home

ntsvc.exe

Navigation

Navigation network co.,limited

The application ntsvc.exe, “Net Service Event Handler” by Navigation network co.,limited has been detected as adware by 5 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Net Service Event Handler”. This file is typically installed with the program searchult by Navigation. While running, it connects to the Internet address anubisnetworks.com on port 80 using the HTTP protocol.
Publisher:
Navigation Co., Ltd.  (signed by Navigation network co.,limited)

Product:
Navigation

Description:
Net Service Event Handler

Version:
2.0.1.7353

MD5:
5fe6634f39458f80228c0f35d6e92eb2

SHA-1:
99556c0b8869127a869736c779a9fa617f4732bd

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
1/12/2025 4:46:12 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Adware.Navegaki (variant)
9.11030

IKARUS anti.virus
PUA.Navegaki
t3scan.1.6.1.0

Reason Heuristics
PUP.Service.Navigationnetworkcolimited
15.2.20.11

Rising Antivirus
PE:Worm.Rebhip!1.64F0
23.00.65.15218

Trend Micro House Call
Cryp_Xin1
7.2.51

File size:
393.9 KB (403,320 bytes)

Product version:
2.0.1.7353

Copyright:
Navigation Copyright (C) 2013

Original file name:
ntsvc.exe

File type:
Executable application (Win32 EXE)

Language:
Chino (RPC)

Common path:
C:\Documents and Settings\{user}\Application data\ntsvc\ntsvc.exe

Digital Signature
Signed by:
Navigation network co.,limited

Authority:
VeriSign, Inc.

Valid from:
2/18/2014 9:00:00 PM

Valid to:
2/19/2016 8:59:59 PM

Subject:
CN="Navigation network co.,limited", OU=Software Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Navigation network co.,limited", L=Hongkong, S=Hongkong, C=HK

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2617E71F3DD61639E291AD2D048E1D8A

File PE Metadata
Compilation timestamp:
2/17/2015 12:10:13 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:icg7jpQq5NxDhGThmR6hQj2M7vSciNK1rbWMdIMxKoUAF72:it7jpQqBhG4R6hQLvFiw1bWMvooxF72

Entry address:
0x2D7D8

Entry point:
E8, E7, DA, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, 3D, 40, F2, 45, 00, 00, 75, 75, 8B, 55, 08, 85, D2, 75, 17, E8, 44, 2B, 00, 00, C7, 00, 16, 00, 00, 00, E8, 82, 69, 00, 00, B8, FF, FF, FF, 7F, 5D, C3, 8B, 4D, 0C, 85, C9, 74, E2, 53, 56, 57, 6A, 41, 5F, 6A, 5A, 2B, D1, 5B, 0F, B7, 04, 0A, 66, 3B, C7, 72, 0D, 66, 3B, C3, 77, 08, 83, C0, 20, 0F, B7, F0, EB, 02, 8B, F0, 0F, B7, 01, 66, 3B, C7, 72, 0B, 66, 3B, C3, 77, 06, 83, C0, 20, 0F, B7, C0, 83, C1, 02, 66, 85, F6, 74, 05, 66, 3B, F0, 74, C8, 0F, B7...
 
[+]

Code size:
294 KB (301,056 bytes)

Service
Display name:
Net Service Event Handler

Service name:
Sed

Description:
Network service event handler for system.

Type:
Win32OwnProcess

Group:
Event log


The file ntsvc.exe has been discovered within the following program.

searchult  by Navigation
About 9% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to unallocated.barefruit.co.uk  (92.242.140.20:80)

TCP (HTTP):
Connects to ec2-52-91-52-229.compute-1.amazonaws.com  (52.91.52.229:80)

TCP (HTTP):
Connects to ec2-52-201-213-112.compute-1.amazonaws.com  (52.201.213.112:80)

TCP (HTTP):
Connects to anubisnetworks.com  (195.22.26.248:80)

TCP (HTTP):
Connects to ip-50-63-202-46.ip.secureserver.net  (50.63.202.46:80)

TCP (HTTP):
Connects to ec2-54-173-105-0.compute-1.amazonaws.com  (54.173.105.0:80)

Remove ntsvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.