Backdoor:Win32/Nuwar.C is a backdoor Trojan that allows unauthorized access to an infected computer. The Trojan receives commands indirectly from a remote attacker via its connection to a malicious peer-to-peer network. This Trojan also contains advanced stealth functionality that allows it to hide particular files, folders and processes.

Virus:Win32/Nuwar.A is a file modifying virus. This virus modifies device drivers on an infected system, specifically files named kbdclass.sys and tcpip.sys. The modified drivers load Nuwar into memory on system startup, and in some cases, the virus may block system file checker from displaying notifications of these system file modifications.

 

Related Malware

TrojanDownloader:Win32/Nuwar.A is a Trojan that downloads data from hard-coded remote Web sites. The downloaded information usually includes encrypted hyperlinks to malicious programs. TrojanDownloader:Win32/Nuwar.A connects to the specified URL, then downloads and executes the linked executables.

TrojanDropper:Win32/Nuwar.A is a Trojan that drops and installs Backdoor:Win32/Nuwar.A or Backdoor:Win32/Nuwar.B onto an infected computer.

 

Backdoor:Win32/Nuwar is a Backdoor Trojan that allows unauthorized access to an infected computer. The Trojan receives commands indirectly from a remote attacker via its connection to a malicious peer-to-peer network. This Trojan also contains advanced stealth functionality that allows it to hide particular files, registry entries and registry values.

 

Related Malware

TrojanDropper:Win32/Nuwar.gen!avkill is a Trojan that drops and installs Backdoor:Win32/Nuwar.C onto an infected computer.

 

Backdoor:Win32/Nuwar.C is a Backdoor Trojan that allows unauthorized access to an infected computer. The Trojan receives commands indirectly from a remote attacker via its connection to a malicious peer-to-peer network. This Trojan also contains advanced stealth functionality that allows it to hide particular files, registry entries and registry values.

 

Related Malware

TrojanDropper:Win32/Nuwar.gen!backdoor is a Trojan that drops and installs Backdoor:Win32/Nuwar.B onto an infected computer.

 

Backdoor:Win32/Nuwar.B is a Backdoor Trojan that allows unauthorized access to an infected computer. The Trojan receives commands indirectly from a remote attacker via its connection to a malicious peer-to-peer network. This Trojan also contains advanced stealth functionality that allows it to hide particular files, registry entries and registry values.

 

Related Malware

Spammer:Win32/Nuwar.D is a component of the Win32/Nuwar Trojan family, and is used to relay e-mails. E-mail messages are sent in various formats, commonly containing a hyperlink to a remote Web site hosting Win32/Nuwar Trojan files.

Spammer:Win32/Nuwar.E is a component of the Win32/Nuwar Trojan family, and is used to relay e-mails. E-mail messages are sent in various formats, commonly containing a hyperlink to a remote Web site hosting Win32/Nuwar Trojan files.

Backdoor:Win32/Nuwar!sys is the kernel mode driver component of Backdoor:Win32/Nuwar, a backdoor Trojan that allows unauthorized access to an infected computer. The Trojan receives commands indirectly from a remote attacker via its connection to a malicious peer-to-peer network.

Trojan:Win32/Conhook.B installs itself as a Browser Helper Object (BHO), and connects to the Internet without user consent. This Trojan may also terminate specific security services, and download additional malware to the computer.

TrojanDownloader:Win32/Zlob.gen!M is generic detection for a component of the greater Win32/Zlob family. Win32/Zlob refers a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software). The Win32/Zlob family has also been associated with rogue security programs that display misleading warnings regarding bogus malware infections.

TrojanDownloader:Win32/Zlob.gen!T is generic detection for a component of the greater Win32/Zlob malware family. Win32/Zlob refers a large multi-component family of malware that modifies Internet Explorer's settings, alters and redirects the user's default Internet search page and home page, and attempts to download and execute arbitrary files (including additional malicious software). The Win32/Zlob family has also been associated with rogue security programs that display misleading warnings regarding bogus malware infections.

Adware:Win32/AdRotator delivers advertisements, and as the name suggests, "rotates" advertisements among sponsors. AdRotator contacts remote Web sites in order to deliver updated content. This application also displays fake error messages that encourage users to download and install additional applications.

Worm:Win32/Bagle.ZE@mm is a mass-mailing worm that attempts to download and run arbitrary files from remote Web sites. Worm:Win32/Bagle.ZE@mm collects e-mail addresses from the local drive and by checking remote Web sites referenced in the worm's code. The worm attempts to terminate the Windows Automatic Update service and modifies the registry in an attempt to disable booting into Safe Mode.

TrojanDownloader:Win32/VB.BE is a trojan that downloads and executes another trojan from a remote Web site. We have received reports that this trojan was distributed in the wild on MySpace with a malicious link referring to the Microsoft Malicious Software Removal Tool (MSRT).

TrojanDownloader:Win32/Renos.CB is a Trojan downloader component of TrojanDropper:Win32/Renos.B. It attempts to download possibly unwanted software that may be detected as Program:Win32/AntiVirGear.

Worm:Win32/Slenfbot.AE is a worm that can spread via MSN Messenger. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.

Worm:Win32/Slenfbot.AG is a worm that can spread via MSN Messenger. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.

TrojanSpy:Win32/Delf.HF is a Trojan data stealer for "TianLongBaBu", a popular massive-multiplayer online role playing game (MMORPG).