ALIASES:

Worm:Win32/Mytob.RR (Microsoft); W32/Mydoom.gen@MM (McAfee); W32.Mytob@mm (Symantec); P2P-Worm.Win32.Agent.ez (Kaspersky); Trojan.Win32.Generic!BT (Sunbelt); Win32.Worm.Mytob.DBF (FSecure)

 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Worm

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

  TECHNICAL DETAILS

File Size: 99,328 bytes
File Type: EXE
Memory Resident: Yes
Initial Samples Received Date: 09 Jul 2012

Arrival Details

This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Installation

This worm drops the following copies of itself into the affected system:

  • %System%\nwbkgw.exe
  • %System Root%\program files\kazaa\my shared folder\Windows 2003 Advanced Server KeyGen.exe
  • %System Root%\program files\kazaa\my shared folder\Youtube Music Downloader 1.0.exe
  • %System Root%\program files\kazaa\my shared folder\ProRat 2.0 Special Edition.exe
  • %System Root%\program files\kazaa\my shared folder\Password Cracker.exe
  • %System Root%\program files\kazaa\my shared folder\Adobe Acrobat Reader keygen.exe
  • %System Root%\program files\kazaa\my shared folder\VmWare keygen.exe
  • %System Root%\program files\kazaa\my shared folder\VmWare ESX GSX server keygen.exe
  • %System Root%\program files\kazaa\my shared folder\TCN ISO cable modem hacking tools.exe
  • %System Root%\program files\kazaa\my shared folder\TCN ISO SigmaX2 firmware.bin.exe
  • %System Root%\program files\kazaa\my shared folder\VMware Workstation 6 Windows keygen.exe
  • %System Root%\program files\kazaa\my shared folder\BitDefender AntiVirus 2008 Keygen.exe
  • %System Root%\program files\kazaa\my shared folder\Norton Anti-Virus 2008 Enterprise Crack.exe
  • %System Root%\program files\kazaa\my shared folder\Error Doctor 2008.exe
  • %System Root%\program files\kazaa\my shared folder\Acker DVD Ripper 2008.exe
  • %System Root%\program files\kazaa\my shared folder\Mirc Keygen.exe
  • %System Root%\program files\kazaa\my shared folder\PC Secuity Tweaker 7.6.exe
  • %System Root%\program files\kazaa\my shared folder\Ashampoo PowerUp v3.10.exe
  • %System Root%\program files\kazaa\my shared folder\SuperRam 5.1.28.2008.exe
  • %System Root%\program files\kazaa\my shared folder\YZdock Machintos osX like toolbar for windows.exe
  • %System Root%\program files\kazaa\my shared folder\Anti-Trojan Elite v4.01.exe
  • %System Root%\program files\kazaa\my shared folder\Microsoft Visual C++ KeyGen.exe
  • %System Root%\program files\kazaa\my shared folder\Microsoft Visual Basic KeyGen.exe
  • %System Root%\program files\kazaa\my shared folder\Microsoft Visual Studio KeyGen.exe
  • %System Root%\program files\kazaa\my shared folder\Absolute Video Converter 3.07.exe
  • %System Root%\program files\kazaa\my shared folder\Daemon Tools Pro 4.10.218.0.exe
  • %System Root%\program files\kazaa\my shared folder\Download Boost 2.0.exe
  • %System Root%\program files\kazaa\my shared folder\AOL Password Cracker.exe
  • %System Root%\program files\kazaa\my shared folder\Adobe Soundbooth CS3.exe
  • %System Root%\program files\kazaa\my shared folder\CleanMyPC Registry Cleaner v4.02.exe
  • %System Root%\program files\kazaa\my shared folder\Super Utilities Pro 2008 8.0.1980.exe
  • %System Root%\program files\kazaa\my shared folder\Boilsoft DVD Ripper 2.82.exe
  • %System Root%\program files\kazaa\my shared folder\DivX 5.0 Pro KeyGen.exe
  • %System Root%\program files\kazaa\my shared folder\Shadow Security Scanner 10 Gold.exe
  • %System Root%\program files\kazaa\my shared folder\Email Spider.exe
  • %System Root%\program files\kazaa\my shared folder\Tarantula Full version CRACKED by RaZoR.exe
  • %System Root%\program files\kazaa\my shared folder\Canvas Security Framework 2008 LiMiTeD with 50 0day.exe
  • %System Root%\program files\kazaa\my shared folder\Sophos antivirus updater bypass.exe
  • %System Root%\program files\kazaa\my shared folder\Icepack IDT Gold edition 2008 LEAKED.exe
  • %System Root%\program files\kazaa\my shared folder\Hotmail account bruteforcer bot.exe
  • %System Root%\program files\kazaa\my shared folder\Hotmail spammer bot.exe
  • %System Root%\program files\kazaa\my shared folder\Wow Glider incl serial.SFX.exe
  • %System Root%\program files\kazaa\my shared folder\Google ADsense clicking bot.SFX.exe
  • %System Root%\program files\kazaa lite\my shared folder\Windows 2003 Advanced Server KeyGen.exe
  • %System Root%\program files\kazaa lite\my shared folder\Youtube Music Downloader 1.0.exe
  • %System Root%\program files\kazaa lite\my shared folder\ProRat 2.0 Special Edition.exe
  • %System Root%\program files\kazaa lite\my shared folder\Password Cracker.exe
  • %System Root%\program files\kazaa lite\my shared folder\Adobe Acrobat Reader keygen.exe
  • %System Root%\program files\kazaa lite\my shared folder\VmWare keygen.exe
  • %System Root%\program files\kazaa lite\my shared folder\VmWare ESX GSX server keygen.exe
  • %System Root%\program files\kazaa lite\my shared folder\TCN ISO cable modem hacking tools.exe
  • %System Root%\program files\kazaa lite\my shared folder\TCN ISO SigmaX2 firmware.bin.exe
  • %System Root%\program files\kazaa lite\my shared folder\VMware Workstation 6 Windows keygen.exe
  • %System Root%\program files\kazaa lite\my shared folder\BitDefender AntiVirus 2008 Keygen.exe
  • %System Root%\program files\kazaa lite\my shared folder\Norton Anti-Virus 2008 Enterprise Crack.exe
  • %System Root%\program files\kazaa lite\my shared folder\Error Doctor 2008.exe
  • %System Root%\program files\kazaa lite\my shared folder\Acker DVD Ripper 2008.exe
  • %System%\taskmon.exe
  • %System Root%\program files\kazaa lite\my shared folder\Mirc Keygen.exe
  • %System Root%\program files\kazaa lite\my shared folder\PC Secuity Tweaker 7.6.exe
  • %System Root%\program files\kazaa lite\my shared folder\Ashampoo PowerUp v3.10.exe
  • %System Root%\program files\kazaa lite\my shared folder\SuperRam 5.1.28.2008.exe
  • %System Root%\program files\kazaa lite\my shared folder\YZdock Machintos osX like toolbar for windows.exe
  • %System Root%\program files\kazaa lite\my shared folder\Anti-Trojan Elite v4.01.exe
  • %System Root%\program files\kazaa lite\my shared folder\Microsoft Visual C++ KeyGen.exe
  • %System Root%\program files\kazaa lite\my shared folder\Microsoft Visual Basic KeyGen.exe
  • %System Root%\program files\kazaa lite\my shared folder\Microsoft Visual Studio KeyGen.exe
  • %System Root%\program files\kazaa lite\my shared folder\Absolute Video Converter 3.07.exe
  • %System Root%\program files\kazaa lite\my shared folder\Daemon Tools Pro 4.10.218.0.exe
  • %System Root%\program files\kazaa lite\my shared folder\Download Boost 2.0.exe
  • %System Root%\program files\kazaa lite\my shared folder\AOL Password Cracker.exe
  • %System Root%\program files\kazaa lite\my shared folder\Adobe Soundbooth CS3.exe
  • %System Root%\program files\kazaa lite\my shared folder\CleanMyPC Registry Cleaner v4.02.exe
  • %System Root%\program files\kazaa lite\my shared folder\Super Utilities Pro 2008 8.0.1980.exe
  • %System Root%\program files\kazaa lite\my shared folder\Boilsoft DVD Ripper 2.82.exe
  • %System Root%\program files\kazaa lite\my shared folder\DivX 5.0 Pro KeyGen.exe
  • %System Root%\program files\kazaa lite\my shared folder\Shadow Security Scanner 10 Gold.exe
  • %System Root%\program files\kazaa lite\my shared folder\Email Spider.exe
  • %System Root%\program files\kazaa lite\my shared folder\Tarantula Full version CRACKED by RaZoR.exe
  • %System Root%\program files\kazaa lite\my shared folder\Canvas Security Framework 2008 LiMiTeD with 50 0day.exe
  • %System Root%\program files\kazaa lite\my shared folder\Sophos antivirus updater bypass.exe
  • %System Root%\program files\kazaa lite\my shared folder\Icepack IDT Gold edition 2008 LEAKED.exe
  • %System Root%\program files\kazaa lite\my shared folder\Hotmail account bruteforcer bot.exe
  • %System Root%\program files\kazaa lite\my shared folder\Hotmail spammer bot.exe
  • %System Root%\program files\kazaa lite\my shared folder\Wow Glider incl serial.SFX.exe
  • %System Root%\program files\kazaa lite\my shared folder\Google ADsense clicking bot.SFX.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Windows 2003 Advanced Server KeyGen.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Youtube Music Downloader 1.0.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\ProRat 2.0 Special Edition.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Password Cracker.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Adobe Acrobat Reader keygen.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\VmWare keygen.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\VmWare ESX GSX server keygen.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\TCN ISO cable modem hacking tools.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\TCN ISO SigmaX2 firmware.bin.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\VMware Workstation 6 Windows keygen.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\BitDefender AntiVirus 2008 Keygen.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Norton Anti-Virus 2008 Enterprise Crack.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Error Doctor 2008.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Acker DVD Ripper 2008.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Mirc Keygen.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\PC Secuity Tweaker 7.6.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Ashampoo PowerUp v3.10.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\SuperRam 5.1.28.2008.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\YZdock Machintos osX like toolbar for windows.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Anti-Trojan Elite v4.01.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Microsoft Visual C++ KeyGen.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Microsoft Visual Basic KeyGen.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Microsoft Visual Studio KeyGen.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Absolute Video Converter 3.07.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Daemon Tools Pro 4.10.218.0.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Download Boost 2.0.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\AOL Password Cracker.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Adobe Soundbooth CS3.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\CleanMyPC Registry Cleaner v4.02.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Super Utilities Pro 2008 8.0.1980.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Boilsoft DVD Ripper 2.82.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\DivX 5.0 Pro KeyGen.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Shadow Security Scanner 10 Gold.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Email Spider.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Tarantula Full version CRACKED by RaZoR.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Canvas Security Framework 2008 LiMiTeD with 50 0day.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Sophos antivirus updater bypass.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Icepack IDT Gold edition 2008 LEAKED.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Hotmail account bruteforcer bot.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Hotmail spammer bot.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Wow Glider incl serial.SFX.exe
