TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
SPYW_NSUPDATE.A
Overview
Solution

QUICK LINKS  

Download the latest scan engine

In the wild: No

Reported detections:

 Low
 
Description:

Alias: Adware-Nsupdate (McAfee)

Threat Type: Other Type

Systems Affected: Windows 95, 98, ME, NT, 2000, XP

Installer Name: NSUpdate.dll

This spyware program is a component of a malware package. It may arrive on a system via third party applications, through malicious Web sites, or through manual installation by a user.

It is not memory-resident and does not drop any file.

It creates new Class IDs and other registry entries linked to this spyware's path and file name, which may be used by other spyware.

Solution: 


TREND MICRO SOLUTION

  • Minimum scan engine version needed: 7.100
      TMAPTN version needed: 198.06

MANUAL REMOVAL INSTRUCTIONS

Removing Added Keys from the Registry

  1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
  2. In the left panel, double-click the following:
    HKEY_CLASSES_ROOT
  3. Still in the left panel, locate and delete the key:
    NSUpdateLite.NSUpdateLiteCtrl
  4. In the left panel, double-click the following:
    HKEY_CLASSES_ROOT>CLSID
  5. Still in the left panel, locate and delete the key:
    {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}
  6. In the left panel, double-click the following:
    HKEY_CLASSES_ROOT>Interface
  7. Still in the left panel, locate and delete the key:
    {DA9A0B1D-9B7B-11D3-B8A4-00C04F79641C}
  8. In the left panel, double-click the following:
    HKEY_CLASSES_ROOT>TypeLib
  9. Still in the left panel, locate and delete the key:
    {DA9A0B0F-9B7B-11D3-B8A4-00C04F79641C}
  10. Close Registry Editor.

Additional Windows ME/XP Cleaning Instructions

Users running Windows ME and XP must disable System Restore to allow full scanning of infected systems.

Users running other Windows versions can proceed with the succeeding procedure set(s).

Running Trend Micro Antivirus

Download and unzip the latest spyware pattern file and scan your system. Then, delete all files detected as SPYW_NSUPDATE.A.

Details: 

Alias: Adware-Nsupdate (McAfee)

Threat Type: Other Type

Systems Affected: Windows 95, 98, ME, NT, 2000, XP

Installer Name: NSUpdate.dll

This spyware program is a component of a malware package. It may arrive on a system via third party applications, through malicious Web sites, or through manual installation by a user.

It is not memory-resident and does not drop any file.

It creates new Class IDs and other registry entries linked to this spyware's path and file name, which may be used by other spyware. This spyware places required data for the creation of other Class IDs in these registry keys:

HKEY_CLASSES_ROOT\NSUpdateLite.NSUpdateLiteCtrl

HKEY_CLASSES_ROOT\CLSID\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}

HKEY_CLASSES_ROOT\Interface\{DA9A0B1D-9B7B-11D3-B8A4-00C04F79641C}

HKEY_CLASSES_ROOT\TypeLib\{DA9A0B0F-9B7B-11D3-B8A4-00C04F79641C}
Analysis by: Mary Grace C. Gabriel

For additional information about this threat, see:
Solution

Description created: Jan 7, 2005




Tell us how we did. Take our quick survey.