Nettraveler is a cyber-threat to the computers. It is an infection with high risk and capability to collapse the entire system, within no time. The intruder interferes into the system, steals significant and sensitive information, and reports this information to its users. It usually skins with frequently used applications or Windows processes to hide from security shields. The main area under its attack is Windows Registry database.
Causes of Intrusion
As stated earlier, Nettraveler has the property to affiliate with authentic elements; that does not mean it is unstoppable. There are certain known ways, through which, Nettraveler finds a way into your PCs. One of the loop holes is the out-dated security solutions that lack the latest and necessary patches. It is always recommended to set a strong PIN for the administrator, as it is authorized to modify major settings of a PC. A weak administrator password may not defend, and give up against a merely stronger threat. Another source of Nettraveler is a very common one, that is, the Removable Drives. Auto-play enabled structure for the removable drives lets a threat to load, as soon as it is connected to the PC.
What does it Do?
First of all, Nettraveler takes over entire system session, through the legitimate processes of Windows. These processes, specifically are, explorer.exe and svhost.exe, which make the dispersion quite easy for it. It then replicates itself within the directories and folders of the partition, where Windows is set up. Being specific, these locations usually are, Internet Explorer, Movie Maker, Application Data, Temp, and System. Nettraveler exists within these named folders with a random unusual name and .dll extension. Afterwards, it disables the services which may intimidate itself. These services are BITS (Background Intelligent Transfer Service), wuauserv (Windows Automatic Update Service), browsing to the sites that may link to a tool that can terminate such kind of infection. Nettraveler is then connected to its developer’s domain to download the latest of its kind.
Note: Nettraveler acquires access to the Windows Registry database, where it locates and deletes the SafeBoot registry key. This makes your system unable to go to the Safe Mode.
Steps to eliminate Nettraveler
- Go to the Task Manager
- Access and stay on the Processes tab
- Locate and End the following items, in the list of running processes
- Open Run box, type ‘regedit’, and hit Enter to open Windows Registry Editor
- In the left panel of Registry Editor, navigate to and delete the following keys
SOFTWARE Classes [NetTraveler]IEHelper.DNSGuardCurVer
SOFTWARE Classes [NetTraveler]IEHelper.DNSGuardCLSID
SOFTWARE Classes [NetTraveler]IEHelper.DNSGuard
SOFTWARE Classes [NetTraveler]IEHelper.DNSGuard.1
- Close Registry Editor, and Restart your System
Once your PC is out of trouble, it is recommended to run a Virus Scan over your directories to identify and terminate any still-existing threats. As a precaution, always keep your security solution applications up-to-date; always use safe free registry cleaner to keep your Windows Registry database free of errors and invalid entries; disable Auto-play feature, if not necessary, in case of constant use of removable devices.