  • %System Root%\program files\kazaa lite k++\my shared folder\Google ADsense clicking bot.SFX.exe
  • %System Root%\program files\icq\shared folder\Windows 2003 Advanced Server KeyGen.exe
  • %System Root%\program files\icq\shared folder\Youtube Music Downloader 1.0.exe
  • %System Root%\program files\icq\shared folder\ProRat 2.0 Special Edition.exe
  • %System Root%\program files\icq\shared folder\Password Cracker.exe
  • %System Root%\program files\icq\shared folder\Adobe Acrobat Reader keygen.exe
  • %System Root%\program files\icq\shared folder\VmWare keygen.exe
  • %System Root%\program files\icq\shared folder\VmWare ESX GSX server keygen.exe
  • %System Root%\program files\icq\shared folder\TCN ISO cable modem hacking tools.exe
  • %System Root%\program files\icq\shared folder\TCN ISO SigmaX2 firmware.bin.exe
  • %System Root%\program files\icq\shared folder\VMware Workstation 6 Windows keygen.exe
  • %System Root%\program files\icq\shared folder\BitDefender AntiVirus 2008 Keygen.exe
  • %System Root%\program files\icq\shared folder\Norton Anti-Virus 2008 Enterprise Crack.exe
  • %System Root%\program files\icq\shared folder\Error Doctor 2008.exe
  • %System Root%\program files\icq\shared folder\Acker DVD Ripper 2008.exe
  • %System Root%\program files\icq\shared folder\Mirc Keygen.exe
  • %System Root%\program files\icq\shared folder\PC Secuity Tweaker 7.6.exe
  • %System Root%\program files\icq\shared folder\Ashampoo PowerUp v3.10.exe
  • %System Root%\program files\icq\shared folder\SuperRam 5.1.28.2008.exe
  • %System Root%\program files\icq\shared folder\YZdock Machintos osX like toolbar for windows.exe
  • %System Root%\program files\icq\shared folder\Anti-Trojan Elite v4.01.exe
  • %System Root%\program files\icq\shared folder\Microsoft Visual C++ KeyGen.exe
  • %System Root%\program files\icq\shared folder\Microsoft Visual Basic KeyGen.exe
  • %System Root%\program files\icq\shared folder\Microsoft Visual Studio KeyGen.exe
  • %System Root%\program files\icq\shared folder\Absolute Video Converter 3.07.exe
  • %System Root%\program files\icq\shared folder\Daemon Tools Pro 4.10.218.0.exe
  • %System Root%\program files\icq\shared folder\Download Boost 2.0.exe
  • %System Root%\program files\icq\shared folder\AOL Password Cracker.exe
  • %System Root%\program files\icq\shared folder\Adobe Soundbooth CS3.exe
  • %System Root%\program files\icq\shared folder\CleanMyPC Registry Cleaner v4.02.exe
  • %System Root%\program files\icq\shared folder\Super Utilities Pro 2008 8.0.1980.exe
  • %System Root%\program files\icq\shared folder\Boilsoft DVD Ripper 2.82.exe
  • %System Root%\program files\icq\shared folder\DivX 5.0 Pro KeyGen.exe
  • %System Root%\program files\icq\shared folder\Shadow Security Scanner 10 Gold.exe
  • %System Root%\program files\icq\shared folder\Email Spider.exe
  • %System Root%\program files\icq\shared folder\Tarantula Full version CRACKED by RaZoR.exe
  • %System Root%\program files\icq\shared folder\Canvas Security Framework 2008 LiMiTeD with 50 0day.exe
  • %System Root%\program files\icq\shared folder\Sophos antivirus updater bypass.exe
  • %System Root%\program files\icq\shared folder\Icepack IDT Gold edition 2008 LEAKED.exe
  • %System Root%\program files\icq\shared folder\Hotmail account bruteforcer bot.exe
  • %System Root%\program files\icq\shared folder\Hotmail spammer bot.exe
  • %System Root%\program files\icq\shared folder\Wow Glider incl serial.SFX.exe
  • %System Root%\program files\icq\shared folder\Google ADsense clicking bot.SFX.exe
  • %System Root%\program files\grokster\my grokster\Windows 2003 Advanced Server KeyGen.exe
  • %System Root%\program files\grokster\my grokster\Youtube Music Downloader 1.0.exe
  • %System Root%\program files\grokster\my grokster\ProRat 2.0 Special Edition.exe
  • %System Root%\program files\grokster\my grokster\Password Cracker.exe
  • %System Root%\program files\grokster\my grokster\Adobe Acrobat Reader keygen.exe
  • %System Root%\program files\grokster\my grokster\VmWare keygen.exe
  • %System Root%\program files\grokster\my grokster\VmWare ESX GSX server keygen.exe
  • %System Root%\program files\grokster\my grokster\TCN ISO cable modem hacking tools.exe
  • %System Root%\program files\grokster\my grokster\TCN ISO SigmaX2 firmware.bin.exe
  • %System Root%\program files\grokster\my grokster\VMware Workstation 6 Windows keygen.exe
  • %System Root%\program files\grokster\my grokster\BitDefender AntiVirus 2008 Keygen.exe
  • %System Root%\program files\grokster\my grokster\Norton Anti-Virus 2008 Enterprise Crack.exe
  • %System Root%\program files\grokster\my grokster\Error Doctor 2008.exe
  • %System Root%\program files\grokster\my grokster\Acker DVD Ripper 2008.exe
  • %System Root%\program files\grokster\my grokster\Mirc Keygen.exe
