«
»

Nyxem.E virus delete files payload



F-secure has some details on a dangerous payload for the Nyxem.E virus. (The Nyxem.E virus is very similar to the Email-Worm.Win32.VB.bi that was talked about earlier in the week.) In fact, this virus seems to be spreading fairly well (not the blockbuster spread of older email viruses, but it is spreading.) Anyway, according to f-secure it will on the 3rd of the month, delete all files matching the following patterns. *.doc *.xls *.mdb *.mde *.ppt *.pps *.zip *.rar *.pdf *.psd *.dmp *(on all accessible drives.)


What this means is that IF you have this virus and it’s the third of the month it will delete most all Microsoft Office formatted documents + rar’s, zips, pdf and a few other file formats. Nasty. Technically it doesn’t delete them, but overwrite their data with… “The files’ contens get replaced with a text string “DATA Error [47 0F 94 93 F4 K5]“.”

Through the process of infection it also deletes the following files…..

DAP*.dll
BearShare*.dll
SymantecLiveUpdate*.*
SymantecCommon FilesSymantec Shared*.*
Norton AntiVirus*.exe
Alwil SoftwareAvast4*.exe
McAfee.comVSO*.exe
McAfee.comAgent*.*
McAfee.comshared*.*
Trend MicroPC-cillin 2002*.exe
Trend MicroPC-cillin 2003*.exe
Trend MicroInternet Security*.exe
NavNT*.exe
Kaspersky LabKaspersky Anti-Virus Personal*.ppl
Kaspersky LabKaspersky Anti-Virus Personal*.exe
GrisoftAVG7*.dll
TREND MICROOfficeScan*.dll
Trend MicroOfficeScan Client*.exe
LimeWireLimeWire 4.2.6LimeWire.jar
Morpheus*.dll

( The * matches anything for those that don’t know…., so deleting *.dll in a folder deletes this.dll that.dll and the other.dll, without having to explicitly give a delete command for each. Think of it as “delete everything that ends with .dll” to delete *.dll)

Popularity: 1% [?]

Create PDF    Send article as PDF   
Blog Traffic Exchange Related Posts
  • How to Remove Personal Security | Personal Security Removal Guide Personal Security is a rogue antivirus application that comes from the same (dreaded) family as the Cyber Security rogue. It usually installs on the users computer without the permission of the computer user. Once installed on the system it will then perform supposed scans finding lots of virus infected files......
  • How to Remove BlockProtector | Removal Guide So... the tail end of last week saw another new variant in the Wini family of rogue antivirus: blockprotector. It's the successor to..... Blockscanner (blockscanner removal guide) as well as the long list of prior variants that you can find on that page. (Sorry... it's just getting to be ridiculously......
  • How to Remove Antivir | Antivir Removal Guide Antivir is a rogue antivirus application that is pushed through web site popup ads on unsuspecting users. Basically in web browsing you may see a popup claiming that your computer is infected and you should run a malware scan. Clicking to proceed will probably show an animation of a scan......
Blog Traffic Exchange Related Websites
  • Women's Fragrance Trend – Bakery Fresh Scents Have you ever walked into a local bakery and been overcome with the wonderful aromatics? Imagine standing in line while looking at all the baked goods that line the shelves just waiting to be tasted. Now think about these same scents only used as women's fragrance. Yummy and decadent! Bakery......
  • Download any .dll file that is Missing in Your Computer Well Folks, some of you might be facing problems related to .dll files. You can download missing .dll files from sites given below: DLL-files.com - Download all your missing dll-files. DllDump - free dll files. download dll files you need immediately! InfDump.com - download inf files you need immediately! OcxDump.com......
  • Threat Outbreak Alert: Fake Bin Laden Pictures E-mail Messages on May 13, 2011 Source: Security Intelligence Operations Cisco Security Intelligence Operations has detected significant activity related to Portuguese-language spam e-mail messages that claim to contain  pictures of Osama Bin Laden  The text in the e-mail message instructs the recipient to open a .zip attachment to view the pictures.  However, the .zip attachment contains a......

Similar Posts


This entry was posted on Friday, January 20th, 2006 at 8:29 pm and is filed under Computers, Security, Viruses. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.

Switch to our mobile site