Over 1 million tech questions and answers.

'Win32.netsky Q' keeps popping up on my screen.

Q: 'Win32.netsky Q' keeps popping up on my screen.

Hi all,

As stated in the subject heading, this keeps popping up in a Windows Security box, stating it's a keyboard trojun.

I've searched Google to find out where it could be on my computer, and I can't see to locate it, thus leaving me thinking it perhaps isn't in my Windows Directory, or my Registry, as yet. Alas, why does this keep popping up ? All my security settings have been updated, AVG is not picking anything up, I've also installed a SpyWare App, but this is also not picking anything up.

Could anyone help ? If you ask me to post my Hi-Jack log, please could you tell me where I can locate this script on my Vista OS.

Much appreciated,

Dummy :-)

RELEVANCY SCORE 200
Preferred Solution: 'Win32.netsky Q' keeps popping up on my screen.

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: 'Win32.netsky Q' keeps popping up on my screen.

I have also tried this, taken from another thread ..

-----

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press Enter.
* Choose your usual account.

* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
-----

When I double click the BAT File, the Command Windows opens, then closes, so I am unable to do anything, and I am running the file as Admin.

:-\

Read other 4 answers
RELEVANCY SCORE 64

Hey everyone.

It's been awhile since I've had any big computer problems, but today when I came back to my laptop and tried to un-idle it, it froze up and I had to manually shut down the power. Upon start up, I was met with the blue screen of doom, giving me the error codes (0x00000023, 0x000E0100, 0xF8975FC0, 0xF8975CBC, and 0x83229805).

I was able to load up with the most "recent configuration" option though. Right before the explorer fully loaded, a pop-up notification came up warning me that my computer was infected with "worm.win32.netsky". Whatever malware had infected my computer had changed the wallpaper and made it so that my computer kept suggesting these fraudulent anti-spyware programs.

I tried to use Smitfraudfix and Malwarebyte to get rid of some things, but now I can't boot up regularly at all - only in safe mode. An attempted regular boot up leads to the dead end blue screen, and the most recent configuration leads to a restart. Though the pop-up warning me about the worm has disappeared in safe mode, I cannot check if the other pop-ups and wallpaper are still there because of the blue screen of death.

Nonetheless, there's still some sort of infection going on, because google redirects hits into random pages. But most of all I want to get around the blue screen. (I've ran chk dsk F\ with no results, and tried to start the CD recovery console but it froze)

I managed to uninstall Utorrent, but Alcohol 120% will not be instal... Read more

A:Worm.Win32.Netsky, Google Redirect Virus and Blue Screen of Death

Hi,

Please do the following:

we need to disable the sptd driver or it will interfere with our tools:

Please download DeFogger to your desktop.
Double click DeFogger to run the tool. The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.


NEXT

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer... Read more

Read other 11 answers
RELEVANCY SCORE 60

It appears that I may have the Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ (or whatever it's called) virus on my laptop and would greatly appreciate your assistance. When I turned it on, it started giving me the below "Spyware Alert!" message followed by the below "WARNING" message after I logged in. My desktop background had NOT changed, as I've seen other people report. I (stupidly) tried to start removal of the virus without your assistance by deleting some of the suspected files. Now, when I login, it immediately logs off. (This happens regardless if I "Start Windows Normally" or go into "Safe Mode") Obviously, before I can post/attach a DDS or HJT log and begin the process of removing the malware, I will need assistance getting logged in. Thanks in advance for your assistance.

============================================

Spyware Alert!

Security Warning!

Worm.Win32.NetSky detected on your machine.
This virus is distributed via the Internet through e-mail and Active-x
objects.
The worm has its own SMTP engine which means it gathers e-mails
from your local computer and re-distributes itself.
In worst cases this worm can allow attachers to access your
computer, stealing passwords and personal data.
Viruses can damage your confidential data and work on your
computer.
Continue working in unprotected mode is very dangerous.
Type: Virus
System Affected: Windows 2000, NT, ME, XP, Vi... Read more

A:Possible Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum so we can get you started. ~ OB

