Win32.Nucleroot
Win32.Nucleroot is a rootkit Trojan. It is able penetrate a system secretly and will hide its processes, registry entries, network connections. It is very difficult to detect. This malware was most likely contracted through an infected e-mail. This is the most common way that it will distribute itself. It will exploit vulnerabilities in your Windows system and take full advantage.
AKA:
Troj/Nucleroot-C,
Backdoor.Nucleroot.C,
BKDR_NUCLEROOT.C,
Win32/Nucleroot.C,
Nucleroot.C Backdoor,
Backdoor.Win32.Nucleroot.C,
Backdoor.Win32.Nucleroot.z,
Generic.dx,
Mal/Generic-A,
Trojan-Dropper.Agent
Related Files:
c:\WINDOWS\nkit.dll,
c:\WINDOWS\shdef.exe
Recommended Action:
Remove at once.
For manual removal of Win32.Nucleroot, you should go into the Registry (regedit) and delete:
1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion “shitbit”
data: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “shdef” data: C:\WINDOWS\shdef.exe
Then you will need to delete the following files:
c:\WINDOWS\nkit.dll Size: 44,544 bytes
c:\WINDOWS\shdef.exe Size: 27,648 bytes (or any other file with this size)
To remove automatically, you can try ZookaWare PC Cleaner, the spyware remover. ZookaWare PC Cleaner is a professional anti-spyware application that guarantees to rid your system of all spyware or your money back. Unlike many programs out there, ZookaWare PC Cleaner offers a free scan and will then work to eliminate all spyware. For fast and effective removal, try a trusted program that works.
Cyberlab runs on Windows Vista, 7, 8 and 10. It has no ads, popups or bundled software and fully uninstalls by clicking Start > All Programs > select Cyberlab and click Uninstall.