Matt’s Journal

Subscribe to me on FriendFeed TwitterCounter for @m4tt

21 Feb, 2006

The Nyxem Virus :(

Posted by: Matt In: General

One of the machines at the place I work was infected with the Nyxem virus. This is probably the worst virus I have ever encountered, to be honest I havent dealt with that many but this really holds it’s own up there.

Name
  • W32/Nyxem-D
Type
  • Worm
Side effects
  • Turns off anti-virus applications
  • Sends itself to email addresses found on the infected computer
  • Deletes files off the computer
  • Forges the sender’s email address
  • Uses its own emailing engine
  • Downloads code from the internet
  • Reduces system security
  • Installs itself in the Registry
Aliases
  • Email-Worm.Win32.VB.bi
  • CME-24
  • WORM_GREW.A
  • W32.Blackmal.E@mm
  • W32/Tearec.A.worm
  • Email-Worm.Win32.Nyxem.e
  • W32/MyWife.d@MM
  • Win32/Mywife.E@mm

As you can see it really does its best to fcuk with your systems. I had noticed when it installed itself that it tried to close all running applications, send out mass mailing from your system and disable the antivirus. Not only did it disable the antivirus, it damn-well deleted the executable file of it aswell!

OK, so it running rampage throughout the system. I go into regedit and search for the value scanregw (which names itself “Scan Registry” in the registry). This is the file that boots on startup and makes your life a living hell. Once that is deleted, its a simple sweep for virii and the files are deleted.

Is that it? No.

The virus also sends itself to email address in your contacts and ones it can find in text files on your computer. It creates at least 7 copies of the infected .exe on network shares (being in a company this is very very dangerous and of course easy to do when you use the shares daily).

So now it is deleted, the virus scanner is clearing up the rest of the shares and I can breathe a sigh of relief. If you need help, I will write a page on how to delete the virus from your system.

Peace.

Share and Enjoy:
  • Mixx
  • Digg
  • StumbleUpon
  • Technorati
  • del.icio.us
  • Furl
  • Ma.gnolia
  • Reddit
  • Facebook
  • TwitThis

4 Responses to "The Nyxem Virus :("

1 | Skudd

February 21st, 2006 at 3:24 pm

Avatar

That’s just a common virus. Get some experience with them and you’ll become a master at cleanups. :)

2 | nabiy

February 23rd, 2006 at 12:49 am

Avatar

what did the user have to say?

usually after that kind of incident i talk to the user about safe email / computing practices and explain the impact of the virus to them. - nabiy

3 | matt

February 23rd, 2006 at 12:32 pm

Avatar

I am still trying to determine how we were infected. Two other users had dormant files on their computers also.

As it goes I am not the I.T guy, I am no supposed to be doing this sort of work. Because our I.T people are 150 miles away, I end up being respected by my directors because they would be f**ked without my assistance.

4 | nabiy

February 27th, 2006 at 3:06 am

Avatar

haha you are so doomed!

i started out as ‘not the IT guy’ at my place but it quickly became one of my collateral duties and now it has my main role.

Comment Form

Categories

Archives

Search


  • slackux: Problem with using the transcoder is that it uses the DirectShow platform to decode. Essentially, if you cannot play the video in Windows Media Playe
  • Matt: I'm in Northern Ireland, and the only Barclays nearby is in Belfast city centre. I don't drive, so I have to take half a day off work just to go to th
  • Matt: Thanks man!

Locate Me

Delicious  Digg  FriendFeed  Last.fm  LinkedIn  Mixx  MyBlogLog  StumbleUpon  Picasa  Plurk  Google Reader  

Add Me On Xbox Live


Copyright © 2007 Matt’s Journal is proudly powered by WordPress

Fervens - C Theme is created by: Design Disease brought to you by Smashing Magazine