Read other 3 answers
RELEVANCY SCORE 60

It appears that I may have the Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ (or whatever it's called) virus on my laptop and would greatly appreciate your assistance. When I turned it on the other day, it started giving me the below "Spyware Alert!" message followed by the below "WARNING" message after I logged in. My desktop background had NOT changed, as I've seen other people report. I (stupidly) tried to start removal of the virus without your assistance by deleting some of the suspected files and got caught in the Login/LogOff loop. I am now able to get logged in after following the advice here: http://windowsxp.mvps.org/peboot.htm (Thanks to BartPE, What a great tool!). Now, when I try to launch most any (I hesitate to say ALL) applications, even the Task Manager, I get the "WARNING - Application cannot be executed. The file is infected. Please activate your antivirus software." message.When I ran DDS it did not automatically open the logs in Notepad, even though I still have the "WARNING - Application cannot be executed. The file is infected. Please activate your antivirus software." message open so that I could get DDS to launch. (I saw this suggestion somewhere as a work around.) Instead I found them in "C:\WINDOWS\Temp" and have provided them here. Also worth mentioning, I noticed that there were two additional files with the same date/time stamp in the &quo... Read more

A:Possible Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 35 answers
RELEVANCY SCORE 59.6

As you can see from the title, I got a bad infection. I am getting the same screen warning others are getting in other threads concerning this same infection. I am not on this computer as I am afraid to plug it into my home network. I used a memory stick to get this log. Can you please help me? Thanks in advance.
Here is Highjackthis log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:34 PM, on 12/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\... Read more

Read other answers
RELEVANCY SCORE 58

Hello, I would love it if someone could help with this problem...When I login to windows, a message pops up telling me I have worm.win32.netsky And once windows loads, windows defender tells me I have win32/fakeinitI have tried mcafee but to no avail. It does not remove the problem(s).I tried running DDS.scr but the logs never popped up (I waited a long time, too!)But here are the RootRepeal logs as requested. I await your instructions!

A:Worm.win32.netsky and win32/fakeinit

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 2 answers
RELEVANCY SCORE 56

Would really appreciate some help, since am at wits end. I had IE7 installed on my PC and it started spontaneously shutting down yesterday. It opens up fine, and even navigates to a couple of pages, but then shuts down. I have not been able to figure out if there is a pattern to the kinds of pages that make it shut down (definitely cannot go to Windows Update page).Here are some new environmental things that have been happening over the last few days:1. A game called Runescape has been played by a visiting nephew. Said nephew has also watched Loonytunes on my PC2. I installed Kaspersky AV 6.0 two days ago. My old AV software (Norton) had expired 3 days prior to installation of Kaspersky. When I ran Kaspersky yesterday, it told me that the following things had been discovered and fixed: Exploit.Java.ByteVerify, Trojan-Dropper.Java.Small.c., Win32.NetSky.aa, Trojan-Downloader.Win32.Zlob.cz, Trojan-Downloader.Win32.Zlob.cy, Win32.LovGate.w, Explot.html.mht, Trojan-Dropper.Win32.Mudrop.ao3. However, Kaspersky ran again last night, and this morning I saw that there were a number of trojans and viruses that needed to be cleaned (mostly the same as the ones above, except Trojan-Spy.HTML.Sunfraud.c and Net-Worm.Win32.Mytob.dn).Here are some of the things I have done since yesterday, which have made no difference:1. Rolled back IE7 to IE62. Tried a variety of anti-spyware softwares and the only one that turned up something was on Spyware Doctor (PS Guard). However, PS Guard has not ... Read more

A:Exploit.java.byteverify, Trojan-dropper.java.small.c, Win32.netsky.aa, Net-worm.win32.mytob.dn, Etc.

Hello GMS and welcome to the BC HijackThis forum. Let's strt with a little cleanup. Please follow the steps below in order.Step #1If Norton has expired then go to the Control Panel->Add/Remove Programs and uninstall all Symantec/Norton products. If it has expired then it isn't performing any useful function to still be installed, and running 2 AV's can easily cause file access issues.Step #2Download ATF CleanerDouble-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Step #3Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)Now close ALL open windows ... Read more

Read other 3 answers
RELEVANCY SCORE 54.8

ran some virus scans....found some downloaders in some svchosts but cant quite figure out why it wont let me on internet explorer. few other things are acting weird as well. sorry i dont have a better decription of the problem, this isn't my computer. please look at the logs and tell me it you see anything...Logfile of random's system information tool 1.04 (written by random/random)Run by Lucy Northrop at 2008-12-15 16:15:39Microsoft Windows XP Professional Service Pack 3System drive C: has 6 GB (17%) free of 38 GBTotal RAM: 1014 MB (50% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:16:16 PM, on 12/15/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\S... Read more

A:win32.netsky.Q

new info....found mjkdpl.dll, gonna try to get rid of it

edit...

removed
C:\Documents and Settings\Your Name\Application Data\Google\fhexj6825097.exe
C:\Documents and Settings\Your Name\Application Data\Google\mjkdpl.dll

we'll see what happens

any other suggestions are still welcomed!

Read other 3 answers
RELEVANCY SCORE 54.8

I have a computer infected with the Win32.Netsky virus. I had been locked out of the system for sometime, but found a way in by replacing the userinit file. Now that I am back into Windows I want to finally rid the computer of this nemesis! I have run the DDS file. The computer started one of its famous shut downs when you try to run any removal programs. I did manage to save the file on my zip drive with 15 seconds left before shut done. Can you please advise what I might be able to do to fix this situation. I have attached the file the DDS program generated. Your help will be greatly appreciated!Amy

A:Win32.Netsky

Can you also please post the DDS.txt log so we can take a look.Thanks. Re-run DDS if you need to.

Read other 3 answers
RELEVANCY SCORE 54.8

My PC was infected today with the Win32.netsky WORM. I cannot do anything on my PC. I can't access the Registry. I cannot get online. When I boot up it says the the pc has been infected. I was getting alerts saying that I had a 'generic fakealert!htm' but that has stopped. I keep getting popups saying that Windows detects something harmful in my pc and to scan with anti-spyware. When I scanned it came up with 10 items but was only able to remove 7 of the 10 items. Please help!! Thanks so much.
I know it is difficult to help as I cannot get online to download anything. Also... I bought a new software Kaspersky antivirus - but when I try to install it - I get an error and it tells me to go online to get a key and I cannot go online. My service provider tried to help me go online but it says something about connectivity and the IP address. She tried many times to change the IP address but it would not change. I have Windows XP.

Thanks again!
 

Read other answers
RELEVANCY SCORE 54.8

I was getting the Win32.netsky.Q message constantly from windows defender yesterday
the message was saying the virus could detect keyboard information and lead to password detection (somewhere along that line)

and on top of that a generic trojan horse c_abus & abuu & abuc (not too sure on the name)
but after i ran AVG i believe/hope healed all of it!
but now everytime i'm logging onto a site that requires username and password a BEEPING noise goes off...

i ran AVG a second time and nothing was detected
but was i suppose to run AVG in safe mode? not sure if i did this all right

just want to make sure it's ok thanks

here's my hijack this scan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:19:26 PM, on 12/14/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\TabUserW.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iT... Read more

Read other answers
RELEVANCY SCORE 54.8

Help...I have been infected with some stupid Malware. Not sure if or when I will get back on.

win32.netsky.q

Picked this up from some normal looking site.

Scanned using AVG free version, Spybot S&D and windows defender, none of them will get rid of it.

I happened to see a post somewhere about a file that this downloaded, I tried to delete it, and it would not let me.

It is one of those malware things that installs something, then makes IE and Firefox think you are infected. Both are very unstable. I can not delete the files that look to be causing this, and I can't get on reliably at all.

Please help me...you did before.

A:Win32.netsky.Q

Hello welcome ,take your time,, Run this SAS scan please. I am moving this from XP to the Am I Infected forum also.Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before th... Read more

Read other 2 answers
RELEVANCY SCORE 54.8

One of the house's computers was getting a Win32.Netsky.Q security alert. I attempted to fix that myself by deleting a google folder from the C:Document and Setting/Username/application data folder and the Win32.Netsky.Q alerts are gone. The computer is still running very slow. Some websites seem to load but many (including this one) won't load at all. I have used Adaware several times and I have deleted everything it has found. Malwarebytes is installed on the computer but it won't open. The system restore feature does not seem to work and some programs won't install while others will. I attempted to run Kaspersky but the page cannot be displayed on that computer. Thanks for any help.Below are the logs from RSIT:Info:info.txt logfile of random's system information tool 1.04 2008-12-16 18:07:48

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDl... Read more

A:Tried to fix Win32.Netsky.Q

Hello catbox_9,Welcome to Bleeping Computer.My name mas_pogi and I will be helping you with your Malware problem.As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.Attention!Please do not run any other tool untill instructed to do so.Please tell me about any problems that have occurred during the fix.Please tell me of any other symptoms you may be having as these can help also.Please try as much as possible not to run anything while executing a fix.Please reply to this thread, do not start another.You might want to save this page on your bookmark, so you can find it again when you return.Firefox: Then click on Done.IExplorer: Then click on Add.Stay calm and everything will be just alright.I will be analyzing your log. I will get back to you with instructions as soon as possible.With Regards,mas_pogi

Read other 16 answers
RELEVANCY SCORE 54.8

