Netbus.160.W95

The Netbus.160.W95.Trojan places a reference in the Windows registry that attempts to load the infected file when Windows starts. This file, which Norton AntiVirus (NAV) detects as Netbus.160.W95.Trojan, is usually named MyComputer.exe, but at least one variant is named Hacker411.exe.



12/3/2002 2:39:19 PM -- Joel Gerstman -- <Outsourcer> -- New Suggestion
Dec. 03, 2002 -- Customer with Win XP clean install (no upgrade from Win98) had Netbus.160.W95. She had \Winnt\keyhook.dll and
Kernei32.exe in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Kernei32.exe brings up a
Netbus.W95.Trojan keyhook.dll link on Google.com.
Kernei32.exe is also associated with the W32.Yarner.A@mm in the Security Response Write-Ups

Protection

• Initial Rapid Release version September 10, 1998
• Latest Rapid Release version August 20, 2008 revision 017
• Initial Daily Certified version September 10, 1998
• Latest Daily Certified version August 20, 2008 revision 016
• Initial Weekly Certified release date pending

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Medium
• Number of Infections: 50 - 999
• Number of Sites: More than 10
• Geographical Distribution: High
• Threat Containment: Easy
• Removal: Easy

Damage

• Damage Level: Low

Distribution

• Distribution Level: Low