Worm.Nuwar

Worm.Nuwar is a worm that's installed by dropper Trojans from the Nuwar family. Once installed, Worm.Nuwar will infect native processes to recruit your computer into a private file-transferring network, harvest email addresses from your computer and then spam those addresses with messages that contain attached copies of Worm.Nuwar. Because of the near-certainty of Trojans infecting any computer that has a Worm.Nuwar infection, you should delete Worm.Nuwar and related threats by scanning your PC with an updated anti-malware scanner.

The Multiple and Stealthy Arms of a Worm.Nuwar Attack

Worm.Nuwar is only a portion of a Nuwar-based attack that uses the Worm.Nuwar worm in conjunction with multiple Win32/Nuwar.gen or W32/Nuwar@MM dropper Trojans to harm your PC. These Trojans and worms were both seen in 2007 but have infected computers as recently as 2011, and any Worm.Nuwar infection should still be considered to be a high-level threat.

Any Worm.Nuwar worm is installed by one of the aforementioned Trojans, which themselves may only be one Trojan in a chain of several. Worm.Nuwar files will use random file names, hide in your Windows folder to avoid detection, and will even use .sys acronyms to fake being part of your Windows operating system.

Worm.Nuwar .dll files will also go so far as to infect native memory processes so that you can't see them as running processes when they're active. Driver-related components of Worm.Nuwar will also try to conceal themselves while launching on Windows startup, although this concealment technique only works on Windows XP and older versions of Windows.

What Worm.Nuwar Wants with Your PC

The main purpose of a Worm.Nuwar infection is to enlist your computer into a private peer-to-peer file-transferring network. This lets Worm.Nuwar upload information from your PC or download malicious files onto your PC while Worm.Nuwar bypasses your network security.

Worm.Nuwar will also try to harvest email addresses to send itself to other computers. Files under 122k in size will be scanned for potential email address information, and Worm.Nuwar will make an effort to avoid government and high-security addresses like those containing references to Microsoft or .gov suffixes.

Unlike some worms, Worm.Nuwar doesn't use the infected computer's account to spoof the sending address. Instead, Worm.Nuwar will pretend to send itself from a random yahoo.com name. Worm.Nuwar email messages can be identified with a blank text body and controversial subject lines like:

• 230 dead as storm batters Europe
• Naked teens attack home director
• USA Declares War on Iran
• USA Missle [sic] Strike: Iran War just have [sic] started

Worm.Nuwar will be present in the form of an .exe attachment with names like 'Read More.exe,' 'Click Me.exe,' 'News.exe' or 'Video.exe.'

As a final attack on your security, Worm.Nuwar will also try to stop processes that are related to well-known security programs. This may disable basic Windows programs like Task Manager or anti-malware software such as anti-virus scanners. You should detect and delete Worm.Nuwar and all Worm.Nuwar's copies by using these programs whenever possible; this can be achieved by using Safe Mode to disable Worm.Nuwar's security-blocking habits.