Nyxem worm READ ASAP Everyone!

[.DareDevil.]

F Secure and Symantecjust released News on TV about a new worm that can cause major infection to your sytem and screw it up on alot of stuff.No antivirus yet can block it but the patch symantec and F Secure have provided to prevent it from infecting you!The Worm will strike at MidNight tonight not EST time i think it was.

So download this patch and pass this on!

Article from F Secure
As we warned before, the payload of Nyxem.E worm will activate tomorrow, on February 3rd, 2006 on all infected computers that have their clock set correctly.

We made a few additional tests with the worm in our test network environment. When the payload is activated, the worm enumerates all logical drives and damages files on them in a loop. So it should damage files on all drives that have a drive letter, including network drives. That's the theory. In practice, however, the worm failed to do so on network drives, at least in our test environment. Files on local and removable drives (including USB memory) were damaged by the payload.

Read more at link below
http://www.f-secure.com/weblog/

More News on it
http://www.f-secure.com/news/items/n...06020100.shtml

and

How to prevent it and fix it
http://www.f-secure.com/v-descs/nyxem_e.shtml

[Steve]

oooh nice


If the worm detects any of the registry values listed below on the victim machine, it will delete them:

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
APVXDWIN
avast!
AVG7_CC
AVG7_EMC
AVG7_Run
AVG_CC
Avgserv9.exe
AVGW
BearShare
defwatch
DownloadAccelerator
kaspersky
KAVPersonal50
McAfeeVirusScanService
NAV Agent
OfficeScanNT Monitor
PCCClient.exe
pccguide.exe
PCCIOMON.exe
PccPfw
Pop3trap.exe
rtvscn95
ScanInicio
SSDPSRV
TM Outbreak Agent
tmproxy
Vet Alert
VetTray
vptray
NPROTECT
ccApp
ScriptBlocking
MCUpdateExe
VirusScan Online
MCAgentExe
VSOCheckTask
McRegWiz
CleanUp
MPFExe
MSKAGENTEXE
MSKDetectorExe
McVsRte

The worm also terminates active applications if the application name contains one of the following strings:

kaspersky
mcafee
norton
removal
scan
symantec
trend micro
virus
fix

It will delete all files from the following folders:

%ProgramFiles%\DAP\*.dll
%ProgramFiles%\BearShare\*.dll
%ProgramFiles%\Symantec\LiveUpdate\*.*
%ProgramFiles%\Symantec\Common Files\Symantec Shared\*.*
%ProgramFiles%\Norton AntiVirus\*.exe
%ProgramFiles%\Alwil Software\Avast4\*.exe
%ProgramFiles%\McAfee.com\VSO\*.exe
%ProgramFiles%\McAfee.com\Agent\*.*
%ProgramFiles%\McAfee.com\shared\*.*
%ProgramFiles%\Trend Micro\PC-cillin 2002\*.exe
%ProgramFiles%\Trend Micro\PC-cillin 2003\*.exe
%ProgramFiles%\Trend Micro\Internet Security\*.exe
%ProgramFiles%\NavNT\*.exe
%ProgramFiles%\Morpheus\*.dll
%ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus Personal\*.ppl
%ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus Personal\*.exe
%ProgramFiles%\Grisoft\AVG7\*.dll
%ProgramFiles%\TREND MICRO\OfficeScan\*.dll
%ProgramFiles%\Trend Micro\OfficeScan Client\*.exe
%ProgramFiles%\LimeWire\LimeWire 4.2.6\LimeWire.jar

All of this actions make the victim machine more vulnerable to subsequent attacks.

It may also download updates to itself via the Internet, without the knowledge or consent of the user.

It will also block the mouse and the keyboard.

On the 3rd of each month, 30 minutes after the victim computer is rebooted, the worm will rewrite files with the following extensions:

.doc
.xls
.mdb
.mde
.ppt
.pps
.zip
.rar
.pdf
.psd
.dmp

[Hellfighter]

if you have Nero 6 it come with Hard drive back up count how much is on the hard drive, but it backup everything to ether a Cd or a DVD, my case i don't have much but it will backup everything to 3-DVD-RW for me. if it crazy or go bad i can restore them back in. has a auto backup option too.

now if you have a small Hard drive around 40GB Norton has go back don't work with DDO system but all other it will.

my is DDO it a boot-up format i am using.

don't matter how big your Drive it if it 40-400GB it will back it up, only thing is how many Cd's DVDs RW you have that is needed to be use.

it come with Nero 6 bundle software, so if you got a new Cd/DVD writer for your system it already instill.

the cheaper way is unplug your tower before 24:00hr (12pm) leave it unplug. leave it off for the whole night!! on sat-day plug it back-in in this way it can't do damage at all, timer has pass of this worm.

if you leave the system on all night long and this worm some how did get it, it will start to delete files in the back ground without you knowing about it.

