Rootkit

Should I remove “Win32/Rootkit.Agent.NVE”?

Malware Removal

The Win32/Rootkit.Agent.NVE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Rootkit.Agent.NVE virus can do?

  • Sample contains Overlay data
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Win32/Rootkit.Agent.NVE?


File Info:

name: 37F909CB181BDE735C00.mlw
path: /opt/CAPEv2/storage/binaries/56e26954cd799dde7e8f195b26c6f32bc3a4509eca086c50ae5a99a1baadb0f1
crc32: DC239FB4
md5: 37f909cb181bde735c00d1c8e1b9862b
sha1: 1634dfc8af3a0adac70ba3aab78fd7457d69baee
sha256: 56e26954cd799dde7e8f195b26c6f32bc3a4509eca086c50ae5a99a1baadb0f1
sha512: 53cfed0332334995c0e3c963f070f29bc2d04f9c6915329da1228e0f564015265aa09f58e36bffac8031ebc5e2cd41e11d56b46a83ea2e48ad23c37c080400e5
ssdeep: 6144:a/32Fy32FbhUV4cdoYDKnxiwySZ3jI3wkmTqyB80RjlAshRk032Fem/wglv32Fl:LFtFbhef7AxgSZ3jYTyiCpKvFjcFl
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T137B4C09D79F1C652C00CA8F04B674694EBB08C124E4FA29B7E5C766E2E72F01DE7A075
sha3_384: eb988aefc984e88f61a94828b45cebdc795be39cbf379577d4496c0189032f941a47800822abcf6d81bbcb09e1e64b71
ep_bytes: 8bff558bece8bdffffff5de992d1ffff
timestamp: 2010-01-18 18:16:11

Version Info:

0: [No Data]

Win32/Rootkit.Agent.NVE also known as:

BkavW32.AIDetectMalware
LionicTrojan.Multi.Generic.4!c
ClamAVWin.Trojan.Rootkit-4120
FireEyeGeneric.mg.37f909cb181bde73
MalwarebytesFlyStudio.Trojan.MalPack.DDS
SangforSuspicious.Win32.Save.a
K7AntiVirusRootKit ( 004c6bb01 )
K7GWRootKit ( 004c6bb01 )
Cybereasonmalicious.b181bd
VirITBackdoor.Win32.Generic.CCSK
Elasticmalicious (high confidence)
ESET-NOD32Win32/Rootkit.Agent.NVE
APEXMalicious
CynetMalicious (score: 100)
KasperskyUDS:DangerousObject.Multi.Generic
AlibabaRootkit:Win32/FlyAgent.7f0c0b96
NANO-AntivirusTrojan.Win32.HideProc.dbbva
ViRobotTrojan.Win32.RT-Agent.4096.P
AvastWin32:Evo-gen [Trj]
RisingRootkit.Agent!1.9941 (CLASSIC)
BaiduWin32.Rootkit.HideProc.a
F-SecureTrojan.TR/Rootkit.Gen
DrWebTrojan.PWS.Wsgame.28350
ZillyaRootkit.HideProc.Win32.23
TrendMicroTROJ_GEN.R002C0ODT23
McAfee-GW-EditionBehavesLike.Win32.Infected.gh
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
JiangminRootkit.HideProc.dl
AviraTR/Rootkit.Gen
MAXmalware (ai score=99)
XcitiumMalware@#3n2uqevqh5oly
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmUDS:DangerousObject.Multi.Generic
GoogleDetected
AhnLab-V3Trojan/Win32.HideProc.R52969
Acronissuspicious
McAfeeArtemis!37F909CB181B
VBA32Rootkit.HideProc
Cylanceunsafe
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002C0ODT23
TencentTrojan.Win32.AntiOpenProcess.a
YandexTrojan.GenAsa!eeilYv6N8SA
IkarusRootkit.Win32.HideProc
FortinetW32/HideProc.AM!tr.rkit
AVGWin32:Evo-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Rootkit.Agent.NVE?

Win32/Rootkit.Agent.NVE removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment