Should I remove "Worm:Win32/Nuqel.TB"?

The Worm:Win32/Nuqel.TB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Worm:Win32/Nuqel.TB virus can do?

Reads data out of its own binary image
Attempts to modify Internet Explorer’s start page
Performs some HTTP requests
Uses Windows utilities for basic functionality
Installs itself for autorun at Windows startup
Creates a hidden or system file
Creates a copy of itself

Related domains:

h1.ripway.com

www.balu000.0catch.com

www.balu001.0catch.com

www.balu002.0catch.com

www.balu003.0catch.com

www.balu004.0catch.com

www.balu005.0catch.com

www.balu006.0catch.com

www.balu007.0catch.com

www.balu008.0catch.com

www.balu009.0catch.com

www.balu010.0catch.com

www.balu011.0catch.com

www.balu012.0catch.com

www.balu013.0catch.com

How to determine Worm:Win32/Nuqel.TB?


File Info:
crc32: 8F620942
md5: 0cb34c247f1ec950c81c3ca9a84defd2
name: 0CB34C247F1EC950C81C3CA9A84DEFD2.mlw
sha1: f6f60325a8a2061d6a08e1589a6b36497913434d
sha256: 10f20158f5a957551e63be8fda63982d3655892fd380081462e6bb5166299c35
sha512: e391e3267ed99011eed2409eeaa7768afa2cda6609662577195d5118a36e6e279811e9e7ed5b31d9587a941ad6e30146e7360b5fabb42c94b72fe52a80eceb31
ssdeep: 6144:Ppqoa8aLiC/2OLaAN7gNVpNleQUohBfGPOtQciXeL/XYqGlebojSP2pjNhcAYnC:PpqiC/2OeAtkCP4cejGSOpRK3C1SSr
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
FileVersion: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Company: Microsoft Corporation
Product Name: Microsoftxae Windowsxae Operating System
Product Version: 6.00.2900.2180
Original File name: System32.exe
Internal Name: System32
Translation: 0x0809 0x04b0

Worm:Win32/Nuqel.TB also known as:

K7AntiVirus	EmailWorm ( 0008b4a71 )
Lionic	W32.W.AutoRun.llU2
TotalDefense	Win32/FakeFLDR_i
MicroWorld-eScan	Gen:Trojan.Heur.AutoIT.15
CAT-QuickHeal	Worm.Tupym.A5
Cylance	Unsafe
Zillya	Worm.Autorun.Win32.79560
CrowdStrike	malicious_confidence_100% (D)
K7GW	EmailWorm ( 0008b4a71 )
Cybereason	malicious.1b8fb7
TrendMicro	WORM_SOHAND.SM
Baidu	Win32.Trojan.AutoIt.a
Cyren	W32/AutoIt.AG.gen!Eldorado
Symantec	W32.Imaut!gen1
ESET-NOD32	Win32/Autoit.EB
Avast	AutoIt:AutoRun-B@BC [Wrm]
ClamAV	Win.Worm.Autorun-313
GData	Win32.Worm.Autorun.A@gen
Kaspersky	Worm.Win32.AutoRun.fnc
BitDefender	Gen:Trojan.Heur.AutoIT.15
NANO-Antivirus	Trojan.Script.Autorun.ddaffd
Tencent	Worm.Win32.Autorun.fnc
Ad-Aware	Gen:Trojan.Heur.AutoIT.15
Sophos	W32/AutoRun-BUC
F-Secure	Gen:Trojan.Heur.AutoIT.15
DrWeb	Trojan.StartPage.31354
VIPRE	Worm.Win32.Tupym.A (v)
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Tupym.dm
Emsisoft	Gen:Trojan.Heur.AutoIT.15 (B)
SentinelOne	static engine – malicious
F-Prot	W32/AutoIt.AG.gen!Eldorado
Endgame	malicious (high confidence)
Avira	TR/Patched.Ren.Gen
Microsoft	Worm:Win32/Nuqel.TB
Jiangmin	Trojan.Generic.adpae
Arcabit	Trojan.Heur.AutoIT.15
SUPERAntiSpyware	Trojan.Agent/Gen-Virut
ZoneAlarm	Worm.Win32.AutoRun.fnc
AhnLab-V3	HEUR/Fakon.mwf
McAfee	W32/Tupym.worm
AVware	Worm.Win32.Tupym.A (v)
MAX	malware (ai score=85)
VBA32	Trojan-Downloader.Autoit.gen
Malwarebytes	Worm.AutoRun.FLD
Panda	Trj/Autoit.gen
TrendMicro-HouseCall	WORM_SOHAND.SM
Rising	Worm.VobfusEx!1.99DF (CLASSIC)
Yandex	Trojan.Autorun!VgV/xk+eV94
Ikarus	Worm.Win32.AutoRun
Fortinet	W32/AutoVt.AAAD!tr
AVG	AutoIt:AutoRun-B@BC [Wrm]
Qihoo-360	Malware.Radar01.Gen

How to remove Worm:Win32/Nuqel.TB?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Should I remove “Worm:Win32/Nuqel.TB”?