Welcome to the Virus Encyclopedia of Panda Security.
It hides the Excel documents of the computer and makes copies of them using the same name as the original files, but with an VBS extension. It also disables applications such as the Task Manager and the Windows Registry Editor. It prevents the user from accessing the Internet through the Internet Explorer and Firefox browsers. It spreads via the mapped and removable drives.
|First detected on:||Oct. 23, 2007|
|Detection updated on:||Oct. 30, 2007|
|Yes, using TruPrevent Technologies
Nama.A is a worm that hides the Excel documents of the affected user and makes copies of them using the same name as the original files, but with an VBS extension. It also hides the file extensions so that the user is not aware that the documents are copies of the worm and runs them.
Additionally, it carries out several modifications in the Windows Registry, which prevent the user from carrying out the following actions, among others:
- Viewing the processes that are being run through the Task manager.
- Doing searches and running files in a fast and straight way, as it disables the options Search and Run from the Start menu.
- Accessing the Internet through the Internet Explorer and Firefox browsers.
Nama.A spreads making copies of itself in the mapped and removable drives.
Nama.A is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.
However, if Windows Me/98/95 is installed on your computer, an MS-DOS window is displayed with the following message: