nvcpl.exe - Dangerous

%sysdir%\nvcpl.exe

Manual removal instructions:

Antivirus Report of %sysdir%\nvcpl.exe:
%sysdir%\nvcpl.exe Malware
%sysdir%\nvcpl.exeDangerous
%sysdir%\nvcpl.exeHigh Risk
%sysdir%\nvcpl.exe
Worm W32.Yanz.B@mm
It is a mass-mailing worm that uses its own SMTP engine for spreading.
1. Adds to Windows startup.
It masks to NVIDIA control panel application NvCpl.exe.
2. Creates the files
%System%\Dong_Shi.exe
%System%\NvCpl.EXE
C:\Yanzi.htm
%Windir%\Sun_YanZI.zip (a zip file that contains a file Sun_Yan_Zi-Shen_Q1.mp3.pif - it is a copy of the worm)
%System%\Huai_Tian_Q1.sys ( an MIME-encoded zip file that contains a file Sun_Yan_Zi-Shen_Q1.mp3.pif - it is a copy of the worm)
%System%\I_am_Sun_Yanzi.sys. (an MIME-encoded worm)
YanZi.vbs. (this file is created in the current folder and it creates the file sun.exe)
When the file sun.exe runs, it creates three .jpg files under %Temp% folder. The file names have "SuN" as prefix.
One of these files is a Trojan that exploits the Microsoft GDI+ Library JPEG Segment Length Integer Underflow vulnerability (described in the Microsoft Security Bulletin MS04-028) to download and execute a file named m00.exe, from the domain sunyanzi.fastmail.cn. This file is also a Trojan.

Remove nvcpl.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.