Remove W32.Noobert
Posted on: January 4th, 2010
| Discovered: | December 23, 2009 |
| Updated: | December 23, 2009 1:03:39 PM |
| Type: | Worm |
| Systems Affected: | Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000 |
| Recommended Action: | |
 In order to Remove W32.Noobert you need to Download the ‘No Adware’ remover software. Based on our testing this was the best peforming remover of W32.Noobert. Read our full No Adware Review |
|
| Technical Details: |
| When the worm executes, it decrypts the host file, saves it to the following location, and executes it:
%Temp%\NOO[RANDOM CHARACTERS] Next, it copies %System%\ctfmon.exe to the following location: %System%\ctfmon.dll The worm then infects all .scr and .exe files on the compromised computer. It also randomly deletes files with the extensions, depending on how long the computer has been turned on:
The worm modifies the following files in order to disable Windows File Protection:
It also disables Windows File Protection by modifying the following registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”SFCDisable” = “1″ The worm spreads through the eMule file-sharing network. |
| Action Steps: |
| FREE SCAN: NoAdware can remove W32.Noobert. Click the link below for your free download & scan your PC now.
Please click here for manual removal instructions. |