PS if it says to click-on image file of some type the file maybe like this Dog.jpg but in reality it is really like this dog.exe.jpg so when you click-on it it get instill, not limited to exe,zip,RNR....ect thats how these virus get into system, most e-mail programs don't look for combo exemption in a file application type.

[Mstenger404]

no matter, i got about 120 empty dvds laying around that i dont know what to do with

[Hellfighter]

sound good you can have some thing to use them for, it counts how much is on the Hard drive vs how many DVD or Cd you need to use it will let you know many is needed, so if you need more go out buy some more, me i don't have much at lease i going out friday get 3-new DVD-RW to use anyways.

this hacker is a really *sshole to make this crap up, i think he must really hate the whole freaking would.

[.DareDevil.]

I recommend that everyone do a daily scan till F-Secure/other Anti Virus Software places find a way for every Anti-Virus to block it?

You might even want to download there Virus Scanner Trial like they recommend!

Be sure you download the F-Force and Latest Update.ZIP/Latest.ZIP for the updates required to scan your computer.

[BeBop]

I dont trust symantec I feel pretty safe.

Edit: My virus company has had a fix for it... I dunno why Symantec / F-secure would say there the only ones :P

YAY for Computer Associates

[.DareDevil.]

Well the virus if u read is targeting all the AV places and F-Secure has the only way to fix it at the moment cause they made the fix for it.AV Developers will probaly be adding the fix into there systems ASAP though!BeBop if you want your computer messed up then dont do it.

[Jeff]

Well, i'll be keeping an eye out for it.

[Scattergun]

today is the second so if i get off at 9 Cst (10 Est ) i should be ok

and by Unplug u mean unplug Network Cables or just turn off system??????


last time a worm like this hit i did what they said to do to protect it and hey guess what Boom my pc is gone bout 2 ish yrs ago i think

[.DareDevil.]

Unplugging your stuff wont help cause theres no telling how long it will be on loose getting passed around so when you plug it back up you have a chance of getting it when online or anything or by email so miseawell use the F-Force till they get it tied in with other AV places!

[BeBop]

Why would I use F-force when my own anti-virus company that i use has a fix for it? you honestly think they're the only ones out there that are able to fix this? i've already got my defs up to date -

[Mstenger404]

my pc got 2 hours to live, how many do your guys have

[.DareDevil.]

We will see im saying it may be good to use both i know i mnot going to be stupid not too when i rather be safe than sorry in case my AV didnt have it up to date.You dont know for a fact it will protect you against this cause heck dude it just hit and im not saying your AV doesent have it but they may have to add it in there databases which isnt a 1 minute thing to add it.So i am going to be smart and use it for a week or 2 till i make sure Avast has it.

[Mstenger404]

ok, now my pc has 4 hours to live

[Hellfighter]

they been saying on the news that make a backup on all your files and hard drive, in case virus do anything, better be safe then sorry later.

all should keep your anti-virus programs up to date and make back up's at lease once every week of your system or Hard drive. better be safe then sorry some virus are not known to it hit some one system.

as for unplug your system yes turn it off and unplug any network you have connected, wait 24hrs later turn it on by this time virus no longer active. they go off like a time bomb by your system clock. Friday at midnight (24:00hr) the virus will be active. satday 12:01am (00:01hr) should be ok to turn it on if you can backup or don't really care then leave it on hope to god no one open a e-mail last 3wks that it got into your system without you knowing about.

you have till 11:59Pm friday to get your system cover for.
1.) backup your Hard drive!
not system restore will not do it ether it will only load system files back in and will not reload files or programs back in, if anything it load back in the virus.

2.) get a anti-virus program that will do boot scan of hard drive and keep it update.

if you find any virus and you remove it and system restore is enable disable it then reboot then back to desktop re-enable it then only. it keep a copy of the file in restore folder this is the only way to remove all item in system restore folder.

Windows Xp you can disable it from desktop after re-enable it that easy

[Steve]

looks like F Secure are just making a big deal to sign up more customers. Nyxem.E was detected and added to definitions almost 3 weeks ago

[SilentTrigger]

Dont have to sign up to get it though.
But they do get free publicity though

One tip. Dont open or download any files or go to weird sites and you will probebly never have any problem

[Mstenger404]

im not afraid of some worm that can out do the latest anti-virus equipment, if my pc goes splat then i'll tell my dad to get a new one .

[Erik]

I swear to god I think this was a hoax...