Win32.Nucleroot

Win32.Nucleroot is a rootkit Trojan.  It is able penetrate a system secretly and will hide its processes, registry entries, network connections.  It is very difficult to detect.  This malware was most likely contracted through an infected e-mail.  This is the most common way that it will distribute itself.  It will exploit vulnerabilities in your Windows system and take full advantage.

AKA:
Troj/Nucleroot-C,
Backdoor.Nucleroot.C,
BKDR_NUCLEROOT.C,
Win32/Nucleroot.C,
Nucleroot.C Backdoor,
Backdoor.Win32.Nucleroot.C,
Backdoor.Win32.Nucleroot.z,
Generic.dx,
Mal/Generic-A,
Trojan-Dropper.Agent

Related Files:

c:\WINDOWS\nkit.dll,
c:\WINDOWS\shdef.exe

Recommended Action:
Remove at once.

For manual removal of Win32.Nucleroot, you should go into the Registry (regedit) and delete:

1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion “shitbit”
data: SOFTWARE\Microsoft\Windows\CurrentVersion\Run

2. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “shdef” data: C:\WINDOWS\shdef.exe

Then you will need to delete the following files:

c:\WINDOWS\nkit.dll Size: 44,544 bytes
c:\WINDOWS\shdef.exe Size: 27,648 bytes (or any other file with this size)

To remove automatically, you can try ZookaWare PC Cleaner, the spyware remover.  ZookaWare PC Cleaner is a professional anti-spyware application that guarantees to rid your system of all spyware or your money back.  Unlike many programs out there, ZookaWare PC Cleaner offers a free scan and will then work to eliminate all spyware.  For fast and effective removal, try a trusted program that works.

Download Free Scan
ZookaWare runs on Windows Vista, 7, 8 and 10. It has no ads, popups or bundled software and fully uninstalls by clicking Start > All Programs > select ZookaWare and click Uninstall.

Leave a Reply

Your email address will not be published. Required fields are marked *

css.php