Home Forums Windows 7 Security Tips

Windows 7
Windows Vista
Windows XP

Security Tips
Keyboard Shortcuts


Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Hot Downloads

Privacy Policy
Contact Us




Nocana is a worm virus spreading via the Internet as an e-mail file attachment via P2P file sharing networks.
The worm contains a backdoor routine.
- opens full access to disk files and system registry keys
- sends information about infected computer
- sends cached passwords
- sends keyboard log
- downloads and executes files from Web
- changes display resolution
- runs DoS attack on several servers

Note that the real attached .EXE file name is hidden by a false .JPG extension(an "extra functionality" of MS Outlook is used to accomplish this deception).
As a result the infected .EXE file is displayed as a .JPG image file, but upon opening the attachment it is executed as a true EXE file.

The worm then installs itself to the system, runs its spreading routine and payload.
While installing the worm copies itself to the Windows directory using the name "ANACON.EXE" and registers this file in the system registry auto-run keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run AHU= %SystemDir%\ANACON.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices Hvewsveqmg = %SystemDir%\ANACON.EXE
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Cvfjx = %SystemDir%\ANACON.EXE

The Nocana worm also terminates several anti-virus and active firewall processes.
To send infected messages the worm uses MS Outlook and sends messages to all the addresses found in the Outlook address book.

It also formats the D: drive.
Deletes all files in the current directory (in most cases - Windows system directory).
On 1st, 4th, 8th, 12th, 16th, 20th, 24th and 28th of each month the worm deletes all *.DLL, *.NLS, *.OCX files in the current directory (in most cases - Windows directory).

Automatic Removal: Use antivirus (also check How To Remove section)Startup Optimizer to remove it from startup.

Still have a problem? Ask for help at our discussion forum.

Search Dangerous Files :

: : Recent posts at Forums : :

Unshackle galleries

море отдых ро&

cialis online

Adult galleries

Услуги частно

New Poke out

New install

side effects for naproxen 375mg

Moncler CESAR Blue [5098] - $301.00 : Professional Moncler Down Jacket Outlet Store,

Eroctive для потенци

Mature placement

My supplementary website

Stared different contract

Open adult galleries

Delivered matured galleries

Adult galleries

Pictures from venereal networks

My new website

Mature galleries

Форум судебны

Mature position

weird sex vids

My supplementary website

My unfamiliar website

Habitually updated photo blog with intense men

My supplementary website

Бесплатные порно фото с ежедневным обнов

Full-grown galleries

outlet jaquetas spyder

Mature galleries

SoftwareTipsandTricks, All Rights Reserved.