W32.Nokpuda@mm
W32.Nokpuda@mm is a mass-mailing worm that collects email addresses from the affected computer. W32.Nokpuda@mm tries to propagate and copy itself across the infected computer without your knowledge. Once there is a file-sharing network or the network share is not protected, W32.Nokpuda@mm will take advantage of these situations and corrupt the remote computers. W32.Nokpuda@mm can steal confidential data and enable a remote hacker obtain control of the computer using a backdoor port. W32.Nokpuda@mm should be removed from a compromised PC system upon detection.
File System Details
W32.Nokpuda@mm may create the following file(s):
# | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|
1. | %Windir%\wscntfy.exe | |
2. | %Windir%\Help\Temp.exe |
Registry Details
W32.Nokpuda@mm may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"SystemRegistryRepair" = "%Windir%\Help\temp.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"DesktopSecurityGuard" = "%Windir%\wscntfy.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\"ModRiskFileTypes" = ".doc;.pdf;.xls;.exe;.kno"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ActiveErrorLog\"StubPath" = "%Windir%\Help\temp.exe Restart"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\"LowRiskFileTypes" = ".exe;.chm;.kno"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"%Windir%\wscntfy.exe" = "%Windir%\wscntfy.exe:*:Enabled:Windows Time Sync"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"%CurrentFolder%\[ORIGINALLY EXECUTED FILE]" = "%CurrentFolder%\[ORIGINALLY EXECUTED FILE]:*:Enabled:Windows Time Sync"
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.