W32/Nopir-B

Category:	Viruses and Spyware
Type:	Win32 worm
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Nopir-B is a worm for the Windows platform.

W32/Nopir-B will display an anti-piracy image on the screen when run. The worm will then delete all COM and MP3 files from the computer. The worm will also disable taskmanager, registry tools, and access to the control panel. W32/Nopir-B will also check for debuggers and may attempt to disable any such software that it finds.

W32/Nopir-B copies itself to <Program Files>\Projects Visual Studio.NET\Nctrup.exe, <Program Files>\Restore\<random name>.exe, <Program Files>\eMule\Incoming\AnyDVD 5.1.0.1 Crack+Keygen By Razor.exe. W32/Nopir-B is a worm for the Windows platform.

W32/Nopir-B will display an anti-piracy image on the screen when run, as seen here:

The image displayed by the Nopir-B worm.

The worm will then delete all COM and MP3 files from the computer. The worm will also disable taskmanager, registry tools, and access to the control panel. W32/Nopir-B will also check for debuggers and may attempt to disable any such software that it finds.

W32/Nopir-B copies itself to <Program Files>\Projects Visual Studio.NET\Nctrup.exe, <Program Files>\Restore\<random name>.exe, <Program Files>\eMule\Incoming\AnyDVD 5.1.0.1 Crack+Keygen By Razor.exe.

W32/Nopir-B will create the following registry entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Verif
<Program Files>\Restore\<random name>.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
securw
<Program Files>\Projects Visual Studio.NET\Nctrup.exe

HKCR\exefile\Shell\open\command