Nyxem.E virus delete files payload



F-secure has some details on a dangerous payload for the Nyxem.E virus. (The Nyxem.E virus is very similar to the Email-Worm.Win32.VB.bi that was talked about earlier in the week.) In fact, this virus seems to be spreading fairly well (not the blockbuster spread of older email viruses, but it is spreading.) Anyway, according to f-secure it will on the 3rd of the month, delete all files matching the following patterns. *.doc *.xls *.mdb *.mde *.ppt *.pps *.zip *.rar *.pdf *.psd *.dmp *(on all accessible drives.)


What this means is that IF you have this virus and it’s the third of the month it will delete most all Microsoft Office formatted documents + rar’s, zips, pdf and a few other file formats. Nasty. Technically it doesn’t delete them, but overwrite their data with… “The files’ contens get replaced with a text string “DATA Error [47 0F 94 93 F4 K5]“.”

Through the process of infection it also deletes the following files…..

DAP*.dll
BearShare*.dll
SymantecLiveUpdate*.*
SymantecCommon FilesSymantec Shared*.*
Norton AntiVirus*.exe
Alwil SoftwareAvast4*.exe
McAfee.comVSO*.exe
McAfee.comAgent*.*
McAfee.comshared*.*
Trend MicroPC-cillin 2002*.exe
Trend MicroPC-cillin 2003*.exe
Trend MicroInternet Security*.exe
NavNT*.exe
Kaspersky LabKaspersky Anti-Virus Personal*.ppl
Kaspersky LabKaspersky Anti-Virus Personal*.exe
GrisoftAVG7*.dll
TREND MICROOfficeScan*.dll
Trend MicroOfficeScan Client*.exe
LimeWireLimeWire 4.2.6LimeWire.jar
Morpheus*.dll

( The * matches anything for those that don’t know…., so deleting *.dll in a folder deletes this.dll that.dll and the other.dll, without having to explicitly give a delete command for each. Think of it as “delete everything that ends with .dll” to delete *.dll)

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove BlockProtector | Removal Guide So... the tail end of last week saw another new variant in the Wini family of rogue antivirus: blockprotector. It's the successor to..... Blockscanner (blockscanner removal guide) as well as the long list of prior variants that you can find on that page. (Sorry... it's just getting to be ridiculously......
  • Workaround for the critical WMF zero-day exploit The Windows Meta File (WMF) zero-day (0-day) exploit is apparently, VERY nasty, no user intervention required (unless running firefox or opera). Just VISITING a malicous site (viewing a malicious email with image...) would be enough to get the system owned. It sounds as though a FULL reinstall is the best......
  • How to Remove PC Live Guard | PC Live Guard Removal Guide PC Live Guard is a Rogue antivirus application that typically installs on a system through aggressive advertising and fake scan sites. You will see things that pop up appearing to be a scan of your computer, but it's really just an ad pushing this product. Once the software is on......
Blog Traffic Exchange Related Websites
  • Turn Any File into an EXE with Convert to EXE If you're a geek like me, you may on occasion have run into a situation where you had a file that you needed to convert to exe. I had read a few forum posts and tutorials on how to do this with self-extracting installers, and I even managed to do......
  • 10 Easy Tips To Improve Computer Performance Many computer problems can be solved with free or low-cost products or just by using a few common sense tips to improve performance and keep your PC running for a long time.Computers often freeze or crash when one needs them the most; in the middle of an important presentation, a......
  • Installing a WordPress Blog If you want to install WordPress on your own server, the first step is to download the necessary files from the website at WordPress.org download. Next, you will use an FTP program to upload the files to your host site. If you use Cpanel, you can use Fantastico in order......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site