We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Win32/NukeSped
Aliases: W32/Wiper.AWHZ-7137 (Command) BKDR_WIPALL.B (Trend Micro) W32/Wiper.MRHI-3910 (Avira) Win-Trojan/Destroyer.268579 (AhnLab)
Summary
Windows Defender detects and removes this threat.
This threat can install other malware on your PC, including Trojan:Win32/NukeSped.B!dha and Trojan:Win32/NukeSped.C!dha. It can show you a warning message that says your files will be made publically available if you don't follow the malicious hacker's commands.
We have seen this threat used in targeted attacks against specific enterprises.
Use the following free Microsoft software to detect and remove this threat:
- Microsoft Defender Antivirus for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista
- Microsoft Safety Scanner
You should also run a full scan. A full scan might find hidden malware.
Repair your Master Boot Record - run the Bootrec.exe tool
This threat makes changes to your Master Boot Record (MBR). To repair the MBR you might need to run the Bootrec.exe tool using Windows installation media.
You can read more about the Bootrec.exe tool in the Use Bootrec.exe in the Windows RE article.
Before you begin:
You will need to use Windows installation media to run the Bootrec.exe tool. If you don’t have Windows installation
media, you might have to create it.
- For Windows 8.1, see the Create installation media article.
- For Windows 7, see the Installing and reinstalling Windows article.
To run the Bootrec.exe tool in Windows 8.1:
- Put your Windows 8 media in the DVD or USB drive and restart your PC.
- Select a language, time and currency, and keyboard or input method, and then click Next.
- Click Repair your computer.
- Click Troubleshoot, then Advanced options.
- Click Command Prompt and then type Bootrec /FixMBR and then press Enter.
- Type Exit and the press Enter.
- At the Choose an Option screen click Continue.
- Remove the Windows 8.1 media from your drive and restart your PC.
To run the Bootrec.exe tool in Windows 7:
- Put your Windows 7 media in the DVD or USB drive and restart your PC.
- Press any key when you are prompted.
- Select a language, time and currency, and keyboard or input method, and then click Next.
- Click Repair your computer.
- Select the operating system that you want to repair, and then click Next.
- In the SystemRecovery Options dialog box, click Command Prompt.
- Type Bootrec.exe / FixMBR, and then press Enter.
- Remove the Windows 7 media from your drive and restart your PC.
Get more help
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
If you’re using Windows XP, see our Windows XP end of support page