Win32/Packed.NoobyProtect.D suspicious removal guide

The Win32/Packed.NoobyProtect.D suspicious is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Packed.NoobyProtect.D suspicious virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (3 unique times)
Creates RWX memory
Performs some HTTP requests
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Deletes its original binary from disk
Attempts to modify proxy settings
Creates a copy of itself
Generates some ICMP traffic
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

zzzzzz.me

cflt.qwq.ink

nodecache.zzzzzz.me

hm.baidu.com

ocsp.globalsign.com

ocsp2.globalsign.com

a.tomx.xyz

redirector.gvt1.com

r4—sn-4g5e6nzz.gvt1.com

How to determine Win32/Packed.NoobyProtect.D suspicious?


File Info:
crc32: 643FAFA5
md5: aa79f06d4c4dd05120bbdb7933d26caa
name: 93b81573826801.exe
sha1: 6352e2933588524343a97a06787b023d20d2ddfe
sha256: 6f94f3bfed26386223a20644049ef7905624153cb6e700ca47cf6babcbc438dc
sha512: 35cf3c24cfaa57d14eb7d9920d0fd62d5c5a73985175c361ccf7efdbfc6a91f9f6f80744736c4e7abd975c9c73e8593fd406311424b0f4552e6f51d75f7c5e3b
ssdeep: 49152:OZrN+H7lwGLv0ctTko87HvgMTIvFabrCDBqULMCaILmrEp+8A:OZpE2GLTpBqHvygrCDBqrMLQE6
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: x5cf0x54e5x535ax5ba2xff1ahttp://zzzzzz.me/
FileVersion: 2.7.19.1115
CompanyName: x5cf0x54e5x535ax5ba2
Comments: SSRx8fdex63a5x5de5x5177
ProductName: F_SSRx8fdex63a5x5de5x5177
ProductVersion: 2.7.19.1115
FileDescription: SSRx8fdex63a5x5de5x5177
Translation: 0x0804 0x04b0

Win32/Packed.NoobyProtect.D suspicious also known as:

Bkav	HW32.Packed.
FireEye	Generic.mg.aa79f06d4c4dd051
Qihoo-360	Win32/Trojan.3bf
McAfee	Packed-LF!AA79F06D4C4D
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Trojan ( 005239691 )
K7GW	Trojan ( 005239691 )
CrowdStrike	win/malicious_confidence_100% (W)
Invincea	heuristic
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Malware.Noobyprotect-6622929-0
GData	Win32.Riskware.NoobyProtect.B
Kaspersky	HEUR:Packed.Win32.Blackv.gen
Alibaba	Packed:Win32/NoobyProtect.00d9dcfc
NANO-Antivirus	Trojan.Win32.Blackv.gjgviv
Rising	Trojan.Wacatac!8.10C01 (CLOUD)
Endgame	malicious (high confidence)
Sophos	Mal/Generic-S
Comodo	TrojWare.Win32.Agent.OSCF@5rs7jr
Zillya	Trojan.Blackv.Win32.8
McAfee-GW-Edition	BehavesLike.Win32.MoonLight.vc
Trapmine	malicious.moderate.ml.score
SentinelOne	DFI – Malicious PE
Cyren	W32/Trojan.NCZD-1162
Jiangmin	Packed.Blackv.hbr
Antiy-AVL	Trojan[Packed]/Win32.Blackv
ZoneAlarm	HEUR:Packed.Win32.Blackv.gen
Microsoft	Trojan:Win32/Occamy.AA
Acronis	suspicious
VBA32	BScope.Trojan.Downloader
ESET-NOD32	a variant of Win32/Packed.NoobyProtect.D suspicious
Tencent	Win32.Packed.Blackv.Lnxx
Ikarus	PUA.NoobyProtect
eGambit	Unsafe.AI_Score_100%
Fortinet	W32/Injector.FKM!tr
BitDefenderTheta	Gen:NN.ZexaF.34110.Nw1@aS@dEQcb
AVG	Win32:Malware-gen
Cybereason	malicious.335885
Paloalto	generic.ml
MaxSecure	Trojan.Malware.12205601.susgen

How to remove Win32/Packed.NoobyProtect.D suspicious?

Win32/Packed.NoobyProtect.D suspicious removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Win32/Packed.NoobyProtect.D suspicious removal guide