In 2019, a new strain of fileless malware was detected by the Microsoft Defender ATP team. The malware called Nodersok by the Microsoft team or Divergent by Cisco is capable of downloading and installing a copy of the Node.js framework and to co-opt infected computers as proxies that aid in perpetuating click frauds.
What Does the Nodersok Malware Do?
The Nodersok malware is made up of several components, each of which is has a role to play in the infection process. The first component is the PowerShell module, which performs the crucial role of disabling any anti-malware protections, including Windows Defender and Windows Update. The second component elevates the malware permissions to a SYSTEM level, a strategy that gives Noderstok free reign in the victim’s computer.
Using these attack strategies, the malware is able to zombify infected computers and turn them into proxies that can be used as relay servers designed to provide cybercriminals with unprecedented levels of access and control on infected machines.
How Do I Know That I Have the Nodersok Virus?
Detecting the Nodersok malware is no walk in the park, given how stealthy the virus can be. But there are symptoms that you can look out for. These symptoms include a reduced performance, unresponsiveness, and an explained spike in network activities. You can also monitor the processes that are running on your PC. If they are suspicious and consuming too much computing resources, follow up on their location by right-clicking to open the file location.
How to Remove Nodersok Malware
Removing the Nodersok malware is easy as the Microsoft team has already identified it as a threat and have taken measures to patch the exploits that the malware relies on to achieve its nefarious goals. Microsoft has also informed all its security partners (antivirus software vendors) of the new kid in the block. Thus, all that you need to do to get rid of the Nodersok malware is to deploy a powerful anti-malware software such as Outbyte Antivirus. You also need to download the latest Windows updates.
While the Windows updates will prevent future infections, they are not capable of removing an active one, and that is why you need to both update your device and scan it at the same time.
When using the anti-malware, it is best to run your Windows device on Safe Mode, which is a barebones version of Windows that runs only the default settings and apps. In other words, Safe Mode isolates all other apps, except Windows apps, making it far easier to troubleshoot any performance issues. Here are the steps to get to Safe Mode on a Windows 10/11 computer:
- Press the Windows Start button and navigate to Settings > Update & Security > Recovery.
- Under Advanced startup, select Restart now.
- From the Choose an Option screen that appears after your computer restarts, select Troubleshoot > Advanced options > Startup Settings > Restart.
- After your computer restarts, press F5 to select Safe Mode with Networking.
Now that you are in Safe Mode with Networking, you can use the internet to download the anti-malware.
Another utility tool that will help you get rid of the Nodersok malware is a PC repair tool. It will make it easier for you to monitor network activity on your PC. If it spikes too much, then you have a reason to suspect that something is up.
Even after cleaning and scanning your computer, you still need to use other recovery tools to make sure that the threat posed by the Nodersok malware has been dealt with completely.
Do you have a restore point on your computer? If so, you should use it to undo any problematic changes to your Windows apps, settings, system files, and configuration.
To use the System Restore option, take the following steps:
- Into the search box, type ‘create a restore point’.
- Select the first result from this search.
- On the System Properties app, go to the System Protection tab, and click System Restore.
- Choose a restore point.
- Follow the on-screen directions to complete the process.
At some point during the system restore process, you will be presented with a list of the apps, settings, and updates that will no longer be available once the system restore process is complete. Make sure that the HTA file that was used to instigate the Noderstok infestation makes it to the list.
The other recovery option that you might want to consider using is the Refresh option. It lets you reinstall Windows with the option of keeping your files and settings.
How to refresh a Windows 10/11 computer:
- Press the Windows Start button and navigate to Settings > Change PC settings.
- Click Update and Recovery, and then select Recovery.
- Under Refresh your PC with affecting your files, select Get started.
- Follow the on-screen directions to complete the process.
How to Keep Your Computer Safe from Nodersok Malware
At its peak, the Nodersok malware was able to infect millions of devices in the US and Europe. Its primary means of infiltration is through malicious ads. So, if you could avoid them by not visiting any unsecure sites or downloading email attachments from unfamiliar sources, then there you will be good.
You also need to arm yourself with an anti-malware tool because even though the Nodersok malware is easy to remove, there are many malware threats out there and you never know when they might infect your PC.
If you have any questions, suggestions or comments about Nodersok malware, feel free to post them in the comment section below.
Vic is a search engine optimization expert, helping to optimize websites to make them more user-friendly. He’s been in the industry for more than 10 years, and his work speaks a lot about his experience and expertise in the IT and digital marketing fields.
Vic is the one in charge of keeping our website running smoothly and efficiently, to make sure that our readers have a wonderful experience while visiting the website. He’s good at troubleshooting errors and fixing Windows issues that come up either when playing games or working on the computer.
Vic is a certified gadget freak who feels the need to surround himself with cutting-edge technology. And this passion has helped him a lot in creating content that informs and guides users on using and troubleshooting the latest technology. He is an avid researcher who is always hungry for the latest news and updates on the most cutting-edge technology.