What is Win 32 NBP VIRUS
--------------------Short description------------------
Win32/Virut.NBP is a polymorphic file infector. The virus connects to the IRC network. It can be controlled remotely.
Executable file infection
The virus searches for executables with one of the following extensions:
.exe
.scr
Executables are infected by appending the code of the virus to the last section.
The host file is modified in a way that causes the virus to be executed prior to running the original code. The size of the inserted code is 19 KB .
It avoids those with any of the following strings in their names:
WINC
WCUN
WC32
OTSP
It infects the following files:
.htm
.php
.asp
.EXE
.SCR
----------------Win32/Virut.NBP-----------------
Aliases: Virus.Win32.Virut.ce (Kaspersky), W32/Virut.n.gen (McAfee), W32.Virut.CF (Symantec)
Type of infiltration: Virus
Size: Approximately 19 KB
Affected platforms: Microsoft Windows
Signature database version: 4032 (20090424)
+++++++++++Other information++++++++++++++
The virus is sent data and commands from a remote computer or the Internet.
It communicates with the following servers using IRC protocol:
irc.zief.pl
proxim.ircgalaxy.pl
It can execute the following operations:
download files from a remote computer and/or Internet
run executable files
The following file is modified:
%system%\drivers\etc\hosts
The virus writes the following entries to the file:
127.0.0.1 jL.chura.pl
The virus creates and runs a new thread with its own program code in all running processes.
The virus may set the following Registry entries:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
SharedAccess\Parameters\FirewallPolicy\StandardProfile\
AuthorizedApplications\List]
"%filepath%" = "%filepath%:*:enabled:@shell32.dll,-1"
The performed data entry creates an exception in the Windows Firewall program.
+++++++++ STARTUP PROCESSES+++++++++
1.Win32/VIRUS.NBP will create "qtfycpp.exe" entry in startup folder,and in taskmanager.
2.It will create "ups.exe" file in start up.
3.it will create start.exe in startup.
++++++++++ Damages caused by WIN32/NBP.VIRUS++++++++++
1.It will slow down your window.
2.It will block access to internet and some antivirus sites.
3.This virus Win32.Nbp is used to infiltrate computer and to hack it.
4.This virus locks your window and asks you to give password to log on.
5.it will disable taskmanager and registry editor.
6.It is a polymorphic virus which will spread from one file to another and it will make its copies.
+++++++++ Removal of WIN3/NBP.VIRUS++++++++++
Removal of win32.nbp virus is not an easy task always use an antivirus proram.
Note:
Never open automatically downloaded file from internet.Eg if you are browsing on internet and a file is automatically downloaded without you permission.
ReComended ANtIVIRUS: Avira Antivirus,Eset Smart security
