« Trojan.Ffsearch
SystemCop »

Nortel Antivirus

No Comments
ZulaZuza By ZulaZuza in Rogue Anti-Spyware Program | 19 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading ... Loading ...
Translate To:     Español  |   Português

Nortel Antivirus Description

 
 
Image Screenshot
[+] Click Image to Enlarge
 
 

Nortel Antivirus is a rogue anti-spyware application that utilizes fraudulent scare tactics in order to intimidate users into purchasing the malicious software. Nortel Antivirus displays fictitious and sometimes grossly exaggerated infection results, along with false security scan results and fake security alerts, in order to trick users into purchasing and downloading this fake spyware remover.

Type: Rogue AntiSpyware Programs

How Can You Detect Nortel Antivirus?

 
 

Download SpyHunter’s Detection Scanner
to Detect Nortel Antivirus.

 
 

Nortel Antivirus Technical Report

As new Nortel Antivirus details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following Nortel Antivirus files with its MD5s were created in the system:

File Name File Size MD5
nslp.exe 829440 18f84c7531f3ee865ce0ccd6333e89df
Nortel[1].exe 1020076 747319118d1de9dff203f826b9181b7e
WPtect.dll 129024 8b380b271bc3f806f56e4f27748b49a1
nsrx.exe 833536 0864f154d2e8f4db0752ec4434ce2458
mrgdll.exe 90959 515531ac4cbf85b5e35cb3e26b3d7fbb
nsrx.exe 833536 25c4badacbf7053d4d0a522530028497

Nortel Antivirus has typically the following processes in memory:

  • C:\Documents and Settings\All Users\Application Data\nol\wox.exe
  • C:\ProgramData\nol\wox.exe
  • C:\ProgramData\nol\mrgdll.exe
  • %UserProfile%\Application Data\nol\mrgdll.exe

Nortel Antivirus created the following directories, files, paths:

  • %AllUsersProfile%\Start Menu\Programs\ Nortel

Nortel Antivirus creates the following registry entries:

  • HKEY_CURRENT_USER\Software\wox
  • wox\nslp\ACA3478F-0987-B7C6-87C5-487EF32438E0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”[RANDOM NAME]” = “C:\ProgramData\nol\mrgdll.exe”
  • GAV\GAV\A572C931-FFEA-4f70-B0D4-AC5432C425E0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”[RANDOM NAME]” = “C:\ProgramData\nol\wox.exe”
  • 60F9F4AF-E03D-4784-8D3A-95F5AFF5E9EA

Important Article Disclaimer

ESG Support Center

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Furl
  • StumbleUpon
  • Technorati
  • YahooMyWeb
This entry was posted on 09/2/09 and is filed under Rogue Anti-Spyware Program. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Popular Malware

Track Malware Around the World

Recommended Products

Featured Videos

Poll

How much money have you spent trying to rid your PC of spyware?
View Results

Recent Articles

Top FAQs

Follow Us on Twitter

Archives

Home Sitemap RSS Feed Privacy Policy End User License Agreement Additional Terms and Conditions
Copyright 2003-2010. Enigma Software Group USA, LLC. All Rights Reserved.