Malware

Should I remove “Win32/Virut.NKN”?

Malware Removal

The Win32/Virut.NKN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Virut.NKN virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Performs a large number of encryption calls using the same key possibly indicative of ransomware file encryption behavior

How to determine Win32/Virut.NKN?



File Info:

name: 0CBCC4B1B94A0A24CD6A.mlw
path: /opt/CAPEv2/storage/binaries/1aeeead0b508f0187dff6388edabe36064c49086214e24614f6af9bae10a56f3
crc32: 8D8D0C7E
md5: 0cbcc4b1b94a0a24cd6accf418d7c0b7
sha1: e634c1fa487f7bd6d97be2526c93a555f838dc0c
sha256: 1aeeead0b508f0187dff6388edabe36064c49086214e24614f6af9bae10a56f3
sha512: 0236234b314561e41dcaa5e9911c4cef58080399216b9e2c8282b4a10bd5d0a729b6fc56a451fb261a487b42c8569c00f2b68afe6008add27a26c9e0cb12f1fe
ssdeep: 768:7fwUs2W91K3tJyi3aQ123mF9mbOPyQmXLfQ:UUsV91EPT3cWF9rPHmXLf
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BFF2D12252DAE2BDD0D62370043F3E3A35196D61BF2D0ADFB9D2617D14F0D918AB83A1
sha3_384: e601fa99967971823c3794efb7311d7e249d355b44c20375d19ddd5d1bae3a7851b2e290613999b040f458bbe007e7c0
ep_bytes: 4afec600e281e22390c02948b0366896
timestamp: 2004-11-12 16:01:25


Version Info:

CompanyName: Microsoft Corporation
FileDescription: COM Surrogate
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
InternalName: dllhost.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: dllhost.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.1.7600.16385
Translation: 0x0409 0x04b0

Win32/Virut.NKN also known as:

BkavW32.Vetor.PE
tehtrisGeneric.Malware
MicroWorld-eScanWin32.Virtob.Gen.12
FireEyeGeneric.mg.0cbcc4b1b94a0a24
CAT-QuickHealW32.Virut.G
McAfeeW32/Virut.rem.K
CylanceUnsafe
VIPREWin32.Virtob.Gen.12
SangforTrojan.Win32.Save.a
K7AntiVirusVirus ( f10002001 )
K7GWVirus ( f10002001 )
Cybereasonmalicious.1b94a0
BitDefenderThetaAI:FileInfector.C9457D4313
CyrenW32/Virut.E.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Virut.NKN
TrendMicro-HouseCallPE_VIRUX.S-4
KasperskyVirus.Win32.Virut.ce
BitDefenderWin32.Virtob.Gen.12
NANO-AntivirusVirus.Win32.Virut-Gen.bwpxnc
CynetMalicious (score: 100)
AvastWin32:Vitro [Inf]
TencentVirus.Win32.Virut.Gen.200006
Ad-AwareWin32.Virtob.Gen.12
TACHYONVirus/W32.Virut.Gen
SophosMal/Generic-R + W32/Scribble-B
ComodoVirus.Win32.Virut.CE@5jedjj
ZillyaVirus.Virut.Win32.1939
TrendMicroPE_VIRUX.S-4
McAfee-GW-EditionBehavesLike.Win32.Virut.nc
SentinelOneStatic AI – Malicious PE
Trapminemalicious.high.ml.score
CMCVirus.Win32.Virut.1!O
EmsisoftWin32.Virtob.Gen.12 (B)
APEXMalicious
GDataWin32.Virtob.Gen.12
JiangminWin32/Virut.bt
AviraW32/Virut.Gen
Antiy-AVLTrojan/Generic.ASVirus.2F
ArcabitWin32.Virtob.Gen.12
ViRobotWin32.Virut.Gen.C
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Win32/Virut.F
Acronissuspicious
VBA32Malware-Cryptor.Trac
MAXmalware (ai score=89)
MalwarebytesMalware.Heuristic.1001
RisingVirus.Virut!1.A08B (CLASSIC)
YandexWin32.Virut.AB.Gen
IkarusVirus.Virut
MaxSecureVirus.Virut.CE
FortinetW32/Virut.CE
AVGWin32:Vitro [Inf]
PandaW32/Sality.AO
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Virut.NKN?

Win32/Virut.NKN removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment