Nyxem
Encyclopedia : N : NY : NYX : Nyxem
Nyxem is a mass-mailing worm that spreads using remote shares. It also attempts to disable security-related and filesharing software as well as destroying files of certain types. When executed, it copies itself to the files rundll16.exe, scanregw.exe, Update.exe, and Winzip.exe.
New variants of the nyxem worm:
- W32 Nyxem.A
- W32 Nyxem.E
- W32 Nyxem.D
Nyxem.E
Nyxem.E activates on the 3rd of each month, starting in February 2006. When an infected computer is booted up on the 3rd, 30 minutes after startup, the worm replaces all document files (DOC/XLS/PPT/ZIP/RAR/PDF/MDB) with the text "DATAError [47 0F 94 93 F4 K5]"
Contrary to expectations, on the first such February 3rd, widespread reports of the worm's destructive effects never appeared. A combination of media attention and initiative by ISPs led to many users disinfecting their machines, or just not booting on the 3rd.
One of the signs that a computer is infected is that antivirus software stops working. Another is the presence of files named Winzip.exe, Update.exe and WINZIP_TMP.EXE in C:\Windows\System or C:\Windows\System32 folders.
External links
- [SANS Website] - BlackWorm Summary
- [LURHQ Threat Intelligence Group] BlackWorm Hostile Payload Scheduled to Activate Feb 3
- [CME-24 (BlackWorm) Users’ FAQ]
- [Nyxem.E at Symantec] - Detailed description of the Nyxem.E virus
- [Nyxem.E at Microsoft] - Microsoft description and detailed information on the Nyxem.E virus
- [Nyxem.E at Kaspersky Labs] - Nyxem.E detailed description and manual removal instructions
- [Nyxem.E at F-Secure] - Nyxem.E Virus Information.
From Wikipedia, the Free Encyclopedia. Original article here. Support Wikipedia by contributing or donating.
All text is available under the terms of the GNU Free Documentation License See Wikipedia Copyrights for details.