Content
W32/Nuwar@MM!B0FE1D7B
- Type
- Virus
- SubType
- -
- Discovery Date
- 09/05/2008
- Length
- 83968
- Minimum DAT
- 5378 (09/05/2008)
- Updated DAT
- 5378 (09/05/2008)
- Minimum Engine
- 5.3.00
- Description Added
- 09/05/2008
- Description Modified
- 09/05/2008 4:38 PM (PT)
Tab Navigation
Characteristics
| File Property | Property Value |
|---|---|
| FileName | back.exe |
| McAfee Detection | W32/Nuwar@MM |
| Length | 83,968 bytes |
| CRC | B0FE1D7B |
| MD5 | 2A3014C67EAC20B41C4C8FF6E6536A64 |
| SHA1 | E7C832415F12383F5C0E04E25639C6BC5C610530 |
Other Common Detection Aliases
| Company Name | Detection Name |
|---|---|
| avast | Win32:Zbot-ALS [Trj] |
| AVG (GriSoft) | i-worm/nuwar.w |
| BitDefender | Dropped:Trojan.Peed.JQV |
| Dr.Web | Trojan.Packed.607 |
| eSafe (Alladin) | Suspicious File [100] |
| Eset | a variant of Win32/Nuwar.DH |
| F-Prot | W32/Zhelatin.Q.gen!Eldorado |
| Kaspersky | Email-Worm.Win32.Zhelatin.agg |
| microsoft | backdoor:win32/nuwar.a |
| norman | W32/Tibs.gen227 |
| rising | Worm.Mail.Win32.Zhelatin.agg |
| Sophos | Troj/BdoorB-Fam |
| Symantec | Trojan.Peacomm |
| Trend Micro | TROJ_NUWAR.DDJ |
| V-Buster | Worm.DR.Zhelatin.Gen!Pac.13 |
Avert® Labs has observed the following system activities:
| Activity | Risk Level |
|---|---|
| Modifies memory of other processes | Critical |
| Enumerates running processes | Medium |
| Writes executable in the windows folder | Low |
| Creates registry keys and data values to persist on OS reboot | Informational |
Other detections that have been observed.
| FileName | McAfee Supported |
|---|---|
| %WINDIR%\neos.exe | W32/Nuwar@MM |
This sample can be identified by the following symptoms.
System Changes
These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files
The following files have been added to the system:
The following registry elements have been changed:
- neos = c:\windows\neos.exe
Symptoms
This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.
Method of Infection
Viruses are self-replicating. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.
Removal
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
Variants
Variants
N/A
All Information
Overview -
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then further propagate the virus. Although many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Characteristics
Characteristics -
| File Property | Property Value |
|---|---|
| FileName | back.exe |
| McAfee Detection | W32/Nuwar@MM |
| Length | 83,968 bytes |
| CRC | B0FE1D7B |
| MD5 | 2A3014C67EAC20B41C4C8FF6E6536A64 |
| SHA1 | E7C832415F12383F5C0E04E25639C6BC5C610530 |
Other Common Detection Aliases
| Company Name | Detection Name |
|---|---|
| avast | Win32:Zbot-ALS [Trj] |
| AVG (GriSoft) | i-worm/nuwar.w |
| BitDefender | Dropped:Trojan.Peed.JQV |
| Dr.Web | Trojan.Packed.607 |
| eSafe (Alladin) | Suspicious File [100] |
| Eset | a variant of Win32/Nuwar.DH |
| F-Prot | W32/Zhelatin.Q.gen!Eldorado |
| Kaspersky | Email-Worm.Win32.Zhelatin.agg |
| microsoft | backdoor:win32/nuwar.a |
| norman | W32/Tibs.gen227 |
| rising | Worm.Mail.Win32.Zhelatin.agg |
| Sophos | Troj/BdoorB-Fam |
| Symantec | Trojan.Peacomm |
| Trend Micro | TROJ_NUWAR.DDJ |
| V-Buster | Worm.DR.Zhelatin.Gen!Pac.13 |
Avert® Labs has observed the following system activities:
| Activity | Risk Level |
|---|---|
| Modifies memory of other processes | Critical |
| Enumerates running processes | Medium |
| Writes executable in the windows folder | Low |
| Creates registry keys and data values to persist on OS reboot | Informational |
Other detections that have been observed.
| FileName | McAfee Supported |
|---|---|
| %WINDIR%\neos.exe | W32/Nuwar@MM |
This sample can be identified by the following symptoms.
System Changes
These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files
The following files have been added to the system:
The following registry elements have been changed:
- neos = c:\windows\neos.exe
Symptoms
Symptoms -
This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.
Method of Infection
Method of Infection -
Viruses are self-replicating. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.
Removal -
Removal -
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
