Home Malware Programs Trojans Win32/Nuqel.E

Win32/Nuqel.E

Posted: June 8, 2009

The Win32/Nuqel.E infection is a worm known to target Windows systems from 2K on up, and may disable important utility programs like the Control Panel. On the other hand, Win32/Nuqel.E is also used as a fake alert by known rogue anti-spyware products, so don't jump to conclusions the instant you see Win32/Nuqel.E detected on your system! Ultimately, either result does mean that your computer is infected, albeit not necessarily by Win32/Nuqel.E. Not deleting Win32/Nuqel.E or the rogue anti-virus program that caused the Win32/Nuqel.E alert will result in a computer that could be called severely dysfunctional at best, so don't hold back on removing that malware.

Win32/Nuqel.E is a Message-Friendly Danger

As a worm, Win32/Nuqel.E may be capable of distributing itself through Autorun exploits involving network-shared folders and removable hard drive devices. What's confirmed is that Win32/Nuqel.E can gather your contacts from Yahoo Instant Messenger and then spam those contacts with messages containing copies of itself. Keeping your Yahoo-based contacts aware of any potential infection is the first thing you should do to keep Win32/Nuqel.E from spreading to other systems.

Win32/Nuqel.E can sneak onto Windows 9X, 2K, XP, Vista and even the newer Windows 7 operating system. Win32/Nuqel.E is also detected by the names of W32/YahLover.worm, Worm:Win32/Sohanad.F, WORM_IMAUT.E, W32.Imaut.N and Troj/Tiotua-D.

The foremost threat from a genuine Win32/Nuqel.E infection is without a doubt its program-interrupting functions. Win32/Nuqel.E has been caught shutting down everything from Control Panel and Task Manager to Folder Options and the Registry Editor. All of these are necessary to maintain your computer in a healthy state, which turns Win32/Nuqel.E into a non-negligible threat.

Win32/Nuqel.E's Favorite Scapegoat

There's another side to Win32/Nuqel.E, though, and that's its life as a false positive detection. Known rogue anti-virus products like Spyware Protect 2009 and Antivirus System PRO will use false Win32/Nuqel.E detections to encourage the user into performing self-destructive acts. Some common text used in these alerts is as follows:

“Spyware Protect 2009 alert. INFILTRATION ALERT. Your computer is being attacked by an Internet Virus. It could be a password-stealing attack, a Trojan-dropper or similar. DETAILS. Attack from: 84.154.14.114, port 34940. Attacked port: 50507. Threat: Win32/Nuqel.E. Do you want to block this attack?”

Rogue products that falsely detect Win32/Nuqel.E and other nonexistent infection incidents are responsible for a variety of system attacks. Primary attack methods tend to consist of more false alerts, misleading scanning results, browser hijacks and disabled security programs.

Regardless of which problem you're dealing with, the real Win32/Nuqel.E or an imposter, a Win32/Nuqel.E detection is always trouble. You should respond in the same way in either case, with a swift Safe Mode reboot and appropriate use of real anti-malware programs.

Aliases

Win32 Nuqel.e

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %WINDOWS%\sysguard.exe
    2 %WINDOWS%\system32\iehelper.dll

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\AvScanHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "system tool"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}

Related Posts

6 Comments

  • andrew says:

    all of these "solutions" i find online instruct you to use the task manager etc. am i the only one that can't use the task manager or anything else because of this virus?

  • leroy says:

    GUYS.TAKE IT FROM ME. I REMOVED THIS SOFTWARE IN 2 MINUTES.WELL AT LEAST I BOUGHT MYSELF TIME TO RECOVER THE FILES AS IT WOULD NOT ALLOW AN EXTERNAL SOURCE TO BE DETECTED. SO WHAT I DID IS I JUST RESTARTED IN SAFE MODE AND RESTORED THE CHECKPOINT TO AN EARLIER DATE. BUT I WILL SURELY FORMAT MY PC AFTER I COPY MY FILES.

  • john says:

    i am a computer novice so foregive me if this is drawn out, i got rid of win32/nuqel.e by starting computer wth f8 key pressed which put me in safe mode, i then selected \'safe mode with networking\' after windows started i chose \'restore\' then \'restore settings\', i highlighted a drive and switched off restore, ignored all warnings and restored to an earlier date, my compter then ran OK, I then went to \'restore settings and removed tick then RESTORED TO TODAYS DATE. regards john

  • lemon says:

    This rogue antivirus program will cut any attempt at opening task manger short. Here is a good fix that proved to work. As soon as your computer starts, you have about ten seconds before AV Security Suite loads up. You can use this time split in the following way: quickly go to ‘Start’, choose ‘Run’ and type in ‘msconfig’. After this, you should see a new window pop up. It’s the system configuration GUI; you must hit ‘Startup’ tab there and untick the process ending in ‘tssd’ in there. Then, you should quickly save all the changes you have made and restart your computer. Now, AV Security Suite executable should not get triggered upon startup but the rogue program is still there.

    If ‘tssd’ is not in the list, untick anything that is unknown or has a suspicious name. When you restart AV Security Suite will not open. From there you need to remove all files, registry keys, etc.. related to AV Security Suite.

  • Terry Rodgers says:

    None of these solutions worked. Or better yet I have all the symptons, but none of the suggestions existed. The virus only existed on my profile so I logged in as local adminstrator and deleted my profile. All fixed.

  • Clayton Tacata says:

    THANK YOU SO MUCH IT ACTUALLY WORKS !

Loading...