Crack

How to remove “Win32/Patched.NKO”?

Malware Removal

The Win32/Patched.NKO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Patched.NKO virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Binary file triggered YARA rule
  • Touches a file containing cookies, possibly for information gathering
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/Patched.NKO?



File Info:

name: B8278FBCA2C7F3F8EB3F.mlw
path: /opt/CAPEv2/storage/binaries/a9e4a49518d60a33b5744e32d55405570f112386f1a25fcb1e22d56f756d6bd2
crc32: 574C39E3
md5: b8278fbca2c7f3f8eb3fe906a753bd54
sha1: 3cb6831f415226b7c411919f950586ad5ff45691
sha256: a9e4a49518d60a33b5744e32d55405570f112386f1a25fcb1e22d56f756d6bd2
sha512: df1d333d42836872c992b1b88ee1db8b2cfaab1323454d989a65b2f7f8a066eee06266ed53094f330a01710f98500642ac17e9900c5be8dfbb56a7314f9e96ac
ssdeep: 98304:cFkOEzAIVAGB5aJtLMY6NF54zJ6mETj5g7ueBx5+h2dYLUbS+dSDI177gAoG4:Xz7AS5Y+r5EJKj5g7ue6o6lm77p+
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T133869F21C646A61AF8E704B18A7E526EA01CBB70073855C3E3CC6D5F56FE6D36E31A13
sha3_384: f2a1a234ed8c948d74884fd932cdfb331fc839e39748225f90bd9fb8727bc7f5d9375c14d249c0a79dd327f294663ede
ep_bytes: 558bec837d0c017505e815000000ff75
timestamp: 2021-02-24 21:22:49


Version Info:

Applicability: Accessibility, Reflow, eBooks, and Document Repurposing
Comments: This plug-in creates a Tagged (structured) PDF
CompanyName: Adobe Systems Incorporated
FileDescription: Adobe Acrobat Make Accessible Plug-in
FileVersion: 21.1.20142.424128
LegalCopyright: Copyright 1984-2021 Adobe Systems Incorporated and its licensors. All rights reserved.
LegalTrademarks: Adobe, Acrobat and the Acrobat logo are trademarks of Adobe Systems Incorporated which may be registered in certain jurisdictions.
OriginalFilename: MakeAccessible.api
ProductName: Adobe Acrobat Make Acccessible
ProductVersion: 21.1.20142.424128
Translation: 0x0409 0x04e4

Win32/Patched.NKO also known as:

BkavW32.AIDetectMalware
AVGWin32:Patched-AWW [Trj]
Elasticmalicious (high confidence)
DrWebWin32.Beetle.3
MicroWorld-eScanGen:Variant.Lazy.386952
SkyhighBehavesLike.Win32.Generic.wc
VIPREGen:Variant.Lazy.386952
K7GWTrojan ( 005ab4bf1 )
K7AntiVirusTrojan ( 005ab4bf1 )
ESET-NOD32a variant of Win32/Patched.NKO
CynetMalicious (score: 100)
AvastWin32:Patched-AWW [Trj]
ClamAVWin.Ransomware.Lazy-10007928-0
KasperskyVirus.Win32.Senoval.a
BitDefenderGen:Variant.Lazy.386952
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
RisingTrojan.Generic@AI.100 (RDML:/0pGyH2RbT3cZLvzza8Zfw)
EmsisoftGen:Variant.Lazy.386952 (B)
F-SecureTrojan.TR/Patched.Gen
ZillyaTrojan.Generic.Win32.1821834
FireEyeGeneric.mg.b8278fbca2c7f3f8
SophosW32/Patched-CD
SentinelOneStatic AI – Suspicious PE
VaristW32/Patched.GQ1.gen!Eldorado
AviraTR/Patched.Gen
MAXmalware (ai score=81)
Antiy-AVLTrojan/Win32.Patched
MicrosoftTrojan:Win32/Doina!pz
ArcabitTrojan.Lazy.D5E788
ZoneAlarmVirus.Win32.Senoval.a
GDataGen:Variant.Lazy.386952
GoogleDetected
AhnLab-V3Trojan/Win.Generic.R605109
ALYacGen:Variant.Lazy.386952
PandaTrj/Genetic.gen
TencentTrojan.Win32.Pathced_ya.16001052
IkarusTrojan.Win32.Patched
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Patched.IP!tr

How to remove Win32/Patched.NKO?

Win32/Patched.NKO removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment