Win32/Nuquel.E
Win32/Nuquel.E is a trojan involved in the promotion of the rogue anti-spyware application Spyware Protect 2009. Win32/Nuquel.E is often mentioned in fabricated pop-up warnings displayed by Spyware Protect 2009 scareware in order to make people believe they are being attacked from the outside. It’s worth mentioning that, along with Win32/Nuquel.E trojan, Spyware Protect 2009 often issues bogus security alerts stating you have the parasite called BankerFox.A which is stated to be inside your system to compromise your privacy as well. You need to remember that receiving pop-up messages about Win32/Nuquel.E and BankerFox.A trojans should be a direct excuse for you to check your computer for infections using a trusted remover. The most likely malware you will detect is Spyware Protect 2009, which is probably hiding in the background.
File System Modifications
- The following files were created in the system:
# File Name 1 %WINDOWS%\aazalirt.exe 2 %WINDOWS%\dkekkrkska.exe 3 %WINDOWS%\dkewiizkjdks.exe 4 %WINDOWS%\iddqdops.exe 5 %WINDOWS%\ienotas.exe 6 %WINDOWS%\iqmcnoeqz.exe 7 %WINDOWS%\irprokwks.exe 8 %WINDOWS%\jikglond.exe 9 %WINDOWS%\jiklagka.exe 10 %WINDOWS%\jrjakdsd.exe 11 %WINDOWS%\jungertab.exe 12 %WINDOWS%\kitiiwhaas.exe 13 %WINDOWS%\kkwknrbsggeg.exe 14 %WINDOWS%\klopnidret.exe 15 %WINDOWS%\krkdkdkee.exe 16 %WINDOWS%\krkmahejdk.exe 17 %WINDOWS%\krtawefg.exe 18 %WINDOWS%\krujmmwlrra.exe 19 %WINDOWS%\ktknamwerr.exe 20 %WINDOWS%\kuruhccdsdd.exe 21 %WINDOWS%\ooorjaas.exe 22 %WINDOWS%\oranerkka.exe 23 %WINDOWS%\oropbbsee.exe 24 %WINDOWS%\otnnbektre.exe 25 %WINDOWS%\otowjdseww.exe 26 %WINDOWS%\otpeppggq.exe 27 %WINDOWS%\rkaskssd.exe 28 %WINDOWS%\ronitfst.exe 29 %WINDOWS%\seeukluba.exe 30 %WINDOWS%\skaaanret.exe 31 %WINDOWS%\sysguardn.exe 32 %WINDOWS%\tobmygers.exe 33 %WINDOWS%\tobykke.exe 34 %WINDOWS%\zibaglertz.exe 35 Spyware Protect 2009.lnk 36 Uninstall Spyware Protect 2009.lnk
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\AvScanHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "sysguardn"
Prior history: While on a Time Warner / Roadrunner ISP LAN connection at home, I downloaded the Google Earth tool. A popup indicated I needed to open a port to use Google Earth. I did so despite a Microsoft Vista O.S.warning of the risks in doing so. The laptop worked fine all day while using Verizon Wireless WWAN connection for email and news when at work. As soon as I restarted at home I got security alerts promoting Antivir System Pro.
This variant defends itself against closure via Vista's Task Manager by closing down the Task Manger program quicker than you can click on it to end the malware's functions. I shut down the wireless transmitter to prevent access to the attacker's website, but the malware prevents shutting down the several Internet Explorer windows that were created in my attempts to disable it. My previously reliable avast antivirus software cannot detect this malware. Anyone else fighting this variant?
I found this forum/site online (duhh ofcourse) I am going to try to rid the issue when I get home if it works Ill be calling the number to contact this site/forum and tell them how apprecitating this is... Its not many places today that someon e willl go into detail on how to remove them Step by Step MOst of us to even say that we are intermediate computer usurs is to generous. So thanks again. lets see if it works L8tr