nstrue.exe - Dangerous
nstrue.exe
Manual removal instructions:
Antivirus Report of nstrue.exe:
nstrue.exe
W32.Randex.Z is a network-aware worm that attempts to connect to a predetermined IRC server to receive instructions from its author.
Allows unauthorized execution of remote commands:
- ntscan: Performs the scan of a specific computer with weak administrator passwords and copies itself to these computers.
- cdkey: Collects CD keys of many popular games and sends them to the IRC channel.
- sysinfo: Retrieves the infected computer's information, such as CPU speed, memory, and so on.
Copies itself as the file, %System%\nstrue.exe.
Calculates a random IP address for a computer that it will try to infect.
Copies itself to shares that have weak passwords, as:
\\\C$\WINNT\SYSTEM32\mqfncv.exe
Schedules a Network Job to run the worm.
Adds the value:
"Pofatch"="nstrue.exe"
to the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
that's why the worm runs when you start Windows.
Use RegRun Startup Optimizer to remove it from startup.
| nstrue.exe | Malware |
| nstrue.exe | Dangerous |
| nstrue.exe | High Risk |
Allows unauthorized execution of remote commands:
- ntscan: Performs the scan of a specific computer with weak administrator passwords and copies itself to these computers.
- cdkey: Collects CD keys of many popular games and sends them to the IRC channel.
- sysinfo: Retrieves the infected computer's information, such as CPU speed, memory, and so on.
Copies itself as the file, %System%\nstrue.exe.
Calculates a random IP address for a computer that it will try to infect.
Copies itself to shares that have weak passwords, as:
\\
Schedules a Network Job to run the worm.
Adds the value:
"Pofatch"="nstrue.exe"
to the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
that's why the worm runs when you start Windows.
Use RegRun Startup Optimizer to remove it from startup.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.