x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Nurech.B

Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:Nurech.B
Technical name:W32/Nurech.B.worm
Threat level:Low
Alias:W32/Zhelatin,Trojan.Mespam,
Type:Worm
Effects:  

It ends several processes belonging to several security tools, downloads a variant of the Trojan Alanchum and registers itself as LSP (Layered Service Provider). It spreads via email in a message with an attached file.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:Feb. 13, 2007
Detection updated on:May 22, 2007
StatisticsNo
Proactive protection:
Yes, using TruPrevent Technologies

Brief Description 

    

Nurech.B is a worm that ends several processes belonging to security tools, such as antivirus programs and firewalls, among others. It also registers itself a LSP (Layered Service Provider) in order to monitor Internet traffic.

Additionally, it downloads a variant of the Trojan Alanchum into the computer, and has rootkit functionalities, which allow it to hide its own processes.

Nurech.B spreads via email in a message with an attached file that has an EXE extension.

 

Note:
LSP (Layered Service Provider) is a Windows feature that is used to listen to all the TCP/IP traffic taking place between Internet and the applications that are accessing Internet (such as the web browser, the email client, etc.).

Within this structure, a number of programs are specified. Such programs will carry out certain actions over the TCP/IP traffic; for example, it could be specified a computer security program, which analyses the traffic in search for viruses or other threats before transferring it to the final application of the traffic.

However, this structure can also be used by certain malware, in order to intercept the communication across the Internet, and, what is worse, if they are deleted without taking precautions, the Internet connection will stop working indefinitely.

Visible Symptoms 

    

Nurech.B is easy to recognize, as it reaches the computer in an email message with the following characteristics:

  • Subject: it can be one of the following:
    A Valentine Love Song
    Be My Valentine
    Fly Away Valentine
    For My Valentine
    Happy Valentine's Day
    My Lucky Valentine
    My Valentine
    My Valentine Heart
    My Valentine Sunshine
    Send Love On Valentines
    The Valentine Love Bug
    The Valentines Angel
    Valentine Letter
    Valentine Love Song
    Valentine Sweetie
    Valentines Day Dance
    Valentines Day is here again
    Valentine's Love
    Valentine's Night
    Your Love on Valentine's
  • Message: it is empty.
  • Attachment: one of the following:
    FLASH POSTCARD.EXE
    GREETING CARD.EXE
    GREETING POSTCARD.EXE
    POSTCARD.EXE