Home Forums Windows 7 Security Tips

Windows 7
Windows Vista
Windows XP

Security Tips
Keyboard Shortcuts


Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Hot Downloads

Privacy Policy
Contact Us




Nocana is a worm virus spreading via the Internet as an e-mail file attachment via P2P file sharing networks.
The worm contains a backdoor routine.
- opens full access to disk files and system registry keys
- sends information about infected computer
- sends cached passwords
- sends keyboard log
- downloads and executes files from Web
- changes display resolution
- runs DoS attack on several servers

Note that the real attached .EXE file name is hidden by a false .JPG extension(an "extra functionality" of MS Outlook is used to accomplish this deception).
As a result the infected .EXE file is displayed as a .JPG image file, but upon opening the attachment it is executed as a true EXE file.

The worm then installs itself to the system, runs its spreading routine and payload.
While installing the worm copies itself to the Windows directory using the name "ANACON.EXE" and registers this file in the system registry auto-run keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run AHU= %SystemDir%\ANACON.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices Hvewsveqmg = %SystemDir%\ANACON.EXE
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Cvfjx = %SystemDir%\ANACON.EXE

The Nocana worm also terminates several anti-virus and active firewall processes.
To send infected messages the worm uses MS Outlook and sends messages to all the addresses found in the Outlook address book.

It also formats the D: drive.
Deletes all files in the current directory (in most cases - Windows system directory).
On 1st, 4th, 8th, 12th, 16th, 20th, 24th and 28th of each month the worm deletes all *.DLL, *.NLS, *.OCX files in the current directory (in most cases - Windows directory).

Automatic Removal: Use antivirus (also check How To Remove section)Startup Optimizer to remove it from startup.

Still have a problem? Ask for help at our discussion forum.

Search Dangerous Files :

: : Recent posts at Forums : :

Новинки 2017 лучш

2017 бесплатно лу

can be a unsecured guarantor loan the proper solution to fit the bill check this in the market to find out

Can you help me out? =((

learn to provide an outstanding pot regarding caffeine

Loose galleries

what is baroque music like nickelback

considerable training your dog solutions to live by

best free music downloads for android phones

Big Black Grls!Old Fat MILF !# 6654444

Mature site

make use of these tips to your property enterprise

Black Fat - Ebony moms boobs# 8847813

2017 список лучши

Sexual pictures

Further home page as throw

Fat Pussy BBW!Black Girls photo!# 8881776

Full-grown galleries

Слоты казино &

Pictures from social networks

Grown up galleries


Perfectly started new protrude

Holy macaroni! I didn't realize it would be so challenging :-/

FamilyStrokes - Alexis Fawx_720p mkv

Segway Verona 2018

Grown up galleries

???? ??? 2? 10?

Social pictures

Aleksandr Solzhenitsyn - The Gulag Archipelago Audio Book - Part 01

SoftwareTipsandTricks, All Rights Reserved.