Win32/NopleMento [Threat Name] go to Threat

Win32/NopleMento.A [Threat Variant Name]

Category trojan
Size 141312 B
Detection created Aug 13, 2015
Detection database version 12089
Short description

Win32/NopleMento.A is a trojan that prevents access to certain web sites and reroutes traffic to certain IP addresses. The trojan is usually a part of other malware.

Installation

The trojan does not create any copies of itself.


The trojan creates the following files:

  • %windir%\­system32\­%variable1%\­%variable2%\­%variable3%.dat

The following files are modified:

  • %windir%\­%variable4%\­dnsapi.dll

A string with variable content is used instead of %variable1-4% .

Other information

Win32/NopleMento.A is a trojan that prevents access to certain web sites and reroutes traffic to certain IP addresses.


The following Registry entry is set:

  • [HKEY_LOCAL_MACHINE\­Microsoft\­Windows\­CurrentVersion\­RunOnce]
    • "cmdrun" = "cmd.exe /C ipconfig /flushdns"

The trojan may display the following dialog windows:

Please enable Javascript to ensure correct displaying of this content and refresh this page.