Virus Nyxem (MyWife, Blackmal)
Virus Nyxem is a mass-mailing worm that emails itself to all the contacts in MSN Messenger,
Yahoo Pager, and email addresses found in the files with the .htm or .dbx extensions.
The worm uses Windows Media Player to mask its malicious intentions and attempts to delete
security software and system files.
The Virus copies itself as the following files:
%System%\.exe
%System%\.src
%System%\.zip
%System%\.com
%Windir%\TEMPORARY \.exe
Note: %System% is a variable. The Trojan locates the System folder and copies itself to that location.
By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000),
or C:\Windows\System32 (Windows XP).
%Windir% is a variable: The worm locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt)
and copies itself to that location.
Nyxem adds a value to the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
so that the Trojan runs when you start Windows.
The Trojan Attempts to delete files of some antivirus programs.
Enumerates network shares and attempts to copy itself to the open shares.
© Copyright 2000-2008 AnVir Software. All Rights Reserved.
