Online Computer Tips Home
Home All Tips OCT Newsletter Free Tutorials Tech News Resources
Home > All Tips > Virus Tips

Win32/Mywife.E@mm Virus Removal- Virus Information

There is another form of virus/malware making its rounds recently. Its called Mywife.E@MM. It is also known as Nyxem, Blackmal or Kama Sutra worm. It comes in the form of an attachment in an e-mail most likely as a zip file and if the recipient opens the file, the malware sends itself to all the contacts that are contained in the system's address book. It can also spread itself through network shares if they have blank administrator passwords.

This virus has the capabilities to destroy documents on the 3rd of every month. It may modifies or deletes files and registry keys associated with certain computer security-related applications. This prevents these applications from running when Windows starts. The worm adds data to the registry so that the worm runs each time Windows starts. It can destroy all files with the following extensions by overwriting the file:

*.doc, *.xls, *.mdb, *.mde, *.ppt, *.pps, *.zip, *.rar, *.pdf, *.psd, *.dmp

Removal instructions:

Manual Recovery

To manually recover from infection by Win32/Mywife.E@mm, perform the following steps:
 
First, reboot your computer. This will force the worm into a known configuration where it can be stopped.
 
Using task manager, look for any of the following process names and kill them if present:
  Update.exe
  Winzip.exe
  scanregw.exe
  WINZIP_TMP.exe
  "Winzip Quick Pick.exe"
 
Delete the following files if present on your system:
  C:\WINZIP_TMP.exe
  %windir%\WINZIP_TMP.exe
  %windir%\system32\Winzip.exe
  %windir%\system32\Update.exe
  %windir%\system32\scanregw.exe
"C:\Documents and Settings\All Users\Start Menu\Programs\Winzip Quick Pick.exe"
 
Note that the files under %windir%\system32 will be marked read-only and hidden. To delete these from the command prompt, use (for example):
  del /f /a:h %windir%\system32\Winzip.exe
 
 
Using regedit, delete the following registry value:
  'ScanRegistry' under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run (Contents will look like: scanregw.exe /scan)
 
Reboot your computer, and using Task Manager, verify that none of the processes mentioned above are running.

 

Related Tips:
Free Online Spyware Scan
Symantec's Spyware/Adware Classifications
Removing and Preventing Spyware Infections
Using Ad-Aware 2007
Microsoft PC Safety Scan

 

BROWSE PC HELP INFORMATION
Computer Categories:
 - PC Troubleshooting
 - Networking
 - Windows
 - Microsoft Office
 - Spyware
 - Virus
 - Hardware
 - Software
Learn More:
 - Computer Tutorials
 - Video Tutorials

 - Networking Terms
 - Hardware Terms
 - Virus Terms

Visitor Questions:
 - Free Tech Help
 - Q & A Archive
 - Common Questions
OCT Newsletter
OCT Tech Blog
JOIN US ON GOOGLE+
JOIN US ON FACEBOOK
FOLLOW US ON TWITTER
Get insights into the computer industry and regular updates on our site. Click Here
 
CHECK US OUT ON YOUTUBE

New tech tip videos posted on a regular basis. Subscribe today! Click Here

Back To The Top

Copyright © 2005-2015 Online Computer Tips.com
HOME | ALL TIPS | COMPUTER TUTORIALS | TECH NEWS | RESOURCES | ADVERTISING | ABOUT US | PRIVACY POLICY
Home All Tips OCT Newsletter Free Tutorials Tech News Resources