Troj/Nyrubot-A is a backdoor Trojan. When run the Trojan copies itself to msgsrv32.exe in the Windows folder and ensure that the copy is run each time Windows starts by adding the following registry entry:
= <Windows folder>\msgsrv32.exe.
Troj/Nyrubot-A also sets the following registry entries :
HKCU\Software\Microsoft\Windows\CurrentVersion\from = email@example.com
HKCU\Software\Microsoft\Windows\CurrentVersion\rcpt = firstname.lastname@example.org
HKCU\Software\Microsoft\Windows\CurrentVersion\smtp = data2.centrum.cz
HKCU\Software\Microsoft\Windows\CurrentVersion\tuin = 272324532
HKCU\Software\Microsoft\Windows\CurrentVersion\time_last_msg = <number>
The Trojan allows a remote attacker to control an affected computer via IRC.
One method by which this Trojan is distributed is as follows. An email in HTML format is sent. The email attempts to link to a remote website and run a script downloaded from the website. The script creates and runs the file C:\baal.exe. Baal.exe downloads an runs the Trojan from a second website. Troj/Nyrubot-A deletes C:\baal.exe.
Help, my PC with Windows 10 won't shut down properly
Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?