Content
W32/NGVCK
- Type
- Virus
- SubType
- Win32
- Discovery Date
- 05/01/2001
- Length
- 538-9,632 bytes
- Minimum DAT
- 4208 (06/19/2002)
- Updated DAT
- 5578 (04/08/2009)
- Minimum Engine
- 5.1.00
- Description Added
- 08/14/2003
- Description Modified
- 08/14/2003 6:42 AM (PT)
Tab Navigation
Characteristics
This detection is heuristic in it's nature. It was designed to cover most of the creations of NGVCK virus construction kit. This virus kit produces assembler sources that were used to compile many dozens of different viruses. Many of these sources were manually modified before the compilation. At the moment of writing W32/NGVCK detections covers about 50 different virus variants and this number is constantly growing.
If you see a detection under that name and the scanner cannot clean the infected file it is likely to be a new virus variant. Please submit it to AVERT for analysis.
Symptoms
This family infects PE files. The most obvious sign of the infection is if your scanner triggers with "W32/NGVCK" name. It can be also:
- W32/NGVCK.dr,
- W32/NGVCK.a,
- W32/NGVCK.b,
- W32/NGVCK.c,
- W32/NGVCK.d,
- W32/NGVCK.intd,
- W32/NGVCK.dr.intd
Mildly polymorphic and encrypted viruses would also be detected within this family.
Method of Infection
This virus family includes strains that use different infection techniques. Majority are, however, parasitic repairable variants.
A good deal of W32/NGVCK variants cannot function properly and are detected as intended viruses (with .intd suffix). Intended virus droppers are also common in this family - they are detected as W32/NGVCK.dr.intd (and that means they do not drop any virus).
Only a few variants are overwriting (and, thus, infected files cannot be repaired as their contents are largely lost).
Removal
All Users:
Use specified engine and DAT files for detection and removal.
Variants
Variants
N/A
All Information
Overview -
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Aliases
- W32/NGVCK.a
- W32/NGVCK.b
- W32/NGVCK.c
- W32/NGVCK.d
- W32/NGVCK.dr
- W32/NGVCK.dr.intd
- W32/NGVCK.intd
- W32/NGVCK.ow
Characteristics
Characteristics -
This detection is heuristic in it's nature. It was designed to cover most of the creations of NGVCK virus construction kit. This virus kit produces assembler sources that were used to compile many dozens of different viruses. Many of these sources were manually modified before the compilation. At the moment of writing W32/NGVCK detections covers about 50 different virus variants and this number is constantly growing.
If you see a detection under that name and the scanner cannot clean the infected file it is likely to be a new virus variant. Please submit it to AVERT for analysis.
Symptoms
Symptoms -
This family infects PE files. The most obvious sign of the infection is if your scanner triggers with "W32/NGVCK" name. It can be also:
- W32/NGVCK.dr,
- W32/NGVCK.a,
- W32/NGVCK.b,
- W32/NGVCK.c,
- W32/NGVCK.d,
- W32/NGVCK.intd,
- W32/NGVCK.dr.intd
Mildly polymorphic and encrypted viruses would also be detected within this family.
Method of Infection
Method of Infection -
This virus family includes strains that use different infection techniques. Majority are, however, parasitic repairable variants.
A good deal of W32/NGVCK variants cannot function properly and are detected as intended viruses (with .intd suffix). Intended virus droppers are also common in this family - they are detected as W32/NGVCK.dr.intd (and that means they do not drop any virus).
Only a few variants are overwriting (and, thus, infected files cannot be repaired as their contents are largely lost).
Removal -
Removal -
All Users:
Use specified engine and DAT files for detection and removal.
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
