high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | June 2005 (3.94) |
| Protection available since | 20 April 2005 21:21:09 (GMT) |
| Last updated | 8 May 2005 20:52:58 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
Please contact technical support.
More Information
W32/Nopir-B is a worm for the Windows platform.
W32/Nopir-B will display an anti-piracy image on the screen when run. The worm will then delete all COM and MP3 files from the computer. The worm will also disable taskmanager, registry tools, and access to the control panel. W32/Nopir-B will also check for debuggers and may attempt to disable any such software that it finds.
W32/Nopir-B copies itself to <Program Files>\Projects Visual Studio.NET\Nctrup.exe, <Program Files>\Restore\<random name>.exe, <Program Files>\eMule\Incoming\AnyDVD 5.1.0.1 Crack+Keygen By Razor.exe. W32/Nopir-B is a worm for the Windows platform.
W32/Nopir-B will display an anti-piracy image on the screen when run, as seen here:
 |
| The image displayed by the Nopir-B worm. |
The worm will then delete all COM and MP3 files from the computer. The worm will also disable taskmanager, registry tools, and access to the control panel. W32/Nopir-B will also check for debuggers and may attempt to disable any such software that it finds.
W32/Nopir-B copies itself to <Program Files>\Projects Visual Studio.NET\Nctrup.exe, <Program Files>\Restore\<random name>.exe, <Program Files>\eMule\Incoming\AnyDVD 5.1.0.1 Crack+Keygen By Razor.exe.
W32/Nopir-B will create the following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Verif
<Program Files>\Restore\<random name>.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
securw
<Program Files>\Projects Visual Studio.NET\Nctrup.exe
HKCR\exefile\Shell\open\command
<Program Files>\Projects Visual Studio.NET\Nctrup.exe
HKCR\batfile\Shell\open\command
<Program Files>\Projects Visual Studio.NET\Nctrup.exe
HKCR\comfile\Shell\open\command
<Program Files>\Projects Visual Studio.NET\Nctrup.exe
HKCR\scrfile\Shell\open\command
<Program Files>\Projects Visual Studio.NET\Nctrup.exe
HKCR\piffile\Shell\open\command
<Program Files>\Projects Visual Studio.NET\Nctrup.exe
HKCR\vbsfile\Shell\open\command
<Program Files>\Projects Visual Studio.NET\Nctrup.exe
HKCR\vbefile\Shell\open\command
<Program Files>\Projects Visual Studio.NET\Nctrup.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoControlPanel
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
1
|
