W32/Nyxem-D is an email and network worm for the Windows platform.
W32/Nyxem-D copies itself with some of the following filenames:
<System>\New WinZip File.exe
W32/Nyxem-D sets the following registry entry to run itself on system startup:
W32/Nyxem-D also sets the following registry entries:
W32/Nyxem-D may modify registry values under the following locations:
W32/Nyxem-D may drop an empty file to the Windows system folder with the same name as itself but with a ZIP extension and attempts to open it in order to hide its functionality.
W32/Nyxem-D may periodically attempt to download and run an update of itself.
W32/Nyxem-D may attempt to display an icon in the Windows taskbar with the text "Update Please wait" if it detects the presence of anti-virus software. W32/Nyxem-D may also attempt to close windows, terminate programs, remove registry entries and delete files related to security and anti-virus programs.
W32/Nyxem-D sends itself to email addresses it harvests from files on the infected computer, sending itself as if from one contact to another. The emails sent have the following characteristics:
Subject lines include the following, or may be blank:
A Great Video
Arab sex DSC-00465.jpg
Fuckin Kama Sutra pics
Fw: Funny :)
Fw: Real show
Fwd: Crazy illegal Sex!
give me a kiss
Miss Lebanon 2006
Part 1 of 6 Video clipe
Re: Sex Video
School girl fantasies gone bad
The Best Videoclip Ever
You Must View This Videoclip!
Message bodies include the following, and may contain images that cannot be displayed:
----- forwarded message -----
???????????????????????????? ????????????? ?????? ???????????
>> forwarded message
DSC-00465.jpg DSC-00466.jpg DSC-00467.jpg
forwarded message attached.
Fuckin Kama Sutra pics
hello, i send the file. bye
hi i send the details bye
Hot XXX Yahoo Groups
how are you? i send the details. OK ?
i attached the details. Thank you
i just any one see my photos. It's Free :)
Note: forwarded message attached.
photo photo2 photo3
Please see the file.
ready to be FUCKED :)
VIDEOS! FREE! (US$ 0,00)
Attachments may be executable files or mime files containing executable files. Executable attachment filenames include the following:
Mime attachment filenames include the following:
Mime attachment filenames also include the following:
with one of the following extensions:
If the attachment is a mime file, it contains a file with one of the following filenames followed by several spaces and an SCR extension:
W32/Nyxem-D attempts to spread to network shares with weak passwords using the name WINZIP_TMP.exe.