  • %System Root%\program files\grokster\my grokster\PC Secuity Tweaker 7.6.exe
  • %System Root%\program files\grokster\my grokster\Ashampoo PowerUp v3.10.exe
  • %System Root%\program files\grokster\my grokster\SuperRam 5.1.28.2008.exe
  • %System Root%\program files\grokster\my grokster\YZdock Machintos osX like toolbar for windows.exe
  • %System Root%\program files\grokster\my grokster\Anti-Trojan Elite v4.01.exe
  • %System Root%\program files\grokster\my grokster\Microsoft Visual C++ KeyGen.exe
  • %System Root%\program files\grokster\my grokster\Microsoft Visual Basic KeyGen.exe
  • %System Root%\program files\grokster\my grokster\Microsoft Visual Studio KeyGen.exe
  • %System Root%\program files\grokster\my grokster\Absolute Video Converter 3.07.exe
  • %System Root%\program files\grokster\my grokster\Daemon Tools Pro 4.10.218.0.exe
  • %System Root%\program files\grokster\my grokster\Download Boost 2.0.exe
  • %System Root%\program files\grokster\my grokster\AOL Password Cracker.exe
  • %System Root%\program files\grokster\my grokster\Adobe Soundbooth CS3.exe
  • %System Root%\program files\grokster\my grokster\CleanMyPC Registry Cleaner v4.02.exe
  • %System Root%\program files\grokster\my grokster\Super Utilities Pro 2008 8.0.1980.exe
  • %System Root%\program files\grokster\my grokster\Boilsoft DVD Ripper 2.82.exe
  • %System Root%\program files\grokster\my grokster\DivX 5.0 Pro KeyGen.exe
  • %System Root%\program files\grokster\my grokster\Shadow Security Scanner 10 Gold.exe
  • %System Root%\program files\grokster\my grokster\Email Spider.exe
  • %System Root%\program files\grokster\my grokster\Tarantula Full version CRACKED by RaZoR.exe
  • %System Root%\program files\grokster\my grokster\Canvas Security Framework 2008 LiMiTeD with 50 0day.exe
  • %System Root%\program files\grokster\my grokster\Sophos antivirus updater bypass.exe
  • %System Root%\program files\grokster\my grokster\Icepack IDT Gold edition 2008 LEAKED.exe
  • %System Root%\program files\grokster\my grokster\Hotmail account bruteforcer bot.exe
  • %System Root%\program files\grokster\my grokster\Hotmail spammer bot.exe
  • %System Root%\program files\grokster\my grokster\Wow Glider incl serial.SFX.exe
  • %System Root%\program files\grokster\my grokster\Google ADsense clicking bot.SFX.exe
  • %System Root%\program files\emule\incoming\Windows 2003 Advanced Server KeyGen.exe
  • %System Root%\program files\emule\incoming\Youtube Music Downloader 1.0.exe
  • %System Root%\program files\emule\incoming\ProRat 2.0 Special Edition.exe
  • %System Root%\program files\emule\incoming\Password Cracker.exe
  • %System Root%\program files\emule\incoming\Adobe Acrobat Reader keygen.exe
  • %System Root%\program files\emule\incoming\VmWare keygen.exe
  • %System Root%\program files\emule\incoming\VmWare ESX GSX server keygen.exe
  • %System Root%\program files\emule\incoming\TCN ISO cable modem hacking tools.exe
  • %System Root%\program files\emule\incoming\TCN ISO SigmaX2 firmware.bin.exe
  • %System Root%\program files\emule\incoming\VMware Workstation 6 Windows keygen.exe
  • %System Root%\program files\emule\incoming\BitDefender AntiVirus 2008 Keygen.exe
  • %System Root%\program files\emule\incoming\Norton Anti-Virus 2008 Enterprise Crack.exe
  • %System Root%\program files\emule\incoming\Error Doctor 2008.exe
  • %System Root%\program files\emule\incoming\Acker DVD Ripper 2008.exe
  • %System Root%\program files\emule\incoming\Mirc Keygen.exe
  • %System Root%\program files\emule\incoming\PC Secuity Tweaker 7.6.exe
  • %System Root%\program files\emule\incoming\Ashampoo PowerUp v3.10.exe
  • %System Root%\program files\emule\incoming\SuperRam 5.1.28.2008.exe
  • %System Root%\program files\emule\incoming\YZdock Machintos osX like toolbar for windows.exe
  • %System Root%\program files\emule\incoming\Anti-Trojan Elite v4.01.exe
  • %System Root%\program files\emule\incoming\Microsoft Visual C++ KeyGen.exe
  • %System Root%\program files\emule\incoming\Microsoft Visual Basic KeyGen.exe
  • %System Root%\program files\emule\incoming\Microsoft Visual Studio KeyGen.exe
  • %System Root%\program files\emule\incoming\Absolute Video Converter 3.07.exe
  • %System Root%\program files\emule\incoming\Daemon Tools Pro 4.10.218.0.exe
  • %System Root%\program files\emule\incoming\Download Boost 2.0.exe
  • %System Root%\program files\emule\incoming\AOL Password Cracker.exe
  • %System Root%\program files\emule\incoming\Adobe Soundbooth CS3.exe
  • %System Root%\program files\emule\incoming\CleanMyPC Registry Cleaner v4.02.exe
  • %System Root%\program files\emule\incoming\Super Utilities Pro 2008 8.0.1980.exe
  • %System Root%\program files\emule\incoming\Boilsoft DVD Ripper 2.82.exe
  • %System Root%\program files\emule\incoming\DivX 5.0 Pro KeyGen.exe
  • %System Root%\program files\emule\incoming\Shadow Security Scanner 10 Gold.exe
  • %System Root%\program files\emule\incoming\Email Spider.exe
  • %System Root%\program files\emule\incoming\Tarantula Full version CRACKED by RaZoR.exe
  • %System Root%\program files\emule\incoming\Canvas Security Framework 2008 LiMiTeD with 50 0day.exe
  • %System Root%\program files\emule\incoming\Sophos antivirus updater bypass.exe
  • %System Root%\program files\emule\incoming\Icepack IDT Gold edition 2008 LEAKED.exe
  • %System Root%\program files\emule\incoming\Hotmail account bruteforcer bot.exe
  • %System Root%\program files\emule\incoming\Hotmail spammer bot.exe
  • %System Root%\program files\emule\incoming\Wow Glider incl serial.SFX.exe
  • %System Root%\program files\emule\incoming\Google ADsense clicking bot.SFX.exe
  • %System Root%\program files\morpheus\my shared folder\Windows 2003 Advanced Server KeyGen.exe
  • %System Root%\program files\morpheus\my shared folder\Youtube Music Downloader 1.0.exe
  • %System Root%\program files\morpheus\my shared folder\ProRat 2.0 Special Edition.exe
  • %System Root%\program files\morpheus\my shared folder\Password Cracker.exe
  • %System Root%\program files\morpheus\my shared folder\Adobe Acrobat Reader keygen.exe
  • %System Root%\program files\morpheus\my shared folder\VmWare keygen.exe
  • %System Root%\program files\morpheus\my shared folder\VmWare ESX GSX server keygen.exe
  • %System Root%\program files\morpheus\my shared folder\TCN ISO cable modem hacking tools.exe
  • %System Root%\program files\morpheus\my shared folder\TCN ISO SigmaX2 firmware.bin.exe
  • %System Root%\program files\morpheus\my shared folder\VMware Workstation 6 Windows keygen.exe
  • %System Root%\program files\morpheus\my shared folder\BitDefender AntiVirus 2008 Keygen.exe
  • %System Root%\program files\morpheus\my shared folder\Norton Anti-Virus 2008 Enterprise Crack.exe
  • %System Root%\program files\morpheus\my shared folder\Error Doctor 2008.exe
  • %System Root%\program files\morpheus\my shared folder\Acker DVD Ripper 2008.exe
  • %System Root%\program files\morpheus\my shared folder\Mirc Keygen.exe
  • %System Root%\program files\morpheus\my shared folder\PC Secuity Tweaker 7.6.exe
  • %System Root%\program files\morpheus\my shared folder\Ashampoo PowerUp v3.10.exe
  • %System Root%\program files\morpheus\my shared folder\SuperRam 5.1.28.2008.exe
  • %System Root%\program files\morpheus\my shared folder\YZdock Machintos osX like toolbar for windows.exe
  • %System Root%\program files\morpheus\my shared folder\Anti-Trojan Elite v4.01.exe
  • %System Root%\program files\morpheus\my shared folder\Microsoft Visual C++ KeyGen.exe
  • %System Root%\program files\morpheus\my shared folder\Microsoft Visual Basic KeyGen.exe
  • %System Root%\program files\morpheus\my shared folder\Microsoft Visual Studio KeyGen.exe
  • %System Root%\program files\morpheus\my shared folder\Absolute Video Converter 3.07.exe
  • %System Root%\program files\morpheus\my shared folder\Daemon Tools Pro 4.10.218.0.exe
  • %System Root%\program files\morpheus\my shared folder\Download Boost 2.0.exe
  • %System Root%\program files\morpheus\my shared folder\AOL Password Cracker.exe
  • %System Root%\program files\morpheus\my shared folder\Adobe Soundbooth CS3.exe
  • %System Root%\program files\morpheus\my shared folder\CleanMyPC Registry Cleaner v4.02.exe
  • %System Root%\program files\morpheus\my shared folder\Super Utilities Pro 2008 8.0.1980.exe
  • %System Root%\program files\morpheus\my shared folder\Boilsoft DVD Ripper 2.82.exe
  • %System Root%\program files\morpheus\my shared folder\DivX 5.0 Pro KeyGen.exe
  • %System Root%\program files\morpheus\my shared folder\Shadow Security Scanner 10 Gold.exe
  • %System Root%\program files\morpheus\my shared folder\Email Spider.exe
  • %System Root%\program files\morpheus\my shared folder\Tarantula Full version CRACKED by RaZoR.exe
  • %System Root%\program files\morpheus\my shared folder\Canvas Security Framework 2008 LiMiTeD with 50 0day.exe
  • %System Root%\program files\morpheus\my shared folder\Sophos antivirus updater bypass.exe
  • %System Root%\program files\morpheus\my shared folder\Icepack IDT Gold edition 2008 LEAKED.exe
  • %System Root%\program files\morpheus\my shared folder\Hotmail account bruteforcer bot.exe
  • %System Root%\program files\morpheus\my shared folder\Hotmail spammer bot.exe
  • %System Root%\program files\morpheus\my shared folder\Wow Glider incl serial.SFX.exe
  • %System Root%\program files\morpheus\my shared folder\Google ADsense clicking bot.SFX.exe
  • %System Root%\program files\limewire\shared\Windows 2003 Advanced Server KeyGen.exe
  • %System Root%\program files\limewire\shared\Youtube Music Downloader 1.0.exe
  • %System Root%\program files\limewire\shared\ProRat 2.0 Special Edition.exe
  • %System Root%\program files\limewire\shared\Password Cracker.exe
  • %System Root%\program files\limewire\shared\Adobe Acrobat Reader keygen.exe
  • %System Root%\program files\limewire\shared\VmWare keygen.exe
  • %System Root%\program files\limewire\shared\VmWare ESX GSX server keygen.exe
  • %System Root%\program files\limewire\shared\TCN ISO cable modem hacking tools.exe
  • %System Root%\program files\limewire\shared\TCN ISO SigmaX2 firmware.bin.exe
  • %System Root%\program files\limewire\shared\VMware Workstation 6 Windows keygen.exe
  • %System Root%\program files\limewire\shared\BitDefender AntiVirus 2008 Keygen.exe
  • %System Root%\program files\limewire\shared\Norton Anti-Virus 2008 Enterprise Crack.exe
  • %System Root%\program files\limewire\shared\Error Doctor 2008.exe
  • %System Root%\program files\limewire\shared\Acker DVD Ripper 2008.exe
  • %System Root%\program files\limewire\shared\Mirc Keygen.exe
  • %System Root%\program files\limewire\shared\PC Secuity Tweaker 7.6.exe
  • %System Root%\program files\limewire\shared\Ashampoo PowerUp v3.10.exe
  • %System Root%\program files\limewire\shared\SuperRam 5.1.28.2008.exe
  • %System Root%\program files\limewire\shared\YZdock Machintos osX like toolbar for windows.exe
  • %System Root%\program files\limewire\shared\Anti-Trojan Elite v4.01.exe
  • %System Root%\program files\limewire\shared\Microsoft Visual C++ KeyGen.exe
  • %System Root%\program files\limewire\shared\Microsoft Visual Basic KeyGen.exe
  • %System Root%\program files\limewire\shared\Microsoft Visual Studio KeyGen.exe
  • %System Root%\program files\limewire\shared\Absolute Video Converter 3.07.exe
  • %System Root%\program files\limewire\shared\Daemon Tools Pro 4.10.218.0.exe
  • %System Root%\program files\limewire\shared\Download Boost 2.0.exe
  • %System Root%\program files\limewire\shared\AOL Password Cracker.exe
  • %System Root%\program files\limewire\shared\Adobe Soundbooth CS3.exe
  • %System Root%\program files\limewire\shared\CleanMyPC Registry Cleaner v4.02.exe
  • %System Root%\program files\limewire\shared\Super Utilities Pro 2008 8.0.1980.exe
  • %System Root%\program files\limewire\shared\Boilsoft DVD Ripper 2.82.exe
  • %System Root%\program files\limewire\shared\DivX 5.0 Pro KeyGen.exe
  • %System Root%\program files\limewire\shared\Shadow Security Scanner 10 Gold.exe
  • %System Root%\program files\limewire\shared\Email Spider.exe
  • %System Root%\program files\limewire\shared\Tarantula Full version CRACKED by RaZoR.exe
  • %System Root%\program files\limewire\shared\Canvas Security Framework 2008 LiMiTeD with 50 0day.exe
  • %System Root%\program files\limewire\shared\Sophos antivirus updater bypass.exe
  • %System Root%\program files\limewire\shared\Icepack IDT Gold edition 2008 LEAKED.exe
  • %System Root%\program files\limewire\shared\Hotmail account bruteforcer bot.exe
  • %System Root%\program files\limewire\shared\Hotmail spammer bot.exe
  • %System Root%\program files\limewire\shared\Wow Glider incl serial.SFX.exe
  • %System Root%\program files\limewire\shared\Google ADsense clicking bot.SFX.exe
  • %System Root%\program files\tesla\files\Windows 2003 Advanced Server KeyGen.exe
  • %System Root%\program files\tesla\files\Youtube Music Downloader 1.0.exe
  • %System Root%\program files\tesla\files\ProRat 2.0 Special Edition.exe
  • %System Root%\program files\tesla\files\Password Cracker.exe
  • %System Root%\program files\tesla\files\Adobe Acrobat Reader keygen.exe
  • %System Root%\program files\tesla\files\VmWare keygen.exe
  • %System Root%\program files\tesla\files\VmWare ESX GSX server keygen.exe
  • %System Root%\program files\tesla\files\TCN ISO cable modem hacking tools.exe
  • %System Root%\program files\tesla\files\TCN ISO SigmaX2 firmware.bin.exe
  • %System Root%\program files\tesla\files\VMware Workstation 6 Windows keygen.exe
  • %System Root%\program files\tesla\files\BitDefender AntiVirus 2008 Keygen.exe
  • %System Root%\program files\tesla\files\Norton Anti-Virus 2008 Enterprise Crack.exe
  • %System Root%\program files\tesla\files\Error Doctor 2008.exe
  • %System Root%\program files\tesla\files\Acker DVD Ripper 2008.exe
  • %System Root%\program files\tesla\files\Mirc Keygen.exe
  • %System Root%\program files\tesla\files\PC Secuity Tweaker 7.6.exe
  • %System Root%\program files\tesla\files\Ashampoo PowerUp v3.10.exe
  • %System Root%\program files\tesla\files\SuperRam 5.1.28.2008.exe
  • %System Root%\program files\tesla\files\YZdock Machintos osX like toolbar for windows.exe
  • %System Root%\program files\tesla\files\Anti-Trojan Elite v4.01.exe
  • %System Root%\program files\tesla\files\Microsoft Visual C++ KeyGen.exe
  • %System Root%\program files\tesla\files\Microsoft Visual Basic KeyGen.exe
  • %System Root%\program files\tesla\files\Microsoft Visual Studio KeyGen.exe
  • %System Root%\program files\tesla\files\Absolute Video Converter 3.07.exe
  • %System Root%\program files\tesla\files\Daemon Tools Pro 4.10.218.0.exe
  • %System Root%\program files\tesla\files\Download Boost 2.0.exe
  • %System Root%\program files\tesla\files\AOL Password Cracker.exe
  • %System Root%\program files\tesla\files\Adobe Soundbooth CS3.exe
  • %System Root%\program files\tesla\files\CleanMyPC Registry Cleaner v4.02.exe
  • %System Root%\program files\tesla\files\Super Utilities Pro 2008 8.0.1980.exe
  • %System Root%\program files\tesla\files\Boilsoft DVD Ripper 2.82.exe
  • %System Root%\program files\tesla\files\DivX 5.0 Pro KeyGen.exe
  • %System Root%\program files\tesla\files\Shadow Security Scanner 10 Gold.exe
  • %System Root%\program files\tesla\files\Email Spider.exe
  • %System Root%\program files\tesla\files\Tarantula Full version CRACKED by RaZoR.exe
  • %System Root%\program files\tesla\files\Canvas Security Framework 2008 LiMiTeD with 50 0day.exe
  • %System Root%\program files\tesla\files\Sophos antivirus updater bypass.exe
  • %System Root%\program files\tesla\files\Icepack IDT Gold edition 2008 LEAKED.exe
  • %System Root%\program files\tesla\files\Hotmail account bruteforcer bot.exe
  • %System Root%\program files\tesla\files\Hotmail spammer bot.exe
  • %System Root%\program files\tesla\files\Wow Glider incl serial.SFX.exe
  • %System Root%\program files\tesla\files\Google ADsense clicking bot.SFX.exe
  • %System Root%\program files\winmx\shared\Windows 2003 Advanced Server KeyGen.exe
  • %System Root%\program files\winmx\shared\Youtube Music Downloader 1.0.exe
  • %System Root%\program files\winmx\shared\ProRat 2.0 Special Edition.exe
  • %System Root%\program files\winmx\shared\Password Cracker.exe
