W32/Trojan2.NOXC
W32/Trojan2.NOXC is a dangerous Trojan infection, which uses a Windows flaw that allows for components to load external libraries in a certain way. W32/Trojan2.NOXC adds a malicious DLL file named "deskpan.dll" in a folder together with a document. W32/Trojan2.NOXC uses the legitimate .rtf and .txt files to initiate the attack. Once the .txt or .rtf file was executed, the malicious library occurred. In order to run the infected "deskpan.dll" file, it has to be located inside the directory's folder named "[any characters]. {42071714-76D4-11D1-8B24-00A0C9068FF3}". Remove W32/Trojan2.NOXC immediately after detection.
Table of Contents
SpyHunter Detects & Remove W32/Trojan2.NOXC
File System Details
W32/Trojan2.NOXC may create the following file(s):
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | deskpan.dll | ||
| 2. | %UserProfile%\LocalSettings\cisvc.exe | ||
| 3. | %UserProfile%\Local Settings\UPS.exe | ||
| 4. | file.dll | 183230563ca44a5e26cd9d319915f856 | 0 |
Registry Details
W32/Trojan2.NOXC may create the following registry entry or registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run UPS = "%UserProfile%\Local Settings\UPS.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Cisvc = "%UserProfile%\Local Settings\cisvc.exe"
