Aliases: Nosys
Variants: N/A

Classification: Malware
Category: Trojan Horse

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 04 Feb 2002
Damage: Low

Characteristics: W32.Nosys is a Trojan displaying the message, “Would you like to be protected from the virus?” When you click “Yes” or “No” the Trojan always removes the “Nosystem.exe” file in the windows folder. Then it continually searches for files such as, “Winhlp32.exe” and “HH.exe.” If it is successful in searching those files, it then follows up on searching in the Windows folder for these files, “Winhlp32.vir” and “Hh.vir.” If the Trojan successfully searches for them, it removes the two files with the “.exe” extension, and renames the files with the ".ver." extension so that they now have an .exe extension. The Trojan then modifies your Internet Explorer homepage to a blank page.

More details about W32.Nosys

This virus usually comes as a key generator for Windows XP. Thus, users should be wary that files malicious downloaded from an untrusted site should always be quarantined or checked before execution. It has properties such as concealing itself from the user to make it very complicated to trace the Trojan and to allow it to always stay resident in the background. It affects Windows system processes and hampers regedit and msconfig processes. It also has backdoor capabilities that allow it to secretly install itself to the system and execute corrupt .exe files, with this case, vnwpbns.exe files.

It is believed that the W32.Nosys application can allow remote influence on the system. It may install harmful codes that may not be detected by security software. This is typically used to send spam to other users in remote sites, to steal data for identity theft or financial fraud, to launch Distributed Denial of Service attacks, to download personal documents, modify files, delete files, and to disable antivirus programs. The download and installation of a good and effective anti-malware application may aid in the removal of this program from the computer.