Nortel Antivirus Description

[+] Click Image to Enlarge

• 
• 
• 
• 
• 
• 
• 
• 

Nortel Antivirus is a rogue anti-spyware application that utilizes fraudulent scare tactics in order to intimidate users into purchasing the malicious software. Nortel Antivirus displays fictitious and sometimes grossly exaggerated infection results, along with false security scan results and fake security alerts, in order to trick users into purchasing and downloading this fake spyware remover.

Type: Rogue AntiSpyware Programs

How Can You Detect Nortel Antivirus?

Nortel Antivirus Technical Report

As new Nortel Antivirus details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following Nortel Antivirus files with its MD5s were created in the system:

Nortel Antivirus Removal Details

Nortel Antivirus has typically the following processes in memory:

• C:\Documents and Settings\All Users\Application Data\nol\wox.exe
• C:\ProgramData\nol\wox.exe
• C:\ProgramData\nol\mrgdll.exe
• %UserProfile%\Application Data\nol\mrgdll.exe

Nortel Antivirus creates the following files in the system:

• Nortel .lnk

Nortel Antivirus created the following directories, files, paths:

• %AllUsersProfile%\Start Menu\Programs\ Nortel

Nortel Antivirus creates the following registry entries:

• HKEY_CURRENT_USER\Software\wox
• wox\nslp\ACA3478F-0987-B7C6-87C5-487EF32438E0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”[RANDOM NAME]” = “C:\ProgramData\nol\mrgdll.exe”
• GAV\GAV\A572C931-FFEA-4f70-B0D4-AC5432C425E0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”[RANDOM NAME]” = “C:\ProgramData\nol\wox.exe”
• 60F9F4AF-E03D-4784-8D3A-95F5AFF5E9EA

Important Article Disclaimer