• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs

Not what you are looking for? Ask the experts!

This forum thread needs a solution.

malware/ransomware detection for nsis installers

I just saw an article here ( https://blog.barkly.com/nsis-installer-ransomware-attacks ) that mentions a wave of attacks starting from last December, that could evade detection:

Based on what Microsoft has observed so far, these updated NSIS installers are being used in campaigns delivering the following ransomware:

  • Cerber
  • Locky
  • Teerac (aka Crypt0L0cker)
  • Crowti (aka CryptoWall)
  • Wadhrama
  • Critroni (aka CTB-Locker)

I am NOT infected, but I Just want to know if my NIS version will help detect any rogue NSIS based activity, or should I add an Anti-Ransomware layer (such as MalwareBytes)??

[Edited NSIS to NIS]



Re: malware/ransomware detection for nsis installers

Hi td47,

Some observations:

What are NSIS installers?

Short for Nullsoft Scriptable Install System, NSIS is an open source system that software developers have been using for years to create installers for their applications.

It is not NSIS version as you appear to think it is.  You may be running NIS or even NS, but NSIS is not referring to your Norton product.

Below is a list of NSIS users and Norton/Symantec does not appear on it:


In regards to MBAM, the free version is an excellent option for a secondary on demand scanner.


Re: malware/ransomware detection for nsis installers

Hello @Yank - sorry I did not realise I had made a stupid typo in my original post - I had used NSIS for my Norton Product name as WELL as the issue I was asking about. It should have read NIS of course (can an admin edit that for me please - I do not see an edit link).

I DID read up about NSIS installers and DID read the article before creating the thread.

What I am asking, is if my current NIS ( will protect me from the issues as described in depth here: http://blog.deepinstinct.com/2017/03/20/ransomware-installation-method-using-nsis-installer/

I do actually run MBAM 3.3.1 as well as NIS (but it has dropped from the trial to the free version, thus losing the 4 premium features of Real-Time Protection, including a Ransomware module), hence my concern, and starting the thread to ask. If NIS will protect me, then I won't have to pay for the MBAM premium as well (and it works out more expensive than NIS per yearly subscription).

This thread is closed from further comment. Please visit the forum to start a new thread.