nanocore malspam Removal Guide

Do you know what nanocore malspam is?

If you have recently opened a weird file attachment sent via email, there is a good chance that nanocore malspam has entered your Windows operating system. Also known as Trojan.Nanocore, it is a remote access tool (RAT) that was created to take control over the system and build a botnet. A botnet is sort of a collection of infected systems that, later on, can be used to perform massive attacks using the combined resources. The infamous Nanocore Trojan has been around since 2012/2013, and it is sold to anyone interested. Depending on the source, the price appears to be ranging from $20-$25. Due to this, there is a range of different versions and scales of this malware. That makes researching and removing nanocore malspam much more difficult. That being said, we hope that the data presented in this report and our removal tips will assist you.

The malicious nanocore malspam is spread using phishing emails. Now, who would open them? In fact, it is easy to fall for the scam because cyber criminals know how to create believable and attractive emails that simply call for action. In one example, the email set up to spread the RAT urged the recipient to confirm an order. Attached to the email was a file with a Word Document icon. In reality, it was an RTF file. In other examples, we have seen nanocore malspam being delivered using EXE files within ZIP archives, as well as fake PDF files with an embedded JavaScript. In most cases, the files are successfully executed by exploiting known vulnerabilities, such as the Microsoft Equation Editor vulnerability (CVE-2017-11882). It has been exploited by RokRAT, LokiBot, FormBook, and other threats too. Obviously, if you do not remove the file before the execution, you are doomed to be exposed to the RAT.

According to researchers, once the vulnerability is detected, nanocore malspam is executed, and a copy is created too. In one example, the copy was created in the %APPDATA% directory. The RAT created a bunch of files and modified the Windows Registry to accommodate itself. Using the plugins this malware employs, it can log keystrokes and mouse clicks, record video via webcam, as well as capture screenshots to spy on users and, potentially, steal highly sensitive, even classified information. nanocore malspam can also download and delete files, edit the Registry, modify the Firewall, and, basically, make a joke out of victims’ virtual security. Without a doubt, it is crucial to ensure that your operating system is always protected and that you yourself start acting cautiously the moment you turn on your computer.

Although the author of the malicious Nanocore Trojan has been caught and is now serving prison time, new variants of the RAT keep emerging, and that is unlikely to be stopped any time soon. If you have opened a strange spam email recently, you need to scan your operating system immediately to check if you need to delete nanocore malspam. If you do, we suggest installing an anti-malware program that would keep your system safe and that would automatically remove the RAT itself. So, what will you do? If you need to ask us questions or you require assistance, the comments section is open.

Remove nanocore malspam

  1. Launch Explorer by tapping Win+E keys.
  2. Enter %APPDATA% into the field at the top to access the directory.
  3. Delete unfamiliar .EXE and .VBS files, as well as unfamiliar folders.
  4. Enter %TEMP% into the field at the top and repeat step 3.
  5. Enter %PROGRAMFILES% (or %PROGRAMFILES(X86)%) into the field at the top.
  6. Delete a folder named IMAP Service.
  7. Launch RUN by tapping Win+R keys.
  8. Type regedit.exe and click OK to launch Registry Editor.
  9. Navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
  10. Delete the value called filename.vbs.
  11. Close all windows and then Empty Recycle Bin.
  12. Install a reliable malware scanner and run a full system scan to check for leftovers.

In non-techie terms:

You need to remove nanocore malspam from your operating system if it has managed to slither in because the security of your entire system and your own virtual security could be greatly affected by this remote access tool. It is best to delete the infection using anti-malware software because it can also produce full-time protection in the future, and that is incredibly important for your safety. Another option is to delete the threat manually, but since there are many different variants of it, we cannot guarantee that you will succeed or that the guide above will be relevant to you. In the future, if you want to evade nanocore malspam, make sure you are extra cautious about spam emails. Also, it is crucial that you install updates and secure your system (another reason to install anti-malware software) to ensure that no backdoors exist and can be exploited by cyber criminals.