Troj/Nebuler-Q

Category:	Viruses and Spyware
Type:	Trojan
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Nebuler-Q is a Trojan for the Windows platform.

When Troj/Nebuler-Q is installed the following files are created:

<User>\Application Data\Microsoft\Crypto\rsa\S-1-5-21-842925246-562591055-725345543-1003\16f3371a170fa393a3bcbaa3c10a147b_b51db6e2-3a90-48f4-b2a9-edf389bedc4b
<User>\Application Data\Microsoft\Protect\S-1-5-21-842925246-562591055-725345543-1003\31d6e411-8efc-410c-b086-36e56005786c
<User>\Application Data\Microsoft\Protect\S-1-5-21-842925246-562591055-725345543-1003\Preferred
<User>\Application Data\Microsoft\Protect\credhist
<Temp>\gos1.bat
<System>\wingsc32.dll

The files wingsc32.dll and gos1.tmp are detected as Troj/Nebule-Gen.

The following registry entries are created to run code exported by wingsc32.dll on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wingsc32
DllName
wingsc32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wingsc32
Impersonate
0

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wingsc32
Startup
EvtStartup

Registry entries are created under:

HKLM\SOFTWARE\Microsoft\MSSMGR

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

Troj/Nebuler-Q

Free Mac Anti-Virus

Popular topics