nstrue.exe - Dangerous

nstrue.exe

Manual removal instructions:

Antivirus Report of nstrue.exe:
nstrue.exe Malware
nstrue.exeDangerous
nstrue.exeHigh Risk
nstrue.exe
W32.Randex.Z is a network-aware worm that attempts to connect to a predetermined IRC server to receive instructions from its author.
Allows unauthorized execution of remote commands:
- ntscan: Performs the scan of a specific computer with weak administrator passwords and copies itself to these computers.
- cdkey: Collects CD keys of many popular games and sends them to the IRC channel.
- sysinfo: Retrieves the infected computer's information, such as CPU speed, memory, and so on.

Copies itself as the file, %System%\nstrue.exe.
Calculates a random IP address for a computer that it will try to infect.

Copies itself to shares that have weak passwords, as:
\\\C$\WINNT\SYSTEM32\mqfncv.exe
Schedules a Network Job to run the worm.

Adds the value:
"Pofatch"="nstrue.exe"
to the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
that's why the worm runs when you start Windows.

Use RegRun Startup Optimizer to remove it from startup.

Remove nstrue.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.