W32.Notech


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Dormant
Spreading: Slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 08 Oct 2003
Damage: Low

Characteristics: All platforms of Windows Operating System can be attacked and infected by W32.Notech. This virus is often found in infected Wsock32.dll files. Reports say that this is where the worm intercepts all the send requests. This “.dll” file can be found in the Internet Explorer folder under Program Files.

More details about W32.Notech

If W32.Notech finds the string "POST" at the beginning of a send request, it can monitor as well as check if the request has been active for more than 41 days and 16 hours. If this is not the case, it does nothing and the worm will only connect to a port 80 on this website,” www.nop-tech.com.” This remote ability can retrieve commands from the Web page as well as steal private or confidential files or data from the compromised computer. This information may lead to the hands of the black market. Confidential email messages and or usernames and passwords can also be sold in the Internet. Remote hacking can also be destructive, having the ability to also download malware on a compromised computer. It usually does three (3) processes of infecting and damaging your computer and these areL first, “WAIT, then do nothing, or STOP, which will delete itself.”

According to some users, the W32.Notech application collects the compromised user's personal data, Internet usages, passwords for different websites, and most common search activities. It then passes this collection of data to a remote site for further use. According to analysts, oftentimes the malware invited by this program through the access point is an adware. This adware generates pop-ups and prompts to entice the user to enter certain websites and look at free trials of digital products. Free trials are often used as ways to force users to pay for downloaded products.