Antivirus firms are warning of a destructive Windows worm that will begin wiping files on infected PCs this Friday. 'Nyxem.e' has been spreading via infected emails and network shares.

On the third of each month the worm will activate 30 minutes after the computer is booted up and overwrite all files with the extensions DOC, XLS, MDB, MDE, PPT, PPS, ZIP, RAR, PDF, PSD and DMP. Corrupted files contain the text 'DATA Error [47 0F 94 93 F4 F5]'.

The emails containing the malware use a variety of social engineering hooks to get the recipient to activate the worm, predominantly of a sexual nature.

Email headers include 'School girl fantasies gone bad' and 'Fwd: Crazy illegal Sex!', while the attachment, a 95KB PE EXE file written in Visual Basic, is usually labelled 'photo.pif' or 'word_document.uu'.

"This worm is not new but it continues to spread and has a damaging payload. We want to urge all computer users to update their antivirus protection before the first trigger date on 3 February," said David Emm, senior technology consultant at Kaspersky Labs UK.

Nyxem.e also tries to deactivate antivirus software and can disable the mouse and keyboard of infected machines to make it harder to delete.

The worm was first discovered on 16 January and has been variously named Blackworm, MyWife, Kama Sutra, Grew and CME-24.