  • %System Root%\program files\winmx\shared\Adobe Acrobat Reader keygen.exe
  • %System Root%\program files\winmx\shared\VmWare keygen.exe
  • %System Root%\program files\winmx\shared\VmWare ESX GSX server keygen.exe
  • %System Root%\program files\winmx\shared\TCN ISO cable modem hacking tools.exe
  • %System Root%\program files\winmx\shared\TCN ISO SigmaX2 firmware.bin.exe
  • %System Root%\program files\winmx\shared\VMware Workstation 6 Windows keygen.exe
  • %System Root%\program files\winmx\shared\BitDefender AntiVirus 2008 Keygen.exe
  • %System Root%\program files\winmx\shared\Norton Anti-Virus 2008 Enterprise Crack.exe
  • %System Root%\program files\winmx\shared\Error Doctor 2008.exe
  • %System Root%\program files\winmx\shared\Acker DVD Ripper 2008.exe
  • %System Root%\program files\winmx\shared\Mirc Keygen.exe
  • %System Root%\program files\winmx\shared\PC Secuity Tweaker 7.6.exe
  • %System Root%\program files\winmx\shared\Ashampoo PowerUp v3.10.exe
  • %System Root%\program files\winmx\shared\SuperRam 5.1.28.2008.exe
  • %System Root%\program files\winmx\shared\YZdock Machintos osX like toolbar for windows.exe
  • %System Root%\program files\winmx\shared\Anti-Trojan Elite v4.01.exe
  • %System Root%\program files\winmx\shared\Microsoft Visual C++ KeyGen.exe
  • %System Root%\program files\winmx\shared\Microsoft Visual Basic KeyGen.exe
  • %System Root%\program files\winmx\shared\Microsoft Visual Studio KeyGen.exe
  • %System Root%\program files\winmx\shared\Absolute Video Converter 3.07.exe
  • %System Root%\program files\winmx\shared\Daemon Tools Pro 4.10.218.0.exe
  • %System Root%\program files\winmx\shared\Download Boost 2.0.exe
  • %System Root%\program files\winmx\shared\AOL Password Cracker.exe
  • %System Root%\program files\winmx\shared\Adobe Soundbooth CS3.exe
  • %System Root%\program files\winmx\shared\CleanMyPC Registry Cleaner v4.02.exe
  • %System Root%\program files\winmx\shared\Super Utilities Pro 2008 8.0.1980.exe
  • %System Root%\program files\winmx\shared\Boilsoft DVD Ripper 2.82.exe
  • %System Root%\program files\winmx\shared\DivX 5.0 Pro KeyGen.exe
  • %System Root%\program files\winmx\shared\Shadow Security Scanner 10 Gold.exe
  • %System Root%\program files\winmx\shared\Email Spider.exe
  • %System Root%\program files\winmx\shared\Tarantula Full version CRACKED by RaZoR.exe
  • %System Root%\program files\winmx\shared\Canvas Security Framework 2008 LiMiTeD with 50 0day.exe
  • %System Root%\program files\winmx\shared\Sophos antivirus updater bypass.exe
  • %System Root%\program files\winmx\shared\Icepack IDT Gold edition 2008 LEAKED.exe
  • %System Root%\program files\winmx\shared\Hotmail account bruteforcer bot.exe
  • %System Root%\program files\winmx\shared\Hotmail spammer bot.exe
  • %System Root%\program files\winmx\shared\Wow Glider incl serial.SFX.exe
  • %System Root%\program files\winmx\shared\Google ADsense clicking bot.SFX.exe
  • %System Root%\Downloads\Windows 2003 Advanced Server KeyGen.exe
  • %System Root%\Downloads\Youtube Music Downloader 1.0.exe
  • %System Root%\Downloads\ProRat 2.0 Special Edition.exe
  • %System Root%\Downloads\Password Cracker.exe
  • %System Root%\Downloads\Adobe Acrobat Reader keygen.exe
  • %System Root%\Downloads\VmWare keygen.exe
  • %System Root%\Downloads\VmWare ESX GSX server keygen.exe
  • %System Root%\Downloads\TCN ISO cable modem hacking tools.exe
  • %System Root%\Downloads\TCN ISO SigmaX2 firmware.bin.exe
  • %System Root%\Downloads\VMware Workstation 6 Windows keygen.exe
  • %System Root%\Downloads\BitDefender AntiVirus 2008 Keygen.exe
  • %System Root%\Downloads\Norton Anti-Virus 2008 Enterprise Crack.exe
  • %System Root%\Downloads\Error Doctor 2008.exe
  • %System Root%\Downloads\Acker DVD Ripper 2008.exe
  • %System Root%\Downloads\Mirc Keygen.exe
  • %System Root%\Downloads\PC Secuity Tweaker 7.6.exe
  • %System Root%\Downloads\Ashampoo PowerUp v3.10.exe
  • %System Root%\Downloads\SuperRam 5.1.28.2008.exe
  • %System Root%\Downloads\YZdock Machintos osX like toolbar for windows.exe
  • %System Root%\Downloads\Anti-Trojan Elite v4.01.exe
  • %System Root%\Downloads\Microsoft Visual C++ KeyGen.exe
  • %System Root%\Downloads\Microsoft Visual Basic KeyGen.exe
  • %System Root%\Downloads\Microsoft Visual Studio KeyGen.exe
  • %System Root%\Downloads\Absolute Video Converter 3.07.exe
  • %System Root%\Downloads\Daemon Tools Pro 4.10.218.0.exe
  • %System Root%\Downloads\Download Boost 2.0.exe
  • %System Root%\Downloads\AOL Password Cracker.exe
  • %System Root%\Downloads\Adobe Soundbooth CS3.exe
  • %System Root%\Downloads\CleanMyPC Registry Cleaner v4.02.exe
  • %System Root%\Downloads\Super Utilities Pro 2008 8.0.1980.exe
  • %System Root%\Downloads\Boilsoft DVD Ripper 2.82.exe
  • %System Root%\Downloads\DivX 5.0 Pro KeyGen.exe
  • %System Root%\Downloads\Shadow Security Scanner 10 Gold.exe
  • %System Root%\Downloads\Email Spider.exe
  • %System Root%\Downloads\Tarantula Full version CRACKED by RaZoR.exe
  • %System Root%\Downloads\Canvas Security Framework 2008 LiMiTeD with 50 0day.exe
  • %System Root%\Downloads\Sophos antivirus updater bypass.exe
  • %System Root%\Downloads\Icepack IDT Gold edition 2008 LEAKED.exe
  • %System Root%\Downloads\Hotmail account bruteforcer bot.exe
  • %System Root%\Downloads\Hotmail spammer bot.exe
  • %System Root%\Downloads\Wow Glider incl serial.SFX.exe
  • %System Root%\Downloads\Google ADsense clicking bot.SFX.exe

(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.. %System Root% is the root folder, which is usually C:\. It is also where the operating system is located.)

Autostart Technique

This worm adds the following registry entries to enable its automatic execution at every system startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
TaskMon = "%System%\taskmon.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
F-Secure Gatekeeper = "nwbkgw.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\RunServices
F-Secure Gatekeeper = "nwbkgw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
F-Secure Gatekeeper = "nwbkgw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\RunServices
F-Secure Gatekeeper = "nwbkgw.exe"

Other System Modifications

This worm adds the following registry keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Explorer\
ComDlg32\Version

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
ComDlg32\Version

HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\RunServices

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\RunServices

HKEY_CURRENT_USER\Software\Microsoft\
OLE

HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\
Control\Lsa

It adds the following registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Ole
F-Secure Gatekeeper = "nwbkgw.exe"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\Lsa
F-Secure Gatekeeper = "nwbkgw.exe"

HKEY_CURRENT_USER\Software\Microsoft\
OLE
F-Secure Gatekeeper = "nwbkgw.exe"

HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\
Control\Lsa
F-Secure Gatekeeper = "nwbkgw.exe"

Dropping Routine

This worm drops the following files:

  • %System%\taskmon.exe
  • %User Temp%\Message

(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.. %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, XP, and Server 2003.)

This report is generated via an automated analysis system.

  SOLUTION

Minimum Scan Engine: 9.200

Step 1

For Windows XP and Windows Server 2003 users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.

Step 2

Restart in Safe Mode

[ Learn More ]

Step 3

Delete this registry key

[ Learn More ]

Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.

  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32
    • Version
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32
    • Version
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
    • RunServices
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
    • RunServices
  • In HKEY_CURRENT_USER\Software\Microsoft
    • OLE
  • In HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control
    • Lsa

Step 4

Delete this registry value

[ Learn More ]

Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.

  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    • TaskMon = "%System%\taskmon.exe"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    • F-Secure Gatekeeper = "nwbkgw.exe"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    • F-Secure Gatekeeper = "nwbkgw.exe"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • F-Secure Gatekeeper = "nwbkgw.exe"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
    • F-Secure Gatekeeper = "nwbkgw.exe"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
    • F-Secure Gatekeeper = "nwbkgw.exe"
  • In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa
    • F-Secure Gatekeeper = "nwbkgw.exe"
  • In HKEY_CURRENT_USER\Software\Microsoft\OLE
    • F-Secure Gatekeeper = "nwbkgw.exe"
  • In HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa
    • F-Secure Gatekeeper = "nwbkgw.exe"

Step 5

Search and delete these files

[ Learn More ]
There may be some component files that are hidden. Please make sure you check the Search Hidden Files and Folders checkbox in the "More advanced options" option to include all hidden files and folders in the search result.
  • %System%\taskmon.exe
  • %User Temp%\Message

Step 6

Restart in normal mode and scan your computer with your Trend Micro product for files detected as WORM_NUWAR.AXQ. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.


Did this description help? Tell us how we did.