PTCH_NOPLE.SM
March 09, 2016
PLATFORM:
Windows
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
INFORMATION EXPOSURE:
Threat Type: File infector
Destructiveness: No
Encrypted: No
In the wild: Yes
TECHNICAL DETAILS
File Size:
Varies
Memory Resident:
No
NOTES:
This malware overwrites the file %System%\dnsapi.dll:
Instead of accessing the legitimate HOSTS file, which is usually in %System%\drivers\etc, it redirects to the dropped file of TROJ_NOPLE.A %System%\{random}\{random}\{random}.dat. This dropped file contains redirections when legitimate sites are accessed
SOLUTION
Minimum Scan Engine:
9.800
FIRST VSAPI PATTERN FILE:
12.114.02
FIRST VSAPI PATTERN DATE:
27 Oct 2015
VSAPI OPR PATTERN File:
12.115.00
VSAPI OPR PATTERN Date:
27 Oct 2015
Scan your computer with your Trend Micro product to delete files detected as PTCH_NOPLE.SM. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
Did this description help? Tell us how we did.