Severity scale  
  (85/100)

Blackworm. How to Remove? (Uninstall Guide)

removal by - -   Also known as Grew.a, Grew.b, Blackmal.e, Nyxem.e, Mywife.d, Tearec.a, Nyxem.d, CME-24 | Type: Worms
12
Blackworm is also known as Grew.a, Grew.b, Blackmal.e, Nyxem.e, Nyxem.d, Mywife.d, Tearec.a and CME-24. It is an extremely dangerous and rapidly spreading Internet worm, which propagates by e-mail via messages with infected attachments and through unprotected network shares. The user can accidentally infect a computer by opening a malicious e-mail attachment or running an infected executable file.
For quick fix please download removal software

Once executed, Blackworm secretly installs itself to the system and runs a spreading routine. The worm uses own mail engine to send bogus letters to all the addresses it finds in local text and spreadsheet documents, presentations, databases and other similar files. It also creates infected files in unprotected network shares located in the same network or domain. Blackworm e-mail messages can have the following subjects and the following bodies:
click to see examples

The parasite's payload is large and destructive. Blackworm terminates active security-related processes, prevents installed antivirus software from running on every system startup. It also deletes essential executables and library files related to popular antiviruses and other security-related programs and some file sharing applications. All this corrupts installed software and compromises system security. On the third day of every month, Blackwork destroys all text documents (.doc, .pdf), spreadsheets (.xls), presentations (.ppt, .pps), databases (.mdb, .mde), archives (.rar, .zip), images (.psd) and memory dumps (.dmp) it finds in the compromised system. This may lead to catastrophic data losses.

Blackworm automatically runs on every Windows startup. Blackworm properties:
• Connects itself to the internet
• Hides from the user
• Stays resident in background

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Download
Reimage - remover Happiness
Guarantee
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Blackworm. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall Blackworm. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
Plumbytes
We are testing Plumbytes's efficiency (2009-04-13 13:04)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2009-04-13 13:04)
Hitman Pro
Webroot SecureAnywhere AntiVirus

Blackworm manual removal

Kill processes:
movies.exe, new winzip file.exe, rundll16.exe, scanregw.exe, update.exe, winzip.exe, winzip_tmp.exe, zipped files.exe, [X].exe
Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ScanRegistry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden=0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView=0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState\FullPath=0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\096EFC40-6ABF-11CF-850C-08002B30345D
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\190B7910-992A-11CF-8AFA-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\2C49F800-C2DD-11CF-9AD6-0080C7E7B78D
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\4250E830-6AC2-11CF-8ADB-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\4D553650-6ABE-11CF-8ADB-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\556C75F1-EFBC-11CF-B9F3-00A0247033C4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\57CBF9E0-6AA7-11CF-8ADB-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\5F54E750-CE26-11CF-8E43-00A0C911005A
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\6FB38640-6AC7-11CF-8ADB-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\72E67120-5959-11CF-91F6-C2863C385E30
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\78E1BDD1-9941-11CF-9756-00AA00C00908
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\7C35CA30-D112-11CF-8E72-00A0C90F26F8
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\899B3E80-6AC6-11CF-8ADB-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\9E799BF1-8817-11CF-958F-0020AFC28C3B
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\B1EFCCF0-6AC1-11CF-8ADB-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\BC96F860-9928-11CF-8AFA-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\DC4D7920-6AC8-11CF-8ADB-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\E32E2733-1BC5-11D0-B8C3-00A0C90DCA10
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\F4FC596D-DFFE-11CF-9551-00AA00A3DC45
Delete files:
movies.exe, new winzip file.exe, rundll16.exe, scanregw.exe, update.exe, winzip.exe, winzip_tmp.exe, zipped files.exe, [X].exe, sample.zip
Misc:
[X] is a random filename.

Exact file location:
rundll16.exe - C:\Windows or C:\Winnt
new winzip file.exe, scanregw.exe, update.exe, winzip.exe, winzip_tmp.exe, sample.zip - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32

Geolocation of Blackworm

Map reveals the prevalence of Blackworm. Countries and regions that have been affected the most are: United States.

Information updated:

Comments on Blackworm

0
0
<Guest>
Help me and my Best friend found a black and green worm Help!!!!
0
0
<Guest>
What is a black and green worm called?
0
0
Guest
IF I used a portable backup, would the blackworm virus have infected the data on this unit?
0
0
Guest
It is very usefull !
0
0
Guest
I woke up today and everything was gone on my computer that was personal to me (word docs, favorites etc., etc) most programs were still there, most desktop shortcuts gone. I do not know if my computer was attached for my personal information and wiped out in the process, if a virus like Kamasutra hit or if the computer crashed (never having done so before, a Dell with Windows 2000nt). I need to recover the data if possible. I have Mcafee updated and had not opened any strange files. Yesterday I received 268 emails as responses to something I sent but actually did not send. I received messages that the computer was running out of virtual memmory which I increased to the max. I checked my users of the computer and found asp.net there which I did not recall and I removed it. Now when I try to download a virus tool I get the message internet explorer was not able to open this internet site and I cannot download anything. Any idea what is going on ? I cannot download fix tools because the activex file is disabled, I enable it and the download fails because it is somehow swtiched back to disabled.
r2006x@yahoo.com thanks
0
0
Guest
If you already have a antiVirus Software package installed but installed it after you were infected, how do you then delete it??

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«

(All fields are required)