Home Malware Programs Malware HeurEngine.Packed-NsAnti

HeurEngine.Packed-NsAnti

Posted: May 5, 2010

HeurEngine.Packed-NsAnti is malicious malware which infects computer files with encryption or compression codes to operate undetected. Files tagged by HeurEngine.Packed-NsAnti are labeled suspicious but not necessarily malicious. Remove HeurEngine.Packed-NsAnti from the system as it may cause damage and invade your privacy for malicious purposes.

Aliases

Worm.Win32.AutoRun.ltt (Kaspersky Lab)
PWS-Gamania.gen.a (McAfee)
TSPY_LINEAGE.BUD (Trend Micro)
Mal/EncPk-EG
Mal/Frethog-B
Mal/EncPk-EK (Sophos)
Worm:Win32/Taterf.B (Microsoft)
Worm.Win32.AutoRun (Ikarus)
Dropper/Malware.92661 (AhnLab)

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %System%\ckvo.exe
    2 %System%\ckvo0.dll
    3 %System%\ckvo1.dll
    4 c:\autorun.inf
    5 c:\mnl6on3.com

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
Loading...