NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove Blackworm. Description and removal instructions

 
Title: Blackworm
 Also known as: Grew.a, Grew.b, Blackmal.e, Nyxem.e, Mywife.d, Tearec.a, Nyxem.d, CME-24
Type: Worms
Severity scale:Blackworm severity is 85  (85 / 100)
 
Blackworm is also known as Grew.a, Grew.b, Blackmal.e, Nyxem.e, Nyxem.d, Mywife.d, Tearec.a and CME-24. It is an extremely dangerous and rapidly spreading Internet worm, which propagates by e-mail via messages with infected attachments and through unprotected network shares. The user can accidentally infect a computer by opening a malicious e-mail attachment or running an infected executable file.
For quick fix please download removal software

Once executed, Blackworm secretly installs itself to the system and runs a spreading routine. The worm uses own mail engine to send bogus letters to all the addresses it finds in local text and spreadsheet documents, presentations, databases and other similar files. It also creates infected files in unprotected network shares located in the same network or domain. Blackworm e-mail messages can have the following subjects and the following bodies:
click to see examples

The parasite's payload is large and destructive. Blackworm terminates active security-related processes, prevents installed antivirus software from running on every system startup. It also deletes essential executables and library files related to popular antiviruses and other security-related programs and some file sharing applications. All this corrupts installed software and compromises system security. On the third day of every month, Blackwork destroys all text documents (.doc, .pdf), spreadsheets (.xls), presentations (.ppt, .pps), databases (.mdb, .mde), archives (.rar, .zip), images (.psd) and memory dumps (.dmp) it finds in the compromised system. This may lead to catastrophic data losses.

Blackworm automatically runs on every Windows startup.

FORUM:
Discuss Blackworm in
spyware removal forum

Blackworm properties:
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic Blackworm removal:

remover for Blackworm

Blackworm manual removal:

Kill processes:
movies.exe, new winzip file.exe, rundll16.exe, scanregw.exe, update.exe, winzip.exe, winzip_tmp.exe, zipped files.exe, [X].exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ScanRegistry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden=0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView=0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState\FullPath=0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\096EFC40-6ABF-11CF-850C-08002B30345D
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\190B7910-992A-11CF-8AFA-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\2C49F800-C2DD-11CF-9AD6-0080C7E7B78D
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\4250E830-6AC2-11CF-8ADB-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\4D553650-6ABE-11CF-8ADB-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\556C75F1-EFBC-11CF-B9F3-00A0247033C4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\57CBF9E0-6AA7-11CF-8ADB-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\5F54E750-CE26-11CF-8E43-00A0C911005A
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\6FB38640-6AC7-11CF-8ADB-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\72E67120-5959-11CF-91F6-C2863C385E30
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\78E1BDD1-9941-11CF-9756-00AA00C00908
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\7C35CA30-D112-11CF-8E72-00A0C90F26F8
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\899B3E80-6AC6-11CF-8ADB-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\9E799BF1-8817-11CF-958F-0020AFC28C3B
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\B1EFCCF0-6AC1-11CF-8ADB-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\BC96F860-9928-11CF-8AFA-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\DC4D7920-6AC8-11CF-8ADB-00AA00C00905
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\E32E2733-1BC5-11D0-B8C3-00A0C90DCA10
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Licenses\F4FC596D-DFFE-11CF-9551-00AA00A3DC45
HELP:
how to remove registry entries

Delete files:
movies.exe, new winzip file.exe, rundll16.exe, scanregw.exe, update.exe, winzip.exe, winzip_tmp.exe, zipped files.exe, [X].exe, sample.zip
HELP:
how to remove harmful files

Misc:
[X] is a random filename.

Exact file location:
rundll16.exe - C:\Windows or C:\Winnt
new winzip file.exe, scanregw.exe, update.exe, winzip.exe, winzip_tmp.exe, sample.zip - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32

Other programs to remove Blackworm:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 30/01/06
Information updated: 13/04/09

Additional resources related to Blackworm:

Attention: If you know or you have a website or page about Blackworm removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about Blackworm parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:


Comments from visitors:

1. by . 2009-04-13 13:04:45
Help me and my Best friend found a black and green worm Help!!!!

2. by . 2009-04-13 13:04:15
What is a black and green worm called?

3. by Guest. 2007-10-18 07:10:19
IF I used a portable backup, would the blackworm virus have infected the data on this unit?

4. by Guest. 2006-03-04 03:03:25
It is very usefull !

5. by Guest. 2006-02-19 07:02:35
I woke up today and everything was gone on my computer that was personal to me (word docs, favorites etc., etc) most programs were still there, most desktop shortcuts gone. I do not know if my computer was attached for my personal information and wiped out in the process, if a virus like Kamasutra hit or if the computer crashed (never having done so before, a Dell with Windows 2000nt). I need to recover the data if possible. I have Mcafee updated and had not opened any strange files. Yesterday I received 268 emails as responses to something I sent but actually did not send. I received messages that the computer was running out of virtual memmory which I increased to the max. I checked my users of the computer and found asp.net there which I did not recall and I removed it. Now when I try to download a virus tool I get the message internet explorer was not able to open this internet site and I cannot download anything. Any idea what is going on ? I cannot download fix tools because the activex file is disabled, I enable it and the download fails because it is somehow swtiched back to disabled.
r2006x@yahoo.com thanks

6. by Guest. 2006-02-16 19:02:54
If you already have a antiVirus Software package installed but installed it after you were infected, how do you then delete it??
Related news:
Similar parasites:
Related articles:
Related discussions:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.