Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
16 Oct 2004
W32.Narcs is a worm that propagates through Internet Relay Chat, Imesh and Kazaa file-sharing networks. In doing such, the worm is known for downloading and automatically opening a “W32.Spybot.Worm.” One of its unique abilities is that it removes files and processes as well as increases security outbreak by tweaking the compromised computer’s security settings. It creates these files: “Age of Empires crack.exe,” Age of Empires.exe,” CD Key.exe,” Counter Strike 6.exe,” Counter Strike.exe,” Grand Theft Auto 3 CD2 ISO.exe,” Half-Life.exe,” Hotmail Hack.exe,” Hotmail account cracker.exe,” KeyGen.exe,” Microsoft Office.exe,” Norton Anti Virus 2004.exe,” Norton Anti Virus 2005.exe,” Norton Anti Virus Crack.exe,” Norton Firewall.exe,” Norton Internet Security 2004.exe,” Partition Magic 8.exe,” Playstation 2.exe,” Resident Evil.exe,” Scran.cpl,” Tomb Raider.exe,” Trojan Remover.exe,” Windows XP Home.exe,” Yahoo Hack.exe,” ZoneAlarm Firewall Pro.exe” and “Scran.exe.”
W32.Narcs Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Narcs from your computer.
More details about W32.Narcs
It is also called a memory resident worm which is very popular with mIRC and other peer-to-peer (P2P) applications, such as BearShare Kazaa, Kazaa Lite and Kazaa Media Desktop. It also modifies hosts files. Antivirus and security labeled websites will be hampered and even prevented when this worm is already present. Registry keys are also being tweaked and this prevents the computer from doing certain tasks such as, running programs through the Run command, running Registry Editor and Running Task Manager. Other applications or programs may also become inoperable because it has the ability to disable certain actions like closing Internet Explorer windows, file opening, saving, and printing functionalities of Internet Explorer and notifying for new Windows update components and firewall- and antivirus-related events.
It is believed that theW32.Narcs program can perform several malicious actions. These include flooding of mailboxes and the IRC channels, termination of system processes and viewing of computer system information, such as installed software and running applications. Some users have also reported that this malware can execute scripts and programs on the victim computer, upload and download files, search for files on the compromised machine, execute commands on command.com and scan computers with LSASS vulnerability.