P2P-Worm:W32/Nugg uses the file-sharing application LimeWire to download malware onto the system. It may also use other file-sharing applications to perform the downloads.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
During installation, the program drops a file with a name created using the following formula:
The program then opens the following services and disables them:
It will also load the DLLs into the following processes, provided the processes are running:
While active, the worm attempts to connect to the following domains:
If successfully connected, it will download an XML file. This file contains URLs leading to files that the worm downloads whenever the system matches certain criteria. The downloaded files are encrypted, though the encryption keys are included in the XML file. The files are malicious and include:
If LimeWire is installed on the infected system, it will be used to download the Trojan.Win32.Agent2.crv file. Other file-sharing applications may also perform this function.
During installation, the program creates the following registry key:
It also modifies the following registry key as the launchpoint