high
Summary
Summary
Action- More Information
| Protection available since | 25 March 2004 17:18:52 (GMT) |
|---|---|
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
Windows NT/2000/XP/2003
In Windows NT/2000/XP/2003 you will also need to edit the following registry entries. The removal of these entries is optional in Windows 95/98/Me. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
and remove any reference to any file you deleted.
Each user has a registry area named HKEY_USERS\[code number indicating user]\. For each user locate the entry:
HKU\[code number]\Software\Microsoft\Windows\
CurrentVersion\Run\
and remove any reference to any file you deleted.
Close the registry editor and reboot your computer.
More Information
NOTE: The information contained in this analysis may be considered offensive by some customers.
W32/Nyxem-A is an email worm.
It arrives in an email as an attachment with one of the following names:
Julia_1997_Fucking.MPEG_.scr
juanita_in_the_kitchen.MPEG.scr
17Ag_double_suck__part[2].MPEG_.scr
April_FromTexas.MPEG_.scr
Video_briefcase_Group[13].MPEG_.scr
After_2AM_small_room[4].MPEG__.scr
Graham_Hilton_Sex[4].MPEG__.scr
WebCam_12girls_Ass.mpeg_.scr
Shakira_Anal_very_old.MPEG.scr
why_fuck_anal_back.MPEG.scr
open_girl_21year.MPEG.scr
GrahamCluley_freakin_Ass_.MPEG__.scr
Sexual_Crimes.MPEG____.scr
The subject line is one of:
LOOOOOOOOL joke (^!^)
Check This ?ucking Babe :D
FW: (-Sucking-)
FW: File - WebCam.mpeg
FW: **Hot Movie**
Re: Why? Form Back.mpg
FW:RE: Least *21* Years
Re: Double suck (movie)
FW:Re:Hot Erotic
very hot XXX
Video Clip
RE: FW: Women Mpeg
Asses Mpeg's
FW: Lesbian & gays Mpeg
Fw: My Funny Ass
<<~SEX~>> TeenRapers.mov
The Message text is one of:
"Dozens of Free Video Clips to download.Many Niches. Updated regularly and more added daily.Taken From Vivi's Lovely Briefcase."
"hey guys my name is April Goostree i am a sexy 22 yr old bbw , 5'9, 48 dd , big ole booty, jus lovin life, until i get my pics posted in here you can either check out my profile or join my own yahoo group Texas-Sexy@groups.msn.com, either way works for me..i hope to become very active in this group, i like to get to know people, like to get on cam once in a while, jus to chill, when they aint none home..thats why its once in a while yaknow..anyways jus holla at me... n thanks for lettin me join!!! kisses kandee..Bye"
"very good movie <<<Video's Media Player. SEX SEX * Sluts Tits Video Mpeg's Mpeg Video Clips"
"Cum and check this fun group out...Sexy ladies!! Come post your ad,..this is a real swingers group!! I'm attatching a Video Clip of my wife if interested in checking it out!"
"Watch the Paris Hilton Sex Tape for Free!"
"Video's Girls Erotic WebCam's Tits Mpeg's Girls Ass SEX Pussy Video Clips"
"Here is another Vclip of my daily group :|"
"All kinda Women Can be Found Here To Satisfy Women Lovers' Eyes" NOTE: The information contained in this analysis may be considered offensive by some customers.
W32/Nyxem-A is an email worm.
It arrives in an email as an attachment with one of the following names:
Julia_1997_Fucking.MPEG_.scr
juanita_in_the_kitchen.MPEG.scr
17Ag_double_suck__part[2].MPEG_.scr
April_FromTexas.MPEG_.scr
Video_briefcase_Group[13].MPEG_.scr
After_2AM_small_room[4].MPEG__.scr
Graham_Hilton_Sex[4].MPEG__.scr
WebCam_12girls_Ass.mpeg_.scr
Shakira_Anal_very_old.MPEG.scr
why_fuck_anal_back.MPEG.scr
open_girl_21year.MPEG.scr
GrahamCluley_freakin_Ass_.MPEG__.scr
Sexual_Crimes.MPEG____.scr
The subject line is one of:
LOOOOOOOOL joke (^!^)
Check This ?ucking Babe :D
FW: (-Sucking-)
FW: File - WebCam.mpeg
FW: **Hot Movie**
Re: Why? Form Back.mpg
FW:RE: Least *21* Years
Re: Double suck (movie)
FW:Re:Hot Erotic
very hot XXX
Video Clip
RE: FW: Women Mpeg
Asses Mpeg's
FW: Lesbian & gays Mpeg
Fw: My Funny Ass
<<~SEX~>> TeenRapers.mov
The Message text is one of:
"Dozens of Free Video Clips to download.Many Niches. Updated regularly and more added daily.Taken From Vivi's Lovely Briefcase."
"hey guys my name is April Goostree i am a sexy 22 yr old bbw , 5'9, 48 dd , big ole booty, jus lovin life, until i get my pics posted in here you can either check out my profile or join my own yahoo group Texas-Sexy@groups.msn.com, either way works for me..i hope to become very active in this group, i like to get to know people, like to get on cam once in a while, jus to chill, when they aint none home..thats why its once in a while yaknow..anyways jus holla at me... n thanks for lettin me join!!! kisses kandee..Bye"
"very good movie <<<Video's Media Player. SEX SEX * Sluts Tits Video Mpeg's Mpeg Video Clips"
"Cum and check this fun group out...Sexy ladies!! Come post your ad,..this is a real swingers group!! I'm attatching a Video Clip of my wife if interested in checking it out!"
"Watch the Paris Hilton Sex Tape for Free!"
"Video's Girls Erotic WebCam's Tits Mpeg's Girls Ass SEX Pussy Video Clips"
"Here is another Vclip of my daily group :|"
"All kinda Women Can be Found Here To Satisfy Women Lovers' Eyes"
In order to run automatically when Windows starts W32/Nyxem-A adds to the following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
When run W32/Nyxem-A will create the file Media.Temp.Mpeg in the temporary folder and launch Windows Media Player with it. The Mpeg file is actually empty and Media Player will complain that the file format isn't recognised.
|
