1. Symantec/
  2. Security Response/
  3. Neuroquila


Risk Level 1: Very Low

August 9, 1995
February 13, 2007 11:33:03 AM
Also Known As:
Havoc, Wedding

Neuroquila is an infectious boot sector virus. Once a computer is infected, you can see the disk drives only when the virus is in memory. If you boot the computer from a floppy disk that does not have a virus, the drives are not accessible.

Approximately three months after infection, the virus displays the following text:

by Neurobasher Germany '93/Germany -GRIPPED-BY-FEAR-UNTIL-DEATH-US-DO-PART-

The Neuroquila virus targets the antivirus programs, ThunderByte and Central Point Anti-Virus, to attempt to prevent them from detecting the virus.

For Windows XP users only
Neuroquila is an older, boot sector virus. Norton AntiVirus has provided protection against it since 1995. There have been reports of this virus being detected on new Windows XP computers from one or more manufacturers. Although it is likely that this detection is a false positive, we have not been able to reproduce this.

In many but not all cases, this has been reported in the \Prefetch folder.

If you detect Neuroquila on a computer running Windows XP, you can delete the contents of the C:\Windows\Prefetch folder. Follow these additional steps:

NOTE: This will not harm your system. The Prefetch folder is simply a record of recently accessed files that allows frequently used files to load slightly faster. On most modern computers, this is not even noticeable. In any case, Windows will rebuild the contents of this folder.
  1. Restart the computer in Safe mode. For instructions on how to do this, read the document, "How to start Windows XP in Safe Mode."
  2. Click Start, and then click My Computer.
  3. In the right pane, double-click Local Disk (C:).
  4. In the right pane, double-click Windows.

    NOTE: If the computer has been upgraded to XP, you may need to look in the Winnt folder.

  5. In the right pane, double-click Prefetch.
  6. Click Edit, and then click Select All.
  7. Press Delete, and then click Yes to confirm.
  8. Run a full system scan.
  9. Restart the computer.

Antivirus Protection Dates

  • Initial Rapid Release version August 9, 1995
  • Latest Rapid Release version August 9, 1995
  • Initial Daily Certified version August 9, 1995
  • Latest Daily Certified version August 9, 1995
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube