Malware

Win32/Packed.Autoit.NBM suspicious removal instruction

Malware Removal

The Win32/Packed.Autoit.NBM suspicious is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Packed.Autoit.NBM suspicious virus can do?

  • Attempts to connect to a dead IP:Port (2 unique times)
  • Presents an Authenticode digital signature
  • A process attempted to delay the analysis task.
  • Drops a binary and executes it
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Executed a very long command line or script command which may be indicative of chained commands or obfuscation
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself
  • Uses suspicious command line tools or Windows utilities

Related domains:

redirector.gvt1.com
r5—sn-4g5edne7.gvt1.com

How to determine Win32/Packed.Autoit.NBM suspicious?



File Info:

crc32: 6B71F565
md5: 36b8d0263d3797962bf2d42fee28b020
name: setup_c.exe
sha1: be4711a79963588a95a51fa926ef2cea929cdef5
sha256: 4761f1148ae81f0e0c7d6f532433ccefb72edacb21a7cfae5dcdece5a7acd161
sha512: 4fe3f80f43171670d34608d6aecb01fa803a96e4ee66132f2be63eb060d6a9dffdbaaeb527dd8808643ca4c288a9df0b728926e9b04561d85b1f4d7cc51d8a03
ssdeep: 49152:29aFKsiaqd/YM2AaifbMFvGm2jMVhUWsaFjsUzo8ZhZjuugVOoAfVy4kIntEa9kx:29Ts6lYM2AbGvN+aSaZbWVefVydItZ9I
type: MS-DOS executable, MZ for MS-DOS


Version Info:

InternalName: AtBroker.exe
FileVersion: 9.8.6.2
CompanyName: Stored User Names and Passwords
Comments: pmO4DtuALoXaghVKrWKOup4xDoTDf1cmPwY2zRBBEt1WxGLzsAgc78k96Ozf8UFUl26g
ProductVersion: 9.8.6.2
FileDescription: GDIEXT Client DLL
OriginalFilename: AtBroker.exe
Translation: 0x0809 0x04b0

Win32/Packed.Autoit.NBM suspicious also known as:

McAfeeGenericRXJL-IX!36B8D0263D37
MalwarebytesTrojan.Qulab
SangforMalware
Invinceaheuristic
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.Autoit.NBM suspicious
AlibabaPacked:Win32/Autoit.748007e9
APEXMalicious
RisingMalware.Heuristic!ET#98% (RDMK:cmRtazpn6M/oVzqfazOhMX53RrEE)
Endgamemalicious (high confidence)
McAfee-GW-EditionGenericRXJL-IX!36B8D0263D37
Trapminemalicious.high.ml.score
CMCVirus.Win32.Sality!O
JiangminRiskTool.Miner.fl
eGambitUnsafe.AI_Score_99%
MicrosoftTrojan:Win32/Wacatac.C!ml
Acronissuspicious
CylanceUnsafe
IkarusTrojan.Win32.Autoit
FortinetAutoIt/Packed.KY!tr
Paloaltogeneric.ml

How to remove Win32/Packed.Autoit.NBM suspicious?

Win32/Packed.Autoit.NBM suspicious removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment