Malware

Win32/Virut.NKQ information

Malware Removal

The Win32/Virut.NKQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Virut.NKQ virus can do?

  • Dynamic (imported) function loading detected
  • The PE file contains a PDB path
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Win32/Virut.NKQ?



File Info:

name: C13C6FD4F184E7B34A15.mlw
path: /opt/CAPEv2/storage/binaries/6796c50817e00b5deb6df7f7232d41d5e220ee2b9fa4c2ecd2a4e52f08c4afd9
crc32: EC5DAF38
md5: c13c6fd4f184e7b34a15854427d0c30e
sha1: ccd4b1557e1e663588427591fdc3a49b50d34311
sha256: 6796c50817e00b5deb6df7f7232d41d5e220ee2b9fa4c2ecd2a4e52f08c4afd9
sha512: bbf3e2227897114dad70783631d31ff2ecb5a1a11fd139c07a943fdc84ed0c824a20fdfb307e9f2b4e40fc99899e959ad592f34d6263ca02ccc82a259f6b2865
ssdeep: 3072:fd60h/D+ETJyWm0s+yd148kDuWQezL6lx:VgW13DuWQeK
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15FC32B03BA88D8A6E4132270097763F96735FE344D16A61B3B50FA5F287D291DF7834A
sha3_384: 36e31d29547d69c7ac9667bc95e640005fb75d7274bb1e771c624349b38a4390f8f5ac62819668f0dbf815a1aa2e1529
ep_bytes: 558bec6aff6810674000688058400064
timestamp: 1996-10-20 17:22:40


Version Info:

Translation: 0x0409 0x04e4
Platform: Windows
CompanyName: Microsoft Corporation
FileDescription: SQL Server Replication Distribution Agent
FileVersion: 1998.11.13
InternalName: DISTRIB
LegalCopyright: Copyright © Microsoft Corp. 1988-1998
LegalTrademarks: Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation
OriginalFilename: DISTRIB.EXE
ProductName: Microsoft SQL Server
ProductVersion: 7.00.623
Comments: Windows

Win32/Virut.NKQ also known as:

BkavW32.AIDetect.malware1
FireEyeGeneric.mg.c13c6fd4f184e7b3
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
CrowdStrikewin/malicious_confidence_90% (W)
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Virut.NKQ.gen
APEXMalicious
NANO-AntivirusVirus.Win32.Virut-Gen.bwpxnc
AvastWin32:WrongInf-B [Susp]
McAfee-GW-EditionArtemis
SophosML/PE-A
AviraTR/Symmi.ahdyd
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
McAfeeArtemis!C13C6FD4F184
TrendMicro-HouseCallTROJ_GEN.R067H0CL421
RisingMalware.Heuristic!ET#82% (RDMK:cmRtazrU0M3mxD6WKf1khtV7q8IZ)
YandexTrojan.Symmi!hVfIlVofksg
IkarusTrojan.Patched
FortinetW32/Virut.NKQ
BitDefenderThetaGen:NN.ZexaF.34062.hu0@auMF9Xpi
AVGWin32:WrongInf-B [Susp]
Cybereasonmalicious.57e1e6

How to remove Win32/Virut.NKQ?

Win32/Virut.NKQ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment