W32.Nohoper.7397
Aliases: W32/Nohoper-7397, I-Worm/Nohoper.7397, WORM_NOHOPER.7397, W32/
[email protected], Nohoper.7397 Internet Worm
Variants: Email-Worm.Win32.Nohoper.7397
Classification: Malware
Category: Computer Worm
Status: Dormant
Spreading: Slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 01 Sep 2002
Damage: Low
Characteristics: W32.Nohoper.7397 is considered as an Internet Worm that may cause data loss or other misbehavior including performance degradation. This is detected as email-Worm.Win32.Nohoper.7397 by some antivirus programs. Reports say that it will infect PE files or Portable Executable files. A good example of a Portable Executable is a screen saver (.scr) file. The virus also contains encryption codes in order for the virus to hide its track and code from several antivirus applications. Once executed, it searches for Kernel32.dll in the memory and it scrutinizes its functions so that in turn, it can also use that function for infection. When it’s successful, it consequently finds the hard drive for executable files or “.exe” files.
W32.Nohoper.7397 Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Nohoper.7397 from your computer.
More details about W32.Nohoper.7397
It randomly chooses 20 PE files in the windows system directory folder then changes the entry point of the infected file. As such, computer users may notice that the date and time stamp of all infected files are changed to the current system date and time. All platforms of Windows Operating System platforms can be affected by this virus. It also uses emails to collect files of the compromised computer. The worm automatically sends itself to the email addresses it gathers from the files on an infected computer. Mostly, it gets all the contacts from the Microsoft Outlook Address Book. The email message displays on its subject, “Some freeporn.” While on its message says, “Here is the file you asked for...” This also contains an attachment saying, “Freeporn.exe.pif.” It also makes use of the Internet Relay chat site known as mIRC to spread. If mIRC is installed on the infected system, the virus creates Mirc.ini so that the infected C:\Freeporn.exe.pif file is sent to other mIRC users. ifference is that the virus does not re-infect files. But a lot of the important files in the compromised computer are modified and will not usable.
According to some users, the W32.Nohoper.7397 program allows an intruder to remotely control the victim computer through the Internet or Local Area Network (LAN). Once the program has been installed, the intruder can send several damaging and malicious commands. These commands include deletion of files, uploading and downloading of files, and installation of other malicious programs. The intruder could also disable applications such as security programs. The W32.Nohoper.7397 program could perform computer shutdowns and restarts. The affected computer could also be used to participate in attacks on Web servers.