Adware Reports malware removal guides and threat research Updated security instructions for Windows users
Home/Crack
Threat report

How to remove “Win32/Patched.NKO”?

Published Apr 27, 2024 Crack category 3 min read
Report context

What to verify before removal

This report keeps How to remove “Win32/Patched.NKO”? in the active library because the detection has enough technical context to support a careful second-opinion scan and cleanup decision.

Start by comparing the local file name with B8278FBCA2C7F3F8EB3F.mlw, then review the behavior notes for persistence entries, dropped files, unusual processes, and browser or network changes. This helps separate a matching detection from a different file that only shares a similar alert name.

Observed file
B8278FBCA2C7F3F8EB3F.mlw
  • Compare the suspicious file name with B8278FBCA2C7F3F8EB3F.mlw.
  • Confirm the detection name matches How to remove “Win32/Patched.NKO”? before removing related files.
  • Review the report for persistence entries, dropped files, unusual processes, and browser or network changes so the cleanup is based on observed behavior, not only the label.
  • Run a full scan, quarantine confirmed detections, and restart before signing back in to sensitive accounts.

The Win32/Patched.NKO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Win32/Patched.NKO virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Binary file triggered YARA rule
  • Touches a file containing cookies, possibly for information gathering
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/Patched.NKO?



File Info:

name: B8278FBCA2C7F3F8EB3F.mlw
path: /opt/CAPEv2/storage/binaries/a9e4a49518d60a33b5744e32d55405570f112386f1a25fcb1e22d56f756d6bd2
crc32: 574C39E3
md5: b8278fbca2c7f3f8eb3fe906a753bd54
sha1: 3cb6831f415226b7c411919f950586ad5ff45691
sha256: a9e4a49518d60a33b5744e32d55405570f112386f1a25fcb1e22d56f756d6bd2
sha512: df1d333d42836872c992b1b88ee1db8b2cfaab1323454d989a65b2f7f8a066eee06266ed53094f330a01710f98500642ac17e9900c5be8dfbb56a7314f9e96ac
ssdeep: 98304:cFkOEzAIVAGB5aJtLMY6NF54zJ6mETj5g7ueBx5+h2dYLUbS+dSDI177gAoG4:Xz7AS5Y+r5EJKj5g7ue6o6lm77p+
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T133869F21C646A61AF8E704B18A7E526EA01CBB70073855C3E3CC6D5F56FE6D36E31A13
sha3_384: f2a1a234ed8c948d74884fd932cdfb331fc839e39748225f90bd9fb8727bc7f5d9375c14d249c0a79dd327f294663ede
ep_bytes: 558bec837d0c017505e815000000ff75
timestamp: 2021-02-24 21:22:49


Version Info:

Applicability: Accessibility, Reflow, eBooks, and Document Repurposing
Comments: This plug-in creates a Tagged (structured) PDF
CompanyName: Adobe Systems Incorporated
FileDescription: Adobe Acrobat Make Accessible Plug-in
FileVersion: 21.1.20142.424128
LegalCopyright: Copyright 1984-2021 Adobe Systems Incorporated and its licensors. All rights reserved.
LegalTrademarks: Adobe, Acrobat and the Acrobat logo are trademarks of Adobe Systems Incorporated which may be registered in certain jurisdictions.
OriginalFilename: MakeAccessible.api
ProductName: Adobe Acrobat Make Acccessible
ProductVersion: 21.1.20142.424128
Translation: 0x0409 0x04e4

Win32/Patched.NKO also known as:

Bkav W32.AIDetectMalware
AVG Win32:Patched-AWW [Trj]
Elastic malicious (high confidence)
DrWeb Win32.Beetle.3
MicroWorld-eScan Gen:Variant.Lazy.386952
Skyhigh BehavesLike.Win32.Generic.wc
VIPRE Gen:Variant.Lazy.386952
K7GW Trojan ( 005ab4bf1 )
K7AntiVirus Trojan ( 005ab4bf1 )
ESET-NOD32 a variant of Win32/Patched.NKO
Cynet Malicious (score: 100)
Avast Win32:Patched-AWW [Trj]
ClamAV Win.Ransomware.Lazy-10007928-0
Kaspersky Virus.Win32.Senoval.a
BitDefender Gen:Variant.Lazy.386952
NANO-Antivirus Virus.Win32.Gen-Crypt.ccnc
Rising Trojan.Generic@AI.100 (RDML:/0pGyH2RbT3cZLvzza8Zfw)
Emsisoft Gen:Variant.Lazy.386952 (B)
F-Secure Trojan.TR/Patched.Gen
Zillya Trojan.Generic.Win32.1821834
FireEye Generic.mg.b8278fbca2c7f3f8
Sophos W32/Patched-CD
SentinelOne Static AI – Suspicious PE
Varist W32/Patched.GQ1.gen!Eldorado
Avira TR/Patched.Gen
MAX malware (ai score=81)
Antiy-AVL Trojan/Win32.Patched
Microsoft Trojan:Win32/Doina!pz
Arcabit Trojan.Lazy.D5E788
ZoneAlarm Virus.Win32.Senoval.a
GData Gen:Variant.Lazy.386952
Google Detected
AhnLab-V3 Trojan/Win.Generic.R605109
ALYac Gen:Variant.Lazy.386952
Panda Trj/Genetic.gen
Tencent Trojan.Win32.Pathced_ya.16001052
Ikarus Trojan.Win32.Patched
MaxSecure Trojan.Malware.121218.susgen
Fortinet W32/Patched.IP!tr

How to remove Win32/Patched.NKO?

Recommended second-opinion scan

Verify the infection before changing system settings

Use GridinSoft Anti-Malware to run a full scan, review detected persistence entries, and quarantine confirmed threats before restarting Windows.

Download GridinSoft Anti-Malware
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.