virus graphic   The Nyxem Virus

Tips & Hints

Posted 2 February 2006

The virus of the month is due to go on a file eating rampage this Friday, February 3.  It's known by various names including 'Karma Sutra', 'Nyxem' and 'Blackmal' and could delete all the useful documents from your computer. But we aren’t so sure this one will be successful.

The virus spreads through a very basic email attachment using the .scr screensaver suffix. Connoisseurs of these things will remember this was popular some four years ago with viruses like Cari and Mylife. It dropped out of fashion as users got wise to the trick and stopped opening the things.

Once infected with the virus, it will try to damage any anti-virus that’s running and lower the system's security settings. To spread further it will look for network file shares and search through the hard drive for any email addresses to send itself onto those addresses. Then it will try to delete Microsoft Office, Abode Acrobat and some compressed files.

This last point is the most irritating part of the virus; that it will attempt to wipe your data. One interesting aspect is that it attempts to register the infection with a counter at a website. All of this points to hackers engaging in mindless vandalism, rather than the more sinister security compromises that most modern viruses try to carry out.

If you've followed our suggestions for protection against viruses you shouldn’t be affected by this. The important thing is to make sure the anti-virus is up to date and to resist the temptation to open and run strange attachments. But given the relatively primitive method of spreading this virus, we can’t see it getting too far.

Further information is available at the F-Prot website. If you think you are infected with it, a removal tool can be downloaded from the Symantec site. Some pundits recommend running the tool anyway just to make sure, which is good advice if you have the time.
PC Rescue Pty Ltd, Suite 236, 4 Young Street Neutral Bay NSW 2089
Phone 0415 967 017
ACN 082 635 765
ŠPC Rescue Pty Ltd, 2006
PC Rescue Pty Ltd, Suite 236, 4 Young Street Neutral Bay NSW 2089
ABN 36 082 635 765
ŠTechnology Publishing Australia, 2008