TrendMicro: WORM_NOPIR.B

Discussion in 'malware problems & news' started by Randy_Bell, Apr 29, 2005.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    May 24, 2002
    Santa Clara, CA
    WORM_NOPIR.B is a non-destructive, memory-resident worm that propagates via peer-to-peer networks. It searches for availabe peer-to-peer applications and then sends copies of itself to all available or online users. This worm is spreading in-the-wild and infecting computers running Windows 95, 98, ME, NT, 2000, and XP.

    Upon execution, this memory-resident worm creates the folder %Program Files%\Restore. It then drops a copy of itself in this folder as VXST.EXE. It also drops a copy of itself as %Program Files%\Projects Visual Studio.NET\Nctrup.exe, and searches for and deletes files with the extensions .com and .mp3.

    This worm also creates several registry entries that perform the following:

    * Ensure its automoatic execution at every Windows startup
    * Disable registry tools
    * Prevents the user from accessing the Control Panel to edit the registry

    This worm does not check for memory-residency, so multiple instances of it may run on a computer system.

    If you would like to scan your computer for WORM_NOPIR.B or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at:

    WORM_NOPIR.B is detected and cleaned by Trend Micro pattern file #2.591.03 and above.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.