TrendMicro: WORM_NOPIR.B

Discussion in 'malware problems & news' started by Randy_Bell, Apr 29, 2005.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    May 24, 2002
    Santa Clara, CA
    WORM_NOPIR.B is a non-destructive, memory-resident worm that propagates via peer-to-peer networks. It searches for availabe peer-to-peer applications and then sends copies of itself to all available or online users. This worm is spreading in-the-wild and infecting computers running Windows 95, 98, ME, NT, 2000, and XP.

    Upon execution, this memory-resident worm creates the folder %Program Files%\Restore. It then drops a copy of itself in this folder as VXST.EXE. It also drops a copy of itself as %Program Files%\Projects Visual Studio.NET\Nctrup.exe, and searches for and deletes files with the extensions .com and .mp3.

    This worm also creates several registry entries that perform the following:

    * Ensure its automoatic execution at every Windows startup
    * Disable registry tools
    * Prevents the user from accessing the Control Panel to edit the registry

    This worm does not check for memory-residency, so multiple instances of it may run on a computer system.

    If you would like to scan your computer for WORM_NOPIR.B or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at:

    WORM_NOPIR.B is detected and cleaned by Trend Micro pattern file #2.591.03 and above.
Thread Status:
Not open for further replies.