Pregled posta

Adresa bloga: https://blog.dnevnik.hr/kik4

Marketing

Nyxem-E



Prva ovogodišnja veća računalna prijetnja korisnicima došla je u obliku virusa Nyxem.E ili porno, kako smo ga, zbog činjenice da se prikriva unutar poruke e-pošte s pornografskim sadržajem, prigodno nazvali. Nakon što je zarazio određeni broj računala, njegova aktivacija te najveći napad na podatke unutar korisničkih računala očekuje se 3. veljače
Antivirusni stručnjaci upozoravaju korisnike da će, aktivira li se u zakazano vrijeme, Nyxem.E 3. veljače obrisati sve datoteke Microsoft Officea te ostale, poput Acrobatovih .pdf datoteka, i zamijeniti ih u potpunosti neupotrebljivim podacima.

from Kaspersky Lab's website:
Infected messages
Message subject:

* *Hot Movie*
* A Great Video
* Arab sex DSC-00465.jpg
* eBook.pdf
* Fuckin Kama Sutra pics
* Fw:
* Fw: DSC-00465.jpg
* Fw: Funny :)
* Fw: Picturs
* Fw: Real show
* Fw: SeX.mpg
* Fw: Sexy
* Fwd: Crazy illegal Sex!
* Fwd: image.jpg
* Fwd: Photo
* give me a kiss
* Miss Lebanon 2006
* My photos
* Part 1 of 6 Video clipe
* Photos
* Re:
* Re: Sex Video
* School girl fantasies gone bad
* The Best Videoclip Ever
* You Must View This Videoclipe!
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::
It will delete all files from the following folders:

%ProgramFiles%DAP*.dll
%ProgramFiles%BearShare*.dll
%ProgramFiles%SymantecLiveUpdate*.*
%ProgramFiles%SymantecCommon FilesSymantec Shared*.*
%ProgramFiles%Norton AntiVirus*.exe
%ProgramFiles%Alwil SoftwareAvast4*.exe
%ProgramFiles%McAfee.comVSO*.exe
%ProgramFiles%McAfee.comAgent*.*
%ProgramFiles%McAfee.comshared*.*
%ProgramFiles%Trend MicroPC-cillin 2002*.exe
%ProgramFiles%Trend MicroPC-cillin 2003*.exe
%ProgramFiles%Trend MicroInternet Security*.exe
%ProgramFiles%NavNT*.exe
%ProgramFiles%Morpheus*.dll
%ProgramFiles%Kaspersky LabKaspersky Anti-Virus Personal*.ppl
%ProgramFiles%Kaspersky LabKaspersky Anti-Virus Personal*.exe
%ProgramFiles%GrisoftAVG7*.dll
%ProgramFiles%TREND MICROOfficeScan*.dll
%ProgramFiles%Trend MicroOfficeScan Client*.exe
%ProgramFiles%LimeWireLimeWire 4.2.6LimeWire.jar

All of this actions make the victim machine more vulnerable to subsequent attacks.

It may also download updates to itself via the Internet, without the knowledge or consent of the user.

It will also block the mouse and the keyboard.

On the 3rd of each month, 30 minutes after the victim computer is rebooted, the worm will rewrite files with the following extensions:

.doc
.xls
.mdb
.mde
.ppt
.pps
.zip
.rar
.pdf
.psd
.dmp

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Removal instructions

1. Reboot your computer in Safe Mode - press and hold F8 while the machine is rebooting and choose Safe Mode from the menu when it appears.
2. In Task Manager, terminate any process with one of the following names:

rundll16.exe
scanregw.exe
Update.exe
Winzip.exe
WINZIP_TMP.EXE
New WinZip File.exe
WinZip Quick Pick.exe

3. Manually delete the following files from the Windows root and system directories, and the system registry:

%Windir%rundll16.exe
%System%scanregw.exe
%System%Update.exe
%System%Winzip.exe
%System%WINZIP_TMP.EXE
%System%New WinZip File.exe
%User Profile%Start MenuProgramsStartupWinZip Quick Pick.exe

4. Delete the following value from the system registry:

[HKLMSoftwareMicrosoftWindowsCurrentVersionRun]
"ScanRegistry" = "scanregw.exe /scan"

5. Reboot your computer and check you have deleted all infected messages from all mail folders.
6. If any applications have been damanged (in most cases this will be antivirus solutions and firewall programs) you will need to re-install them.
7. Perform a full scan of your computer (download a trial version of Kaspersky Anti-Virus here




Post je objavljen 03.02.2006. u 17:07 sati.