We checked some samples of NSAVFLT.SYS and detected the file NSAVFLT.SYS as threat.
Remove the NSAVFLT.SYS file from your computer right now.
Removal tool: http://www.unhackme.com
Malware Analysis of NSAVFLT.SYS
Full path on a computer: %SysDir%\nsavflt.sys
Detected by UnHackMe:
NSAVFLT.SYS
Default location: %SysDir%\nsavflt.sys
Removal Results: Success
Number of reboot: 1
NSAVFLT.SYS is known as:
Trojan.AMN (A), TR.Rogue.9185194, a variant of Win32.Packed.VMProtect.AAN
NSAVFLT.SYS hash:
- MD5: 35db7dffb776c9bfdc13746169669b6b
How to quickly detect NSAVFLT.SYS presence?
![]( "Registry")
Registry:
![]( "Files")
Files:
Registry:- HKLM\System\CurrentControlSet\Services\net8139\Type: 0×00000001
- HKLM\System\CurrentControlSet\Services\net8139\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\net8139\ErrorControl: 0×00000001
- HKLM\System\CurrentControlSet\Services\net8139\ImagePath: “\??\%SysDir%\nsavflt.sys”
- HKLM\System\CurrentControlSet\Services\net8139\DisplayName: “net8139″
Files:- %SysDir%\netware.eng
- %SysDir%\nsavflt.sys