Nova napast: crv Nyxem.E

2

Nova napast: crv Nyxem.E

offline
  • Pridružio: 10 Nov 2004
  • Poruke: 966
  • Gde živiš: Novi Sad

Pa da ali ta poruka koja mi dolazi na mail mora da predje kroz seerver, a trebalo bi da server izbrise zarazenu poruku virusom!
Bar ja tako mislim jer na mom serveru neobee.net-u uma i firewall i virus zastisa i antispam.



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
offline
  • SINGI
  • Pridružio: 22 Avg 2003
  • Poruke: 787
  • Gde živiš: Beograd

bobby ::...Crv ce svakog 3. u mesecu brisati fajlove...

A treci februar je blizu...jedno od resenja je treceg u mesecu raditi krace od 30 minuta po "podizanju" sistema Wink

A dangerous email worm deletes data from infected machines on the 3rd of
every month

Kaspersky Lab, a leading developer of secure content management
solutions that protect against viruses, Trojans, worms, spyware, hacker
attacks and spam, warns users against Email-Worm.Win32.Nyxem.e, which
potentially poses a serious threat. This malicious program spreads via
the Internet as an attachment to infected messages, and also in files
placed on open network resources. It's estimated that hundreds of
thousands computers around the world are infected, and the number of
infected machines is continuing to increase.

Nyxem.e's payload is triggered on the third of every month, when the
worm will destroy data saved on the victim machine. The worm regularly
checks the system time. When the system data is the third of the month,
30 minutes after the victim machine is booted, Nyxem will delete
information from common file formats, replacing data with a meaningless
set of symbols.

"Internet watchdogs are confirming Kaspersky Lab statistics - that is,
significant numbers of computers are infected with Nyxem.e. February 3,
2006 could turn out to be a very difficult day with unprotected users
losing data and the Internet community at large suffering from heavy
traffic", predicts Eugene Kaspersky, Head of Research and Development at
Kaspersky Lab. "All users should avoid launching email attachments that
have not been scanned. They should also update their antivirus
databases and then scan their computers to make sure that their machines
are Nyxem free."

The worm itself is a Windows PE EXE file, approximately 95KB in size.
The file arrives attached to an email which will have one of about 25
different subjects. The message body and attachment name will also vary,
being chosen from among 20 possible variants, and this makes it more
difficult to instantly identify an infected message.


The worm is activated when the user opens the attachment. Once the worm
has been launched, it creates a Windows ZIP archive which will have the
same name as the attachment, and then opens it. When installing itself
to the system, the worm copies itself to the Windows root and system
directories under a range of names. It also registers itself in the
system registry, ensuring that the worm will be launched each time
Windows is rebooted on the victim machine.

The worm sends itself to email addresses harvested from the victim
machine. In order to do this, it establishes a direct connection with
the recipient's SMTP server. It also copies itself to shared network
resources on the victim machine. This increases the spread of its
potential reach.

The worm terminates processes connected with security solutions, and
prevents them from being launched. Nyxem.e is also capable of
downloading updates to itself via the Internet.


Detection for Email-Worm.Win32.Nyxem.e has been added to Kaspersky Lab
antivirus database updates. More detailed information about Nyxem.e is
available in the Kaspersky Virus Encyclopedia^
http://www.viruslist.com/en/viruses/encyclopedia?virusid=109064.

Kaspersky Labs Corporate Communications



offline
  • SVITAC 
  • Legendarni građanin
  • Pridružio: 28 Apr 2003
  • Poruke: 5919
  • Gde živiš: Beograd

Boldirao sam deo txt'a .. mada je ceo post za čitanje.
Biće interesantno videti kako će ova verzija odraditi posao ..

offline
  • Pridružio: 06 Jan 2006
  • Poruke: 286
  • Gde živiš: Becej

Da li je to to?

DESCRETE_MEDS@Bravanet.i.in Add to Address Book Add Mobile Alert
To: Karyn@hotmail.com
Subject: FW:SEE ATTACHMENT MEDCO~SALE:excelled
Date: Fri, 19 Aug 2005 09:48:45 -0000
Attachments
Attachment scanning provided by:


Files:
Bravanet_ClickHereRXDIRECTWEBSITE.HTML (6k) [Preview

Dopuna: 04 Feb 2006 14:47

Ovo sam juce otvorio i pisalo je da je virus!Skenirao sam komp sa ad awarom SE profesional,Spybotom S&D,i KAV-om,nista nije pronadjeno!
Danas ista posta ali ne otvaram!

offline
  • Pridružio: 20 Feb 2005
  • Poruke: 4505
  • Gde živiš: planeta Zemlja

Mislim da za svaki slucaj ne bi bilo lose da se ima jedan removal tool Wink :
http://www.bitdefender.com/VIRUS-1000060-en--Win32.Nyxem.E@mm.html

offline
  • Pridružio: 06 Jan 2006
  • Poruke: 286
  • Gde živiš: Becej

proucio sam malo sajtove i teme koji govore o ovom novom crvu sto 3. u mesecu brise fajlove,i to definitivno nije taj crv.Da li neko zna o kojem i kakvom se virusu radi u mojoj poruci?

offline
  • SSpin 
  • Saradnik foruma
  • Pridružio: 09 Dec 2004
  • Poruke: 6488
  • Gde živiš: Nis -> ***Durlan City***

Sad bas citah opis ovog virusa.... Bebee Dol nije ni malo za podcenjivanje...

evo sta preporucuju sa viruslist.com u slucaju infekcije.


Reboot your computer in Safe Mode - press and hold F8 while the machine is rebooting and choose Safe Mode from the menu when it appears.
In Task Manager, terminate any process with one of the following names:

rundll16.exe
scanregw.exe
Update.exe
Winzip.exe
WINZIP_TMP.EXE
New WinZip File.exe
WinZip Quick Pick.exe
Manually delete the following files from the Windows root and system directories, and the system registry:

%Windir%\rundll16.exe
%System%\scanregw.exe
%System%\Update.exe
%System%\Winzip.exe
%System%\WINZIP_TMP.EXE
%System%\New WinZip File.exe
%User Profile%\Start Menu\Programs\Startup\WinZip Quick Pick.exe
Delete the following value from the system registry:

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry" = "scanregw.exe /scan"
Reboot your computer and check you have deleted all infected messages from all mail folders.
If any applications have been damanged (in most cases this will be antivirus solutions and firewall programs) you will need to re-install them.


http://www.viruslist.com/en/viruses/encyclopedia?virusid=109064#doc2

offline
  • Pridružio: 10 Feb 2005
  • Poruke: 3549

To je virus koji svakog 3 u mesecu brise podatke sa PC.
Jeli tako ili se ja varam.

offline
  • Dok  Male
  • Moderator foruma
  • - Dok Milioner -
  • - Profesionalni Vanzemaljac -
  • Pridružio: 01 Jul 2005
  • Poruke: 4703
  • Gde živiš: Tamo gde mi nije mesto.

Vladimir_Z

Pa,zar ne vidis da je to tema?!Taj cvr brise svakog 3. u mesecu podatke sa kompa!

Bobby

Ima li oruzja za ovog crvica?!Da ga roknemo ako naleti!!!

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

@Dok
Pa otkrivaju ga vecina (ako ne svi) AV programi, tako da ne vidim razloga za paniku.

Ko je trenutno na forumu
 

Ukupno su 1042 korisnika na forumu :: 35 registrovanih, 8 sakrivenih i 999 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Acivi, amaterSRB, babaroga, bankulen, bladesu, bojcistv, bokisha253, BraneS, darionis, Denaya, dzoni19, E_Kurir, Georgius, HogarStrashni, Insan, JohnnyBoii, kokodakalo, kolle.the.kid, Kubovac, loon123, Mercury, Metanoja, miki.018, oldtimer, opt1, Oscar, Panter, pein, raptorsi, sabac015555m, solic, sombrero, voja64, zodiac94, 79693