Worm

Win32.Worm.Viking.NCO (B) removal

Malware Removal

The Win32.Worm.Viking.NCO (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32.Worm.Viking.NCO (B) virus can do?

  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Deletes executed files from disk
  • The sample wrote data to the system hosts file.
  • Uses suspicious command line tools or Windows utilities

How to determine Win32.Worm.Viking.NCO (B)?



File Info:

name: 87ECBF8F2B5F97655657.mlw
path: /opt/CAPEv2/storage/binaries/3b8c827dcd0add58b4300ea86448a47d6ce9cb177921c8ea022bf65540e87480
crc32: 7CEE29B7
md5: 87ecbf8f2b5f97655657917deae6ff8f
sha1: 59e64d4124756ff8cc9fd79b1ed288feff427a21
sha256: 3b8c827dcd0add58b4300ea86448a47d6ce9cb177921c8ea022bf65540e87480
sha512: f36c1650c8770a463debb243e2181a86447f3f0a1f4be044ffb477bb088a280d35a394dd425eee766e096a012c215cc0b003b2e52ff0ddf1c42ea273dbbf7e4b
ssdeep: 49152:p/KCGZd0qgNEf16lhulJLirHJIZ/K0tDAy49uO7G6XSq4vFWVRxYOKKJY+lpSt3B:iWQtZ/K0tGOFWVRuLftCT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E6264A03F2ED52A9E0AAD178DF39A2219F727C598BF165DF214032D41E76AD07B38721
sha3_384: 8b41d62e2367c1db7516a01fcb5c4e588cd52f5b78998bdaf63a22fb0baabbe9abb9bf2e1eab18a31e58f8db467bb1f0
ep_bytes: 558bec83c4f0b89c0b4100eb95000000
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: 
FileDescription: 
FileVersion: 1.0.0.0
InternalName: 
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: 
ProductName: 
ProductVersion: 1.0.0.0
Comments: 
Translation: 0x0804 0x03a8

Win32.Worm.Viking.NCO (B) also known as:

BkavW32.LogOneG.Worm
LionicTrojan.Win32.Turkojan.lixn
Elasticmalicious (high confidence)
DrWebWin32.HLLW.Gavir.72
MicroWorld-eScanWin32.Worm.Viking.NCO
FireEyeGeneric.mg.87ecbf8f2b5f9765
CAT-QuickHealW32.Viking.DL6
SkyhighBehavesLike.Win32.HLLPPhilis.rh
McAfeeW32/HLLP.ao.gen
Cylanceunsafe
ZillyaWorm.Viking.Win32.43
SangforVirus.Win32.Viking.a
AlibabaWorm:Win32/Viking.ac42
K7GWTrojan ( 005699081 )
K7AntiVirusTrojan ( 005699081 )
BitDefenderThetaGen:NN.ZelphiF.36804.@J3@amGvbKkj
VirITWorm.Win32.Delf.BWR
Paloaltogeneric.ml
SymantecW32.Looked.BK
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Viking.NBZ
APEXMalicious
TrendMicro-HouseCallTROJ_LOOKED.ACX
AvastWin32:Malware-gen
ClamAVWin.Trojan.Philis-85
KasperskyWorm.Win32.Viking.ls
BitDefenderWin32.Worm.Viking.NCO
NANO-AntivirusTrojan.Win32.Viking.cqqgdy
TencentVirus.Win32.Viking.h
EmsisoftWin32.Worm.Viking.NCO (B)
GoogleDetected
F-SecureWorm.WORM/Viking.DLL.1
BaiduWin32.Worm.Viking.a
VIPREWin32.Worm.Viking.NCO
TrendMicroTROJ_LOOKED.ACX
Trapminemalicious.high.ml.score
SophosMal/Lookdll-A
IkarusWorm.Win32.Looked.E.dam#2
JiangminWorm/Viking.qr
VaristW32/DelfInject.A.gen!Eldorado
AviraWORM/Viking.DLL.1
Antiy-AVLWorm/Win32.Viking.jo
KingsoftWorm.Viking.hw.356415
MicrosoftTrojan:Win32/DelfInject.ME!MTB
XcitiumTrojWare.Win32.Magania.~AEA@f80tu
ArcabitWin32.Worm.Viking.NCO
ViRobotWorm.Win32.Viking.Gen
ZoneAlarmWorm.Win32.Viking.ls
GDataWin32.Trojan.PSE1.77RLTE
CynetMalicious (score: 100)
AhnLab-V3Win32/Viking.Gen
Acronissuspicious
VBA32BScope.Trojan.Click
ALYacWin32.Worm.Viking.NCO
MalwarebytesGeneric.Malware.AI.DDS
PandaW32/Viking.VH
ZonerProbably Heur.ExeHeaderP
RisingWorm.Win32.Viking.jq (CLASSIC)
MAXmalware (ai score=85)
MaxSecureTrojan.Malware.471113.susgen
FortinetW32/Viking.fam!worm
AVGWin32:Malware-gen
DeepInstinctMALICIOUS
alibabacloudWorm:Win/Viking

How to remove Win32.Worm.Viking.NCO (B)?

Win32.Worm.Viking.NCO (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment