About DBkWik

About: dbkwik:resource/yTmH9gcrLNmbZ-4dSRnhnA==

PropertyValue
rdf:type
rdfs:label
  • Nyxem.E
rdfs:comment
  • Email-Worm.Win32.Nyxem.E is a worm that runs on Win32.
  • Nyxem is a worm that spread in February 2003 written in Visual Basic with a very destructive payload. Most people are focused on the E variant. When the worm is first run, it drops a .zip file in the system directory and launches it in order to display an error message to distract the user. It also copies itself to the system directory under the following names: * New WinZip File.exe * scanregw.exe * Update.exe * Winzip.exe * WINZIP_TMP.exe In the Startup folder it copies itself as WinZip Quick Pick.exe. In the Windows folder it installs itself as rundll16.exe. with the text:
dcterms:subject
dbkwik:malware/property/wikiPageUsesTemplate
Platform
  • Microsoft Windows
Name
  • Nyxem
Type
  • Email Worm
filetype
  • *Win32 PE executable
AKA
  • *Nyxem.e
Family
  • Nyxem
abstract
  • Nyxem is a worm that spread in February 2003 written in Visual Basic with a very destructive payload. Most people are focused on the E variant. When the worm is first run, it drops a .zip file in the system directory and launches it in order to display an error message to distract the user. It also copies itself to the system directory under the following names: * New WinZip File.exe * scanregw.exe * Update.exe * Winzip.exe * WINZIP_TMP.exe In the Startup folder it copies itself as WinZip Quick Pick.exe. In the Windows folder it installs itself as rundll16.exe. It uses the HKEY_LOCAL_MACHINE registry key to make sure it is run on startup. To spread through Email, the worm searches for files with the following extensions: * dbx * eml * htm * imh * mbx * msf * msg * nws * oft * txt * vc It mass-mails itself by connecting to the host's SMTP server. It also spreads through open network resources by copying itself as Winzip_TMP.exe The worm also makes an attempt to kill antivirus software. It uses the internet to download updates for itself, therefore it has a backdoor component. While doing the above, the worm disables mouse and keyboard input. A half hour after an infected computer is booted on the third of any month, the worm overwrites all files with the following extensions: * doc * xls * mdb * mde * ppt * pps * zip * rar * pdf * psd * dmp with the text: DATA Error [47 0F 94 93 F4 F5]
  • Email-Worm.Win32.Nyxem.E is a worm that runs on Win32.