W32.Blackmal.B@mm - Category 2 level threat

W32.Blackmal.B@mm is a minor variant of W32.Blackmal@mm. The two differ only in the size of the worm, some possible viral file names, and email subjects and messages that the worm creates. The major viral behaviors of both variants are identical.

This threat is written in the Microsoft Visual Basic language and is compressed with UPX.

Also Known As:  W32/MyWife.a@MM [McAfee], I-Worm.Nyxem [Kaspersky], W32/Nyxem-A [Sophos], WORM_BLUEWORM.A [Trend] 
Variants:  W32.Blackmal@mm 
Type:  Worm 
Infection Length:  79,409 Bytes 
Systems Affected:  Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP 
Systems Not Affected:  DOS, Linux, Macintosh, OS/2, UNIX

Symantec

Published Sun, Apr 4 2004 16:31 by donna
Filed under:

Comments

Sunday, June 20, 2004 1:34 AM by donna

# re: W32.Blackmal.B@mm - Category 2 level threat

i cannot get rid of this worm . i have deleted all the ddl's it creates but the file media.temp.mpeg keeps on triggering once in say 10 minutes i am not able to find the soure of the file trigger.the registry entries also have been deleted.
please help me asap.
Sunday, June 20, 2004 1:53 AM by donna

# re: W32.Blackmal.B@mm - Category 2 level threat

Hi sameer,

Have you tried using the W32.Blackmal.B@mm removal tool created by Symantec? It's located in http://securityresponse.symantec.com/avcenter/venc/data/w32.blackmal.b@mm.removal.tool.html

Symantec noted the following in using the removal tool:

The fixtool needs to be run within about 1.5 minutes of the worm's execution. If it is not, the worm will lock the keyboard and mouse.

If this happens, restart the computer and immediately run the tool. This applies only in the case of stand-alone systems. The behavior has not been tested for the remote deployment of tools.

If you are running Windows Me or Windows XP, it is recommended to disable System Restore.

Note: The removal procedure may not be successful if Windows Me/XP System Restore is not disabled, because Windows prevents outside programs from modifying System Restore.


Sunday, June 20, 2004 2:00 AM by donna

# re: W32.Blackmal.B@mm - Category 2 level threat

Sameer,

If the Symantecs' W32.Blackmal.B@mm removal tool can't get rid of this worm, try this running the removal tool in Safe mode or manually end the processes prior running the removal by opening Task Manager>Process tab.
Friday, January 20, 2006 11:18 PM by Gautham

# re: W32.Blackmal.B@mm - Category 2 level threat

Please can ay one tell me from where i can down load w32.blackmal.b@mm Removal Tool. I have checked Symnatec but i am not able to download from this link. http://securityresponse.symantec.com/avcenter/venc/data/w32.blackmal.b@mm.removal.tool.html
Can Any Bosy elp me ......