1. /
  2. Security Response/
  3. Neuroquila

Neuroquila

Risk Level 1: Very Low

Discovered:
August 9, 1995
Updated:
February 13, 2007 11:33:03 AM
Also Known As:
Havoc, Wedding
Type:
Virus

Neuroquila is an infectious boot sector virus. Once a computer is infected, you can see the disk drives only when the virus is in memory. If you boot the computer from a floppy disk that does not have a virus, the drives are not accessible.

Approximately three months after infection, the virus displays the following text:

by Neurobasher Germany '93/Germany -GRIPPED-BY-FEAR-UNTIL-DEATH-US-DO-PART-

The Neuroquila virus targets the antivirus programs, ThunderByte and Central Point Anti-Virus, to attempt to prevent them from detecting the virus.



For Windows XP users only
Neuroquila is an older, boot sector virus. Norton AntiVirus has provided protection against it since 1995. There have been reports of this virus being detected on new Windows XP computers from one or more manufacturers. Although it is likely that this detection is a false positive, we have not been able to reproduce this.

In many but not all cases, this has been reported in the \Prefetch folder.

If you detect Neuroquila on a computer running Windows XP, you can delete the contents of the C:\Windows\Prefetch folder. Follow these additional steps:

NOTE: This will not harm your system. The Prefetch folder is simply a record of recently accessed files that allows frequently used files to load slightly faster. On most modern computers, this is not even noticeable. In any case, Windows will rebuild the contents of this folder.
  1. Restart the computer in Safe mode. For instructions on how to do this, read the document, "How to start Windows XP in Safe Mode."
  2. Click Start, and then click My Computer.
  3. In the right pane, double-click Local Disk (C:).
  4. In the right pane, double-click Windows.

    NOTE: If the computer has been upgraded to XP, you may need to look in the Winnt folder.

  5. In the right pane, double-click Prefetch.
  6. Click Edit, and then click Select All.
  7. Press Delete, and then click Yes to confirm.
  8. Run a full system scan.
  9. Restart the computer.


Antivirus Protection Dates

  • Initial Rapid Release version August 9, 1995
  • Latest Rapid Release version August 9, 1995
  • Initial Daily Certified version August 9, 1995
  • Latest Daily Certified version August 9, 1995
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Medium

Distribution

  • Distribution Level: Low
Note: On May 14, 2015, modifications will be made to the threat write-ups to streamline the content. The Threat Assessment section will no longer be published as this section is no longer relevant to today's threat landscape. The Risk Level will continue to be the main threat risk assessment indicator.

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report