Email-Worm.Win32.Nyxem

Detect Date 03/25/2004
Class Email-Worm
Platform Win32
Description
  1. Reboot your computer in Safe Mode – press and hold F8 while the machine is rebooting and choose Safe Mode from the menu when it appears.
  2. In Task Manager, terminate any process with one of the following names:
    rundll16.exe
    
    
    
    scanregw.exe
    
    
    
    Update.exe
    
    
    
    Winzip.exe
    
    
    
    WINZIP_TMP.EXE 
    
    
    
    New WinZip File.exe
    
    
    
    WinZip Quick Pick.exe
  3. Manually delete the following files from the Windows root and system directories, and the system registry:
    %Windir%rundll16.exe
    
    
    
    %System%scanregw.exe
    
    
    
    %System%Update.exe
    
    
    
    %System%Winzip.exe
    
    
    
    %System%WINZIP_TMP.EXE 
    
    
    
    %System%New WinZip File.exe
    
    
    
    %User Profile%Start MenuProgramsStartupWinZip Quick Pick.exe
  4. Delete the following value from the system registry:
    [HKLMSoftwareMicrosoftWindowsCurrentVersionRun]
    
    
    
    "ScanRegistry" = "scanregw.exe /scan"
  5. Reboot your computer and check you have deleted all infected messages from all mail folders.
  6. If any applications have been damanged (in most cases this will be antivirus solutions and firewall programs) you will need to re-install them.
  7. Perform a full scan of your computer (download a trial version of Kaspersky Anti-Virus here