I ran the BitDefender scan, and it shows the above virus in the Virus Encyclopedia dated 1-15-06. I supposedly downloaded the removal tool, but I don't know how to find it, and I don't know how to use it.

I ran AVG Free, and it said 36426 objects & no viruses & no errors.

Does this mean I have something to worry about? Besides the fact that I'm an idiot and should limit myself to simple mechanical devices?

This computer runs Windows 2000 Pro, if it matters.

Nyxem is seriously nasty, it deletes and disables all antivirus software and this is why AVG has not found it.

This virus is also known as "W32.Blackmal.E@mm". Removal instructions can be found here:

http://securityresponse.symantec.com/avcenter/venc/data/w32.blackmal.e@mm.html#removalinstructions

Some things that this virus does on your computer:

- Deletes files and registry entries of security-related applications (antivirus, firewalls, etc).
- Large scale e-mailing: Creates a mass-mailing of itself using email addresses gathered from your computer, your address books, etc and sends them to your friends and associates in your contact lists and tries to infect them also.
- Deletes files: Attempts to delete files associated with security-related programs (antivirus, firewall, etc.)

This is a serious threat. You will need to reinstall all antivirus and security applications after following the removal instructions.

If I can assist further, please let me know.

Thanks. I disconnected the coax & power cable from the modem and ran the Symantec tool. It said the W32.Blackmal.E was not found on the computer. I then restarted in safe mode and ran it again, and it again said it was not found. I restarted, then uninstalled AVG Free & AdAwareSE, then reinstalled them.

I just ran the BitDefender scan again, and it said the computer was still infected, but it didn't show the Win32.NyxemE@mm in the list at the bottom, only on the Virus Encyclopedia. The list at the bottom (image below) said the same things after the first scan this morning, with nothing about Win32.NyxemE.

http://img.photobucket.com/albums/v623/jimfulco/bitdefenderscan.jpg

Am I totally scrood or what?

Okay - I'm going to tell you - you're infected with something because you should have NO files with a *.chm extension on them in your C:\ folder and I see several there, all with random names and that is *not* good. They could be inactive. CHM files are help manuals used in Windows.

Can you give me a list of all the files in your C:\ folder? Here, do this:

Open the Notepad program (it's in the Program/Accessories folder of the start menu). Copy and paste this single line of text into it:

dir /a /-p /o:gen > list.txt

Click the File menu in Notepad and click Save; browse to the C:\ folder. For the file name, type "list.bat", and if your version of Notepad has a "Save as type" dropdown box option, choose "All files", otherwise it will save as a text file. Once all of this has been done click the Save button and exit notepad.

Now, to run the batch file, simply double-click it or run the file like any other program. Once the batch file has completed running it will close the window automatically and you should notice a file at C:\list.txt - I need you to open that file and copy/paste the contents into this thread.

Thanks.

PS -

You might want to do a free spyware scan here:

http://www.spywareguide.com/onlinescan.php

Also, you might also want to scan using Symantec's website:

http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym

This should give you a better idea of what you're infected with.

Directory of C:\

02/05/2005 12:40a <DIR> _Singernetwork
02/08/2005 03:00p <DIR> AOL Instant Messenger
02/08/2005 03:01p <DIR> aolextras
10/24/2003 12:59a <DIR> Documents and Settings
07/25/2004 04:21a <DIR> INCINERATE
02/08/2005 03:01p <DIR> Install AOL Communicator
02/08/2005 03:00p <DIR> Install ICQ
02/08/2005 03:00p <DIR> Install Winamp
10/10/2005 10:00p <DIR> MSOCache
06/11/2004 08:36p <DIR> MWASPINT
06/23/2004 10:08p <DIR> My Downloads
10/24/2003 01:59a <DIR> My Music
02/02/2006 12:31p <DIR> Program Files
02/04/2005 06:13p <DIR> RECYCLER
10/24/2003 04:45a <DIR> sound
02/04/2005 05:22p <DIR> System Volume Information
02/02/2006 09:59a <DIR> unzipped
02/02/2006 12:31p <DIR> WINNT
02/08/2005 11:32a <DIR> WUTemp
12/22/2005 12:26a <DIR> $VAULT$.AVG
03/25/2005 09:56a 5,399 data
06/20/2003 06:00a 214,432 ntldr
10/24/2003 12:51a 0 AUTOEXEC.BAT
02/02/2006 02:38p 28 list.bat
06/20/2003 06:00a 34,724 NTDETECT.COM
12/16/2004 07:32p 3,925,728 AVG6DB_F.DAT
09/05/2001 09:00p 1,700,352 gdiplus.dll
06/20/2003 06:00a 150,528 arcldr.exe
06/20/2003 06:00a 163,840 arcsetup.exe
02/05/2005 02:11a 285 boot.ini
07/21/2005 05:44a 730 odbcconf.log
10/24/2003 12:51a 0 CONFIG.SYS
10/24/2003 12:51a 0 IO.SYS
10/24/2003 12:51a 0 MSDOS.SYS
02/02/2006 12:19p 188,743,680 pagefile.sys
02/02/2006 02:50p 0 list.txt
16 File(s) 194,939,726 bytes
20 Dir(s) 35,691,454,464 bytes free

I saw those .chm things at C:, and they looked blank, so I deleted them.

I don't see anything else suspicious in there. If those other two scans come up clean (i linked above) i would go ahead with your life and be content. something must have cleaned off whatever you had at some point.

Thanks a bunch. I just got a disc burning program and put all the .doc, .pdf, .txt, & .rtf files on a CD, so maybe it'll wait until tomorrow.

It's up to you :D Those scans should only take a few minutes. Sounds like whatever you had mighta been cleaned up by the other scanners. In my opinion, you can never scan too much ... just make sure you use a reputable scanner. Some website will trick you with popup windows for "Registry cleaners" and tell you things like your computer is infected with spyware". These places usually install spyware and trojans on your machine if you click on those things. :(

If you ever want any advice or whatever, don't hesitate to ask, I'll be happy to share anything I know.

Thanks again. Everything seems to be OK, so I guess something worked.