Win32/Nuqel.E Description

The Win32/Nuqel.E infection is a worm known to target Windows systems from 2K on up, and may disable important utility programs like the Control Panel. On the other hand, Win32/Nuqel.E is also used as a fake alert by known rogue anti-spyware products, so don't jump to conclusions the instant you see Win32/Nuqel.E detected on your system! Ultimately, either result does mean that your computer is infected, albeit not necessarily by Win32/Nuqel.E. Not deleting Win32/Nuqel.E or the rogue anti-virus program that caused the Win32/Nuqel.E alert will result in a computer that could be called severely dysfunctional at best, so don't hold back on removing that malware.

Win32/Nuqel.E is a Message-Friendly Danger

As a worm, Win32/Nuqel.E may be capable of distributing itself through Autorun exploits involving network-shared folders and removable hard drive devices. What's confirmed is that Win32/Nuqel.E can gather your contacts from Yahoo Instant Messenger and then spam those contacts with messages containing copies of itself. Keeping your Yahoo-based contacts aware of any potential infection is the first thing you should do to keep Win32/Nuqel.E from spreading to other systems.

Win32/Nuqel.E can sneak onto Windows 9X, 2K, XP, Vista and even the newer Windows 7 operating system. Win32/Nuqel.E is also detected by the names of W32/YahLover.worm, Worm:Win32/Sohanad.F, WORM_IMAUT.E, W32.Imaut.N and Troj/Tiotua-D.

The foremost threat from a genuine Win32/Nuqel.E infection is without a doubt its program-interrupting functions. Win32/Nuqel.E has been caught shutting down everything from Control Panel and Task Manager to Folder Options and the Registry Editor. All of these are necessary to maintain your computer in a healthy state, which turns Win32/Nuqel.E into a non-negligible threat.

Win32/Nuqel.E's Favorite Scapegoat

There's another side to Win32/Nuqel.E, though, and that's its life as a false positive detection. Known rogue anti-virus products like Spyware Protect 2009 and Antivirus System PRO will use false Win32/Nuqel.E detections to encourage the user into performing self-destructive acts. Some common text used in these alerts is as follows:

“Spyware Protect 2009 alert. INFILTRATION ALERT. Your computer is being attacked by an Internet Virus. It could be a password-stealing attack, a Trojan-dropper or similar. DETAILS. Attack from:, port 34940. Attacked port: 50507. Threat: Win32/Nuqel.E. Do you want to block this attack?”

Rogue products that falsely detect Win32/Nuqel.E and other nonexistent infection incidents are responsible for a variety of system attacks. Primary attack methods tend to consist of more false alerts, misleading scanning results, browser hijacks and disabled security programs.

Regardless of which problem you're dealing with, the real Win32/Nuqel.E or an imposter, a Win32/Nuqel.E detection is always trouble. You should respond in the same way in either case, with a swift Safe Mode reboot and appropriate use of real anti-malware programs.


Win32 Nuqel.e

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %WINDOWS%\sysguard.exe
    2 %WINDOWS%\system32\iehelper.dll

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\AvScanHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "system tool"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Win32/Nuqel.E may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Posted: June 8, 2009
Home Malware Programs Trojans Win32/Nuqel.E


Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.