The following startup Registry keys are affected: It deletes startup key values from the Registry if they contain any of the following: The worm attempts to disable several security-related and file sharing programs.
This should also apply to network drives, but during testing the worm failed to do affect them. Files on local and removable drives (including USB memory) are also damaged. It should damage files on all drives that have a letter. When the payload is activated, the worm enumerates all logical drives and damages files on them in a loop. The payload is activated 30 minutes after the worm's file UPDATE.EXE is loaded into memory (basically 30 minutes after logon). The files' contents are replaced with a text string "DATA Error ". If the date is equal to 3 (3rd of February, 3rd of March, etc) and the worm's UPDATE.EXE file is run, it destroys files with those extensions on all available drives: Where '%Windows%' indicates the main Windows folder (usually C:\WINDOWS\) and '%System%' is the Windows System folder. It may also block keyboard and mouse input to force the user to press CTRL + ALT + DEL and log off.ĭuring the installation phase the worm copies its file to several locations: When the worm's file is run, it first opens WinZip as a decoy. The size of the main executable is about 95 kilobytes. Nyxem.E is written in Visual Basic and is compiled as p-code. The worm has the following text strings in its body: So after cleaning a computer with the F-Force utility it is recommended to scan all hard drives with F-Secure Anti-Virus and the latest updates to make sure that no infected files remain there. Besides the utility does not scan inside archives. Please note that the F-Force utility can disinfect only certain malicious programs.
PAGINA DE PANDA ANTIVIRUS ARCHIVE
This archive with the latest updates can be downloaded from these locations: The archive's name is LATEST.ZIP and it should be downloaded and put into the same folder where the F-Force utility is located. The F-Force utility needs the archive with the latest updates in order to function properly.
PAGINA DE PANDA ANTIVIRUS LICENSE
Please make sure that you read the End User License Terms document (Eult.rtf) and the Readme file (either Readme.txt or Readme.rtf) before using the F-Force utility! To unpack the archive please use the WinZip or similar archiver. readme.txt - Readme file in ASCII format.eult.rtf - End User License Terms document.
PAGINA DE PANDA ANTIVIRUS ZIP
The utility is distributed only in a ZIP archive that contains the following files: The tool can be downloaded from our web and ftp sites: F-Secure's F-Force disinfection program can be used to clear a Nyxem.E infection.
0 kommentar(er)
