It blocks the computer and deletes files and entries in the Windows Registry belonging to several antivirus programs. It attempts to search and end processes belonging to antivirus and computer security programs.

Windows 2003/XP/2000/NT/ME/98/95

Mywife.D is a worm that spreads via e-mail in a message with variable characteristics.

A few seconds after it is executed, Mywife.D blocks the computer, as it uses all the processor time available.

Mywife.D deletes the files belonging to several antivirus programs, if they are installed in the same directories as the ones specified in the worm's code. It also deletes the entries in the Windows Registry belonging to these antivirus programs, so these applications will not be run automatically the next time Windows is started.

In addition, Mywife.D also deletes the entries belonging to other worms, such as Mydoom.A, Mimail.T and several variants of Bagle.

Mywife.D attempts to search and end the processes belonging to antivirus and computer security programs. This would leave the affected computer vulnerable to the attack of other malware.

Mywife.D is easy to recognize, as it reaches the computer in a message with the following characteristics:

• Subject: any of the following:
  Sinfonma n: 9 de Beethoven Scherzo
  Historias nuevas Highway Blues
• Message:
  see the attached
• Attachments: it is variable. It will have any of the following names, and a TGZ or ZIP extension:
  SINFONMA N: 9 DE BEETHOVEN SCHERZO
  HISTORIAS NUEVAS HIGHWAY BLUES
  It will also attach the file LIFE.JPG, which contains a pornographic image.

In addition, Mywife.D carries out the actions below once it has affected the computer:

• It launches the application Windows Media Player whenever it is executed.
• It blocks the computer a few seconds after it is executed.