Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: New Nodersok malware has infected thousands of PCs

27 Sep 2019   #1

64-bit Windows 10 Pro
New Nodersok malware has infected thousands of PCs

Thousands of Windows computers across the world have been infected with a new strain of malware that downloads and installs a copy of the Node.js framework to convert infected systems into proxies and perform click-fraud.

The malware, named Nodersok (in a Microsoft report) and Divergent (in a Cisco Talos report), was first spotted over the summer, distributed via malicious ads that forcibly downloaded HTA (HTML application) files on users' computers.

Users who found and ran these HTA files started a multi-stage infection process involving Excel, JavaScript, and PowerShell scripts that eventually downloaded and installed the Nodersok malware.

The malware itself has multiple components, each with its own role. There's a PowerShell module that tries to disable Windows Defender and Windows Update, and there's a component for elevating the malware's permissions to SYSTEM level.

But there are also two components that are legitimate apps -- namely WinDivert and Node.js. The first is an app for capturing and interacting with network packets, while the second is a well-known developer tool for running JavaScript on web servers.

According to Microsoft and Cisco reports, the malware uses the two legitimate apps to start a SOCKS proxy on infected hosts. But here is where the reports diverge. Microsoft claims the malware turns infected hosts into proxies to relay malicious traffic. Cisco, on the other hand, says these proxies are used to perform click-fraud.

Nevertheless, malware is malware, and it's not a good sign when someone gets infected, despite the output. Just like any other malware strain built on a client-server architecture, Nodersok's creators could, at any point, deploy other modules to perform additional tasks, or even deploy secondary malware payloads like ransomware or banking trojans.

Since Microsoft found the malware, Windows Defender should also be able to spot it.

To prevent infections, the best advice is that users not run any HTA files they find on their computers, especially if they don't know the files' precise origin. Files downloaded from a web page out of the blue are always a bad sign and shouldn't be trusted, regardless of extension.

According to Microsoft telemetry, Nodersok has managed to already infect "thousands of machines in the last several weeks." Most of the infections have taken place this month, and have hit US and EU-based users, the company said...

Read more:

My System SpecsSystem Spec
02 Oct 2019   #2

Windows 7 ULTIMATE (SP1)(x64)

Can't we just put these EVIL SOBs to death already... the MALWARE etc these idiots code is a blight on our brighter digital age!
My System SpecsSystem Spec
04 Oct 2019   #3

Windows 7 Professional, SP1, x86

Sounds about as Evil as Microsoft's WUDO, in Windows 10...Eh? And how about that spying B**ch Cortana?

I'd rather have any good virus, than an Un-Tweaked version of Windows 10.

I had to do a Clean Re-Install of Windows 7/Pro/x86 on my main PC, after several years of just cleaning and backing it up. Something finally got in there and was making the OS take a minute or more to just go on-line. I'm used to a boot up with full ON-Line capability, and my email on my desktop, in just ten seconds. But a minute? NO WAY Jose! Something was really WRONG!!!

In addition to re-installing Win-7, I also had to replace a faulty DVD drive, and a Dell 21" monitor that was getting really funky! The text on my desktop screen was twitching like it was electrified.

Now, I've got a beautiful little PC, that boots up in ten seconds, shuts down in just five seconds and runs like a scalded cat. And, it was so very simple..... I just backed up all my data, put in the Win-7 Install DVD and booted to it and did the install. Then I restored all my data, shortcuts, etc. After two days, I've got a NEW computer again.

The only problem with installing Win-7 and not 8.1 or ten, was that I had to provide all the drivers for the Sound, Lan, Video, USB-3 ports, etc. No Big Deal, though, because I have all those on disk.

MS Updates are shut OFF, and I've run "Never 10", so I won't be bugged to upgrade. I'm just a Happy Camper!

Cheers Mates! Sorry if I have a tendency to just Ramble on.

PS: What I've never understood, is all those who have so much trouble installing Win-7.
It's just so darned simple!!!
My System SpecsSystem Spec


 New Nodersok malware has infected thousands of PCs

Thread Tools

Similar help and support threads
Thread Forum
infected with malware help with removal
man i did a 1 quickfix deep clean with glary utlities while i was watching the folders it was cleaning and scanning i noticed the words coolwebsearch is in my pc the scan was going so fast i didnt get the chance to find out where it was in my pc??i did a folder name search with glary folder search...
System Security
Windows 7 home premium 64-bit infected with hackers,malware and more..
Hi, I really am having the worst problem! :shock: I have tried everything to fix it. I am in desperate need of assistance. I have a hacker maybe several it won't even let me download anti virus software from norton or mcafee on top of that i have a malware delta search i uninstalled it everywhere...
System Security
Thousands of EXE's and Shortcuts
I inserted my External HDD to a computer away from home and now its fille with thousands of EXE's and Shortcuts i have successfully deleted the 4065 exe files by doind a search for exe files and then sorting them to file size, the exe's had the same folder icon so i had deleted them my...
System Security
Is my computer infected with Malware? Or is this just an error?
I joined this forum a couple minutes ago because I have a serious problem with my computer. And please, if you want to explain how to fix this problem do it so that I can understand :). I am not very experienced with computers. All I know is some basic stuff like how to run games, installing stuff,...
General Discussion
Malware-infected WinRAR distributed through Google AdWords
Read the rest @ Malware-infected WinRAR distributed through Google AdWords | Zero Day |
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 15:03.
Twitter Facebook