Click on screenshot to zoom
Danger level 9
Type: Trojans
Common infection symptoms:
  • Connects to the internet without permission
  • Shows commercial adverts
  • Strange toolbar installed without Your permission
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer

Trojan.Nebuler

Trojan.Nebuler is wreaking havoc on many PCs. This particularly malicious application usually infiltrates a system through security exploits or via dubious means, which further facilitate the download and ultimate installation of additional malicious applications. This Trojan is known to download adware, spyware or other malware from various servers and sources on the internet. This infection is regarded as a high security risk to any PC system; therefore, you need to immediately remove it from your computer if had been detected. Important to bear in mind is the fact that the Trojan regularly carries out covert downloads onto computers, including rogue security programs. You need to delete Trojan.Nebuler from your system immediately. If you do not, it will open illicit network connections, self-mutate, potentially disable the already installed security software, and install additional malware.

According to our research, one of the versions of this malicious Trojan, Trojan:Win32/Nebuler.K, can download files into the TEMP folder from remote servers using a silent connection. This infection can connect to oberaufseher.net or savesoft.net and download password-stealing malware, such as PWS:Win32/Ldpinch.gen. Needless to say, the main goal for Trojan.Nebuler here is to open a security backdoor for other infections to come in, and, unfortunately, all of this might happen without your notice. Whether you discover this Trojan identified by Trojan.Nebuler!gen1, Backdoor.Eterok.B, or any other name, it is most likely that it will attempt to install more malicious programs. Needless to say, the more malicious threats corrupt your operating system, the more complicated the removal process will be. Of course, it is crucial that you are aware of all threats before you jump to the removal, especially if you have decided to eliminate malware manually.

Besides downloading malware, Trojan.Nebuler is also known for leaking information about compromised systems. This malicious threat has been found to leak information about hardware and your activity to here4search.biz, smart-security.biz, and content.jdial.biz. Considering that password-stealing malware could be downloaded by this Trojan, it is possible that silent connections will be used to leak your personal information. Unfortunately, this could be used to hijack your virtual accounts and steal your virtual identity. Needless to say, if this happens, schemers have endless possibilities. They can send spam emails with malware installers to your friends, and they can flood your social networking profiles with corrupted links. Due to this, once you remove this Trojan, it is wise to change the passwords of your most sensitive accounts just to make sure that schemers cannot attack in the future.

It is possible for Trojan.Nebuler to create a mutex called "m3d5rt10." Using this feature, the Trojan avoids infecting the same machine twice. Speaking of the components of this infection, our researchers have found that it uses multiple DLL files (e.g., msiuyn32.dll, msicfh32.dll, winyzz32.dll, and winkmu32.dll) that have random names. Malware can use DLL files to inject malicious code, perform hooking techniques, etc. This Trojan also runs a few executables that, as we have found, use the names of files that belong to authentic software. PlusShell.exe is a Trojan file that uses the name of a file created by Zeon International Investment Corp. SecCenter.exe is another malicious file whose name was taken from a file that belongs to a legitimate security tool. This method is used to conceal malware and make it more difficult to delete it. Needless to say, if you attempt to delete these files, make sure that they are the malicious ones.

The removal of malware is never easy, and Trojans capable of concealing themselves are particularly difficult to eliminate. Of course, it is possible to remove Trojan.Nebuler, and every user dealing with this malicious threat needs to get rid of it as soon as possible. It is difficult to remove one Trojan, but what if your operating system is infected with other malicious infections? In that case, you need to be very careful about the steps you make. If you waste time trying to delete malicious components one by one, it is likely that you will suffer the consequences of malicious activity. We advise manual removal only if you know what to do, and you are sure you can successfully perform all tasks. In that case, use the list below to see which files and registries require removal. If you are not as confident, use automated malware removal software.

Download Spyware Removal Tool to Remove* Trojan.Nebuler
  • Quick & tested solution for Trojan.Nebuler removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Trojan.Nebuler

Files associated with Trojan.Nebuler infection:

winkmu32.dll
PlusShell.exe
msiuyn32.dll
msicfh32.dll
msinzh32.dll
msiecb32.dll
msiyjn32.dll
msiqkd32.dll
msicqd32.dll
msinvu32.dll
winwvw32.dll
winyzz32.dll
winkmu32.dll
winowl32.dll
winbfi32.dll
winepi32.dll
winrvc32.dll
wineak32.dll
SecCenter.exe

Trojan.Nebuler DLL's to remove:

winkmu32.dll
msiuyn32.dll
msicfh32.dll
msinzh32.dll
msiecb32.dll
msiyjn32.dll
msiqkd32.dll
msicqd32.dll
msinvu32.dll
winwvw32.dll
winyzz32.dll
winkmu32.dll
winowl32.dll
winbfi32.dll
winepi32.dll
winrvc32.dll
wineak32.dll

Trojan.Nebuler processes to kill:

PlusShell.exe
SecCenter.exe

Remove Trojan.Nebuler registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\wineak32
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\winepi32
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\winkmu32
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\winyzz32
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winowl32
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winbfi32
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY\Software\Microsoft\Windows NT\C
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.