Malware

Win32/RA-based.NKL removal

Malware Removal

The Win32/RA-based.NKL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/RA-based.NKL virus can do?

  • Executable code extraction
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Creates a hidden or system file
  • Network activity detected but not expressed in API logs

How to determine Win32/RA-based.NKL?



File Info:

crc32: 4DEC26F0
md5: 7b3fad053f48326b3d69ce2ef83baf38
name: 7B3FAD053F48326B3D69CE2EF83BAF38.mlw
sha1: 304a1b55953b91822ee9b3eb4f8c6162eb39cf3e
sha256: 64e5b32569d9f0f8494b23e6ed44b0f5ab5fe96308751cf3c0b0bdbe82d88605
sha512: 0550fd571aed1a96a7925b4d3310bfb35132366cf48d072b6304a5337082c5d9b4c286e61a569c5152e9c1523894aad64a810aed6646cd1c86235bd42ddba9fb
ssdeep: 196608:ad/tGPPLAczgTTgvlHcQZyu2WyYGqGgujZ+FT+8LsOxtl:uULJcT0vlHtZyu2FLv5jtotl
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright:                                                                                                     
FileVersion:                     
CompanyName: Nintendo Limited, Inc.                                      
Comments: This installation was built with Inno Setup.
ProductName: ZeldaWallet                                                 
ProductVersion: 1.0                                               
FileDescription: ZeldaWallet Setup                                           
OriginalFileName:                                                   
Translation: 0x0000 0x04b0

Win32/RA-based.NKL also known as:

LionicRiskware.Win32.NetSup.1!c
DrWebBackDoor.RMS.195
ALYacTrojan.GenericKD.46746386
CylanceUnsafe
BitDefenderTrojan.GenericKD.46746386
CyrenW32/Trojan.XRAZ-9278
ESET-NOD32Win32/RA-based.NKL
Kasperskynot-a-virus:UDS:RemoteAdmin.Win32.NetSup.i
AlibabaRiskWare:Win32/NetSup.b380fe74
NANO-AntivirusRiskware.Win32.RemoteAdmin.hgpwck
MicroWorld-eScanTrojan.GenericKD.46746386
Ad-AwareTrojan.GenericKD.46746386
TrendMicroTROJ_FRS.VSNTH521
McAfee-GW-EditionArtemis
FireEyeTrojan.GenericKD.46746386
EmsisoftTrojan.GenericKD.46746386 (B)
WebrootW32.Trojan.Gen
ZoneAlarmnot-a-virus:RemoteAdmin.Win32.NetSup.i
GDataTrojan.GenericKD.46746386
McAfeeArtemis!7B3FAD053F48
MAXmalware (ai score=82)
TrendMicro-HouseCallTROJ_FRS.VSNTH521
IkarusTrojan.Win32.Wdfload
FortinetRiskware/NetSup
Qihoo-360Win32/Trojan.Generic.HgIASRUA

How to remove Win32/RA-based.NKL?

Win32/RA-based.NKL removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment