NGRBot
Posted: October 15, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Ranking: | 13,255 |
---|---|
Threat Level: | 5/10 |
Infected PCs: | 1,649 |
First Seen: | October 12, 2011 |
---|---|
Last Seen: | September 17, 2023 |
OS(es) Affected: | Windows |
NGRBot is an alias for Dorkbot, a family of worms that malware researchers previously analyzed throughout 2011 and 2012. However, new variants of NGRBot or Dorkbot have been spotted that include additional capabilities for harming your computer. Standard NGRBot attacks have included backdoor exploits, botnet-based DDoS functions and and website-blocking browser hijacks, but NGRBot's latest version appears to have been updated to include spyware attacks. These attacks steal private information from a large range of popular sites and account services, and PC users should take particular care to protect their personal information from being compromised by NGRBot infections. Removable devices and spam e-mail messages are especially at risk of serving as infection vectors for NGRBot, which should be removed by anti-malware software whenever NGRBot does succeed in installing itself on your computer.
That E-Mailed Image Doesn't Have Anything to Show You But NGRBot Infections
Variants of NGRBot have been prominent in their usage of social engineering-related spam attacks to access new PCs. While old attacks by NGRBot used social networking sites like Facebook to send their malicious links, the most recent NGRBot infection vectors use e-mail spam. These e-mail messages are designed to look like notifications from Skype and include a fake link that downloads NGRBot. NGRBot's installation file also uses the Skype icon.
Versions of NGRBot that are distributed through e-mail have been found to include additional capabilities beyond the default NGRBot or Dorkbot payloads. SpywareRemove.com malware research team has found that NGRBot attempts to monitor online information transactions and steal personal data, such as passwords or other account credentials, from a range of websites. Websites that NGRBot targets include (but aren't limited to):
- AOL
- Dotster
- Ebay
- FastMail
- Gmail
- Godaddy
- Megaupload
- Paypal
- The Pirate Bay
- Yahoo
Examining the Full Breadth of NGRBot's Parasitism
NGRBot also may be used to force your PC to engage in traffic-flooding attacks that crash websites, block websites that you try to access or become complicit in distributing copies of NGRBot with spam. Poor system performance is the most likely indirect symptom of these NGRBot attacks, although SpywareRemove.com malware experts note that you may not see any signs of NGRBot at all. As a worm, NGRBot also may infect removable devices, and you should avoid sharing any USB thumb drives or similar devices until you've removed NGRBot from your computer.
NGRBot is a relatively well-distributed PC threat, and its e-mail attacks have been found to include misleading text in multiple languages such as French, German, English and Italian. As the simplest protection against NGRBot, SpywareRemove.com malware researchers caution against following unusual e-mail links or launching files before scanning them with appropriate security software. If your PC does become infected, anti-malware programs can be used to delete all copies of NGRBot.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%APPDATA%\WindowsUpdate\Updater.exe
File name: Updater.exeSize: 305.15 KB (305152 bytes)
MD5: 0b8ea7404f6d83b2d0a1f21d90c087d1
Detection count: 83
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\WindowsUpdate
Group: Malware file
Last Updated: March 17, 2016
f301b32407a2c914fea10b3199ef24da8a5db3770608ac515cef80a42150fd30.exe
File name: f301b32407a2c914fea10b3199ef24da8a5db3770608ac515cef80a42150fd30.exeSize: 346.11 KB (346112 bytes)
MD5: ab1ed595ac14fe212ab73ed041b89003
Detection count: 75
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 17, 2016
ddfd6b9cf184c31970b749a9272ccacdc14ed7062000cdcc660fc25e574aabb9.exe
File name: ddfd6b9cf184c31970b749a9272ccacdc14ed7062000cdcc660fc25e574aabb9.exeSize: 346.11 KB (346112 bytes)
MD5: 02b6329f8867151ae3bfa83793d3721b
Detection count: 74
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 17, 2016
%APPDATA%\WindowsUpdate\Updater.exe
File name: Updater.exeSize: 302.59 KB (302592 bytes)
MD5: bc48162696ef51f3cd0e41e5525e276c
Detection count: 73
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\WindowsUpdate
Group: Malware file
Last Updated: March 3, 2016
dcdee113e5975c51af48c267ac2190be8c8bf22dac5ec46562dbb36eca9ea0dc.exe
File name: dcdee113e5975c51af48c267ac2190be8c8bf22dac5ec46562dbb36eca9ea0dc.exeSize: 348.16 KB (348160 bytes)
MD5: 0321b58d6fdea96d9c507af0128a57e6
Detection count: 73
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 17, 2016
d430d81486b8ba0612f7cfcf4690753d959e3e83f92da7ad100b503608a24be6.exe
File name: d430d81486b8ba0612f7cfcf4690753d959e3e83f92da7ad100b503608a24be6.exeSize: 343.55 KB (343552 bytes)
MD5: b0b0bdec8eb412cede97f5af42a75bfe
Detection count: 72
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 17, 2016
d3ba40454935b2c76739e9c9817e111a4367184e3a53ceb4ecb793c00f5c1e55.exe
File name: d3ba40454935b2c76739e9c9817e111a4367184e3a53ceb4ecb793c00f5c1e55.exeSize: 341.5 KB (341504 bytes)
MD5: 7baf8d13dad8f72095e1dd3430153c08
Detection count: 71
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 17, 2016
caa7055cc2b8cddd4fc393684f486a41d0337dd8756887fc5e4d825f011dd725.exe
File name: caa7055cc2b8cddd4fc393684f486a41d0337dd8756887fc5e4d825f011dd725.exeSize: 349.69 KB (349696 bytes)
MD5: 2885b3e20b8ab5c69de65a4e4a41217d
Detection count: 70
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 17, 2016
5c7b5503f3d89d01b87bc3f011291a7e88132930b3286b08e9336a98553432d4.exe
File name: 5c7b5503f3d89d01b87bc3f011291a7e88132930b3286b08e9336a98553432d4.exeSize: 349.69 KB (349696 bytes)
MD5: 31805681a9b937b4719dc5ffd87b0bfe
Detection count: 66
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 17, 2016
4f9ebaae10a4e766ffab09eaba3d5d82ab166e4488477f8773fcdcf7a027cd1b.exe
File name: 4f9ebaae10a4e766ffab09eaba3d5d82ab166e4488477f8773fcdcf7a027cd1b.exeSize: 346.11 KB (346112 bytes)
MD5: 2ee9b76bf1bdd22568932a8d0f4cc65f
Detection count: 65
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 17, 2016
%APPDATA%\WindowsUpdate\Updater.exe
File name: Updater.exeSize: 304.12 KB (304128 bytes)
MD5: 5f4afe2a2d57f7d465aa79c2f54b4c98
Detection count: 64
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\WindowsUpdate
Group: Malware file
Last Updated: March 17, 2016
34256207ce656740e6348dcccb8c27c54afaac22e3f7c888037eb316caea7e95.exe
File name: 34256207ce656740e6348dcccb8c27c54afaac22e3f7c888037eb316caea7e95.exeSize: 300.54 KB (300544 bytes)
MD5: 0d1d3e9872c31a9fdb4dc159fbce0bd1
Detection count: 64
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 17, 2016
2eedb69db12e9f4cfbe03dcec13a943d79f481ea3284752dc52b5abaea2f54eb.exe
File name: 2eedb69db12e9f4cfbe03dcec13a943d79f481ea3284752dc52b5abaea2f54eb.exeSize: 344.57 KB (344576 bytes)
MD5: de5b1fa1d1e4f77e37f7d690634c0815
Detection count: 63
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 17, 2016
2c163f1e771cb780d942e02d2a307c43b282dd1dddfb61b320b849ace88247bf.exe
File name: 2c163f1e771cb780d942e02d2a307c43b282dd1dddfb61b320b849ace88247bf.exeSize: 346.11 KB (346112 bytes)
MD5: 7a50d83015675403368b2bef66e318aa
Detection count: 62
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 17, 2016
240895f8d5a02daa6c4cd7d8269dcbb5e76fc7a9c3d9be24ab70b6b0fed4d530.exe
File name: 240895f8d5a02daa6c4cd7d8269dcbb5e76fc7a9c3d9be24ab70b6b0fed4d530.exeSize: 302.08 KB (302080 bytes)
MD5: dc9f89723be818ce3aeb3aa90952527e
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 17, 2016
1e7043865c44d575d0b4bb276b8c9d3785047759619cc1008f308924b728f26e.exe
File name: 1e7043865c44d575d0b4bb276b8c9d3785047759619cc1008f308924b728f26e.exeSize: 343.04 KB (343040 bytes)
MD5: a8f8dca809ebe47ebd4b8959c31feb09
Detection count: 60
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 17, 2016
%APPDATA%\WindowsUpdate\Updater.exe
File name: Updater.exeSize: 302.08 KB (302080 bytes)
MD5: 976aa6512b7c51f981cdabd139339cba
Detection count: 56
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\WindowsUpdate
Group: Malware file
Last Updated: March 17, 2016
%APPDATA%\WindowsUpdate\Updater.exe
File name: Updater.exeSize: 305.66 KB (305664 bytes)
MD5: 31df33e39e9dca80dffa47cb16a92447
Detection count: 52
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\WindowsUpdate
Group: Malware file
Last Updated: March 17, 2016
%APPDATA%\WindowsUpdate\Updater.exe
File name: Updater.exeSize: 301.56 KB (301568 bytes)
MD5: c7322ed05d4d9d56de469cc395b3523a
Detection count: 51
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\WindowsUpdate
Group: Malware file
Last Updated: March 17, 2016
%APPDATA%\WindowsUpdate\Updater.exe
File name: Updater.exeSize: 302.08 KB (302080 bytes)
MD5: 85fa792219fbd83172e5995bc946cf89
Detection count: 32
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\WindowsUpdate
Group: Malware file
Last Updated: March 17, 2016
%APPDATA%\WindowsUpdate\Updater.exe
File name: Updater.exeSize: 302.59 KB (302592 bytes)
MD5: 37b5e18358555a966797b758ffeff421
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\WindowsUpdate
Group: Malware file
Last Updated: March 17, 2016
file.exe
File name: file.exeSize: 285.18 KB (285184 bytes)
MD5: ccc4e1ec557e352ffe5c52b651b67c76
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 2, 2016
skype_09-10-12_image.exe
File name: skype_09-10-12_image.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.