Nometz.b
Nometz.b is a macro virus that infects all opened Microsoft Word documents. The spyware modifies Microsoft Word essential macro security settings, hides certain menu options and disables some application components. Nometz.b searches infected documents for certain strings and, if any of them are found, copies files to C:WindowsSystem directory and changes their extension to .jpg. Then it silently uploads these files to a predetermined FTP server. Such virus behavior causes a disclosure of user confidential information. After documents were successfully uploaded, Nometz.b removes all the .jpg images in C:WindowsSystem directory and temporarily restores default Microsoft Word security features.
File System Modifications
- The following files were created in the system:
# File Name 1 c[X]d.bat 2 c[X]d.ftp 3 cdrom.dot
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERSoftwareMicrosoftOffice10.0WordSecurityAccessVBOM=1HKEY_CURRENT_USERSoftwareMicrosoftOffice10.0WordSecurityDontTrustInstalledFiles=""HKEY_CURRENT_USERSoftwareMicrosoftOffice10.0WordSecurityLevel=1
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.