Win32:Necurs-E

Posted: September 5, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	5/10
Infected PCs:	7

First Seen:	September 5, 2012
Last Seen:	March 16, 2022
OS(es) Affected:	Windows

Win32:Necurs-E is a rootkit that's designed to attack 32-bit Windows systems, although many rootkits similar to Win32:Necurs-E also include compatibility with 64-bit OSes. Win32:Necurs-E infections tend to use multiple PC threats to protect each other from deletion, and your anti-malware program may be able to detect but unable to delete Win32:Necurs-E initially. However, since rootkits like Win32:Necurs-E compromise critical system files habitually, SpywareRemove.com malware researchers don't recommend deleting Win32:Necurs-E's files yourself. If your anti-malware scanner of choice experiences problems with removing Win32:Necurs-E, you should attempt a reboot in Safe Mode or a USB-based system boot, either of which can be used to assist with the removal of high-level threats like Win32:Necurs-E.

Win32:Necurs-E – Still Going Strong After a Year in the Wild

Win32:Necurs-E was widely-identified in mid-2011, although circumstantial evidence causes SpywareRemove.com malware researchers to suspect that Win32:Necurs-E is still in distribution today, and there are no indications that Win32:Necurs-E's primary attacks have become outdated. Win32:Necurs-E, like most rootkits, is designed to compromise your PC's security by creating a backdoor vulnerability while avoiding detection by hiding its code in normal system files. Backdoor-related attacks by Win32:Necurs-E can include, but aren't limited to:

Win32:Necurs-E may grant remote attackers access to your PC through C&C servers. These servers can be used to make use of a damaging level of control over your computer and may also serve as sources for malicious files, or recipients for stolen information.
Win32:Necurs-E may install other PC threats; this is a common feature in most rootkits and can include many types of payloads, although particularly popular types include banking Trojans and rogue security programs.
Security programs may be blocked by Win32:Necurs-E to prevent you from removing Win32:Necurs-E or related infections safely. Often-blocked programs include anti-virus scanners, Task Manager, the Registry Editor and firewall managers.
Security features can be disabled through the Registry and other methods. This can result in an enhanced vulnerability to other attacks, particularly web browser and network-based ones.

Win32:Necurs-E: Countless Names for a Single Threat

While Win32:Necurs-E's attacks are potentially-severe, and its priority as a security risk shouldn't be underestimated, almost all prominent brands of anti-malware software have developed identification entries for Win32:Necurs-E. Aliases that can be used to detect Win32:Necurs-E include Trojan:WinNT/Necurs.A, Trojan.Necurs.5, TROJ_GEN.USBH17ACT, Trojan.ADH.2 and Mal/Necurs-A.

SpywareRemove.com malware researchers stress that Win32:Necurs-E isn't likely to be the only PC threat on a computer; at the very least, Trojan droppers like TrojanDropper:Win32/Necurs also have a high chance of infecting a Win32:Necurs-E-compromised PC. Anti-malware scans to remove Win32:Necurs-E should be strong enough to detect any other Trojans or other malware on your computer along with Win32:Necurs-E, or you may be unable to remove Win32:Necurs-E at all – or experience its reinstallation after Win32:Necurs-E is removed.

Win32:Necurs-E

Threat Metric

Win32:Necurs-E – Still Going Strong After a Year in the Wild

Win32:Necurs-E: Countless Names for a Single Threat

Leave a Reply