nanocore malspam Removal Guide

Do not let nanocore malspam reign inside your Windows operating system. If it has found its way in, you must remove it as soon as possible. If you are not quick, it could start spying on you and record private information using many different mediums that are further discussed in this report. The malware can be used to transfer this data to a remote server, where cyber criminals could use it to create scams, steal money, as well as come up with ways to blackmail and torture affected users. Unfortunately, deleting nanocore malspam has proven to be a challenge to most users, primarily because this threat can hide itself. Most victims are not aware of the existence of this malicious threat at all, and that is one of its greatest strengths. Hopefully, once you read this report, you will be able to detect and eliminate this malware, and, most important, protect your operating system against malware attacks in the future.

The malicious nanocore malspam is one of the many variants of the infamous Trojan.Nanocore. This Trojan was first discovered in 2012, and its malicious code was sold, reportedly, for 20 USD. The threat was created by Taylor Huddleston – known by the alias Aeonhacks – and he was arrested in 2016 for selling malware. The hacker was sent to prison for 33 months in 2018. Unfortunately, that does not mean that the malicious nanocore malspam was stopped. The malicious code could be resold or reused by cyber criminals who had already paid for it in the past. Unfortunately, the Nanocore Trojan was recognized as one of the most dangerous and sophisticated threats, and it could put victims and their personal privacy at serious risk. Once executed, this malware could take over the webcam to spy on users, record keystrokes to log passwords, usernames, and other sensitive data, capture screenshots to gather information, and even disrupt the activity of firewall and security software. Without a doubt, this is the kind of malware that users need to remove from their operating systems as soon as possible. Who is the target? Unfortunately, you might have to delete the treat even if you are not part of any organization or company, which are often the targets of RATs (remote access tools).

According to our research, spam emails are the primary distribution vessels for nanocore malspam. The phishing emails are sent to anyone whose email address is obtained. Cyber criminals cast a net as wide as possible because only a small portion of them actually fall for the scam. The launcher of the RAT is concealed using a file attachment that is presented via the misleading email message. In most cases, these files look like your regular .DOC, .PDF, or .ZIP files. Of course, in reality, they represent malicious launchers. Evidently, nanocore malspam exploits known vulnerabilities to ensure successful execution. For example, it is known that the Microsoft Equation Editor vulnerability (code CVE-2017-11882) was employed in the past. Once the original launcher is executed, the rest of the files necessary for the attack are downloaded silently. This is when the malicious RAT is supposed to start gathering data, removing or creating files, or transmitting information to and communicating with remote servers. You must not forget about that even when you remove the threat.

Was your virtual security jeopardized by nanocore malspam? If you found it, there is a chance that personal data was leaked already. Quickly delete this malicious remote access tool and then move on to change your passwords and secure your accounts. Be particularly cautious about apps and accounts that could be used to steal your money (e.g., online banking accounts). When it comes to nanocore malspam removal, you might be able to use the instructions below, but since many different variants might exist, we strongly recommend using anti-malware software instead. Install it once, and you will not need to worry about the protection of your operating system or the elimination of malicious threats again. Of course, you must not forget to update your operating system and installed software – which includes anti-malware software – to ensure that cyber criminals cannot exploit any vulnerabilities!

How to delete nanocore malspam

1. Right-click and Delete unfamiliar folders and files (.EXE and .VBS) from these locations (to access them, tap Win+E to launch Explorerand enter the path into the field at the top of the window):
   • %APPDATA%
   • %TEMP%
2. Go to %PROGRAMFILES% or %PROGRAMFILES(x86)% (depending on your Windows version).
3. Right-click and Delete a folder named IMAP Service.
4. Access Registry Editor (tap Win+R to launch RUN, enter regedit.exe, and click OK).
5. In the pane on your left move to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
6. Right-click and Delete a value named filename.vbs.
7. Empty Recycle Bin and then immediately run a full system scan using a legitimate malware scanner. If malicious threats or leftovers are found, delete them ASAP.