English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeBlogVirus WatchFebruary 01 2006Nyxem.e's dreaded 32 bytes

Nyxem.e's dreaded 32 bytes

Costin Raiu
Kaspersky Lab Expert
Posted February 01, 12:30  GMT
Tags: Nyxem
0
 

Somewhere, deep inside Nyxem.e's 100K+ body, there is a dreaded block of 32 bytes. On the 3rd of every month, exactly 30 minutes after the infected system is started, Nyxem.e will use this block to overwrite all *.doc, *.xls, *.mdb, *.mde, *.ppt, *.pps, *.zip, *.rar, *.pdf, *.psd and *.dmp files on your disks.

Once this has happened, your 6MB presentation for the CEO, your vacation pictures and all the RAR and ZIP backups will look like this:

Or, in ASCII:

With the activation date drawing near, just make sure your system is not infected. Unlike GPCode, once the payload has hit, the chances of you getting your data back will be practically zero.


Comments

If you would like to comment on this article you must first
login



Print
Bookmark and Share
Share

Blog

Nyxem alert status raised
Nyxem.e status to green
Surviving Nyxem.e
Watch out for Nyxem.e

Alerts

Email-Worm.Win32.Nyxem.e

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search