A dangerous email worm deletes data from infected machines on the 3rd of
the Internet as an attachment to infected messages, and also in files
placed on open network resources. It's estimated that hundreds of
thousands computers around the world are infected, and the number of
infected machines is continuing to increase.
Nyxem.e's payload is triggered on the third of every month, when the
worm will destroy data saved on the victim machine. The worm regularly
checks the system time. When the system data is the third of the month,
30 minutes after the victim machine is booted, Nyxem will delete
information from common file formats, replacing data with a meaningless
set of symbols.
there are in excess of 400,000 machines infected at this time.
As is common, different antivirus vendors have their own names for the same infection. Sophos has the most complete list of aliases that I've seen.
What to do:
Eugene Kaspersky's advice:
"All users should avoid launching email attachments that
have not been scanned. They should also update their antivirus databases
and then scan their computers to make sure that their machines are Nyxem
The worm terminates processes connected with security solutions, and
prevents them from being launched. Nyxem.e is also capable of
downloading updates to itself via the Internet.
If you have problems getting your AV solution to run correctly or have other reason to believe you are infected, F-Secure has a special disinfection utility called F-Force--use at your own risk: