How to remove “Win32/Virut.NEY”?

The Win32/Virut.NEY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/Virut.NEY virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Win32/Virut.NEY?


File Info:
name: 490757D49968F8192556.mlw
path: /opt/CAPEv2/storage/binaries/bfe5b2a620c85d83ef29c080e43f38489a761ec41417da90722e0fd1cc14c911
crc32: 3CAF1C5B
md5: 490757d49968f81925565d7f2e283c09
sha1: 533962e92e57f52de6ec99dc651d687ccd84911b
sha256: bfe5b2a620c85d83ef29c080e43f38489a761ec41417da90722e0fd1cc14c911
sha512: 8d1ccd89823f4504769025c742f371bcb0d8a5e7d1e26ff326610c2ae32c8c754d28e820fba7f887f1b762af9b4278624610499fcd004e43bc66a1196c0314d0
ssdeep: 1536:vkq6X6S6RdTWMpFIMusEzMZwnwFRBbwCKSE8aWvI/Za2cc:vla6S6RMMfosEzMZEmJzaWmZv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T187B35A0063E4553AF1F2667859BD56715A3EFC513739E68F1240C28E8A26FC0AF3936B
sha3_384: 0688b7b8198c3e9a3c1f5a0cfab0428ce4db92a9925de45e152cadfb3863f5cb17c74c6d4b2e1d1e3fe6221e0749d643
ep_bytes: 6a6068001e0001e874180000bf940000
timestamp: 2004-08-04 05:59:22

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Internet Connection Wizard
FileVersion: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
InternalName: ICWCONN2
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: ICWCONN2.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.00.2900.2180
Translation: 0x0409 0x04b0

Win32/Virut.NEY also known as:

Bkav	W32.Vetor.PE
Lionic	Virus.Win32.Virut.n!c
tehtris	Generic.Malware
FireEye	Generic.mg.490757d49968f819
CAT-QuickHeal	W32.Virut.G
Skyhigh	BehavesLike.Win32.Generic.ch
McAfee	Artemis!490757D49968
Malwarebytes	Generic.Malware/Suspicious
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Virus ( f10002001 )
Alibaba	Virus:Win32/Virut.2ddced9f
K7GW	Virus ( f10002001 )
CrowdStrike	win/malicious_confidence_100% (D)
VirIT	Win32.Scribble.Q
Symantec	W32.Virut.CF
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Virut.NEY
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	Virus.Win32.Virut.ce
NANO-Antivirus	Virus.Win32.Virut.hpeg
Avast	Win32:Virtu-I [Inf]
Rising	Virus.Virut!1.A08B (CLASSIC)
Sophos	W32/Scribble-B
F-Secure	Trojan.TR/Patched.Ren.Gen
Trapmine	malicious.high.ml.score
SentinelOne	Static AI – Malicious PE
Jiangmin	Win32/Virut.bt
Varist	W32/Virut.CE.gen!Eldorado
Avira	TR/Patched.Ren.Gen
Antiy-AVL	Virus/Win32.Virut.ce
Kingsoft	malware.kb.a.998
Microsoft	Virus:Win32/Virut.BN
Xcitium	Virus.Win32.Virut.CE@5jedjj
ZoneAlarm	Virus.Win32.Virut.ce
Google	Detected
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZexaF.36802.hq0@aSzCYpni
VBA32	Virus.Virut.02
Cylance	unsafe
Panda	W32/Sality.AO
Tencent	Virus.Win32.Virut.CE.200087
Ikarus	Virus.Win32.Virut
MaxSecure	Virus.Virut.CE
Fortinet	W32/Virut.NEY
AVG	Win32:Virtu-I [Inf]
DeepInstinct	MALICIOUS

How to remove Win32/Virut.NEY?

Win32/Virut.NEY removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X