8ddef9f4c3a8de83
ep_bytes: 558bec83c4f0b8b0a54000e8c49effff
timestamp: 1992-06-19 22:22:17

Version Info:
0: [No Data]

Win32/Nevereg.A also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
DrWeb	Win32.HLLW.Pluton.46080
MicroWorld-eScan	DeepScan:Generic.Malware.PfV!hid!!p2p!u.5BD3485A
CAT-QuickHeal	Trojan.GenericIH.S22398512
ALYac	DeepScan:Generic.Malware.PfV!hid!!p2p!u.5BD3485A
Cylance	Unsafe
Zillya	Worm.Nevereg.Win32.1
K7AntiVirus	Riskware ( 0040eff71 )
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.e624ef
BitDefenderTheta	AI:Packer.39B1114021
Cyren	W32/Nevereg.B.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Nevereg.A
TrendMicro-HouseCall	WORM_NEVEREG.A
Kaspersky	Email-Worm.Win32.Nevereg
BitDefender	DeepScan:Generic.Malware.PfV!hid!!p2p!u.5BD3485A
NANO-Antivirus	Trojan.Win32.Nevereg.enis
Avast	Win32:Malware-gen
Rising	Worm.Mail.Nevereg (CLASSIC)
Ad-Aware	DeepScan:Generic.Malware.PfV!hid!!p2p!u.5BD3485A
Sophos	ML/PE-A + W32/Nevereg-A
VIPRE	BehavesLike.Win32.Malware.tsc (mx-v)
TrendMicro	WORM_NEVEREG.A
McAfee-GW-Edition	BehavesLike.Win32.Eggnog.ph
FireEye	Generic.mg.af2ab6fe624ef5d5
Emsisoft	DeepScan:Generic.Malware.PfV!hid!!p2p!u.5BD3485A (B)
Ikarus	Email-Worm.Win32.Fearso
GData	Win32.Trojan.PSE.1DSGD0B
Jiangmin	Worm.Nevereg.a
Avira	WORM/Nevereg.A.1
MAX	malware (ai score=82)
Antiy-AVL	Trojan/Generic.ASMalwS.4C07C
Arcabit	DeepScan:Generic.Malware.PfV!hid!!p2p!u.5BD3485A
Microsoft	Worm:Win32/Nevereg.A@mm
Cynet	Malicious (score: 100)
AhnLab-V3	Worm/Win.Generic.R449555
Acronis	suspicious
McAfee	GenericRXAA-AA!AF2AB6FE624E
VBA32	Worm.Nevereg
Malwarebytes	Malware.AI.1690996891
APEX	Malicious
Tencent	Trojan.Win32.BitCoinMiner.la
Yandex	I-Worm.Nevereg!G6bebm/WEdY
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/Nevereg.A!worm
AVG	Win32:Malware-gen
Panda	Worm Generic.LC
CrowdStrike	win/malicious_confidence_100% (D)
MaxSecure	Trojan.Malware.300983.susgen

How to remove Win32/Nevereg.A?

Win32/Nevereg.A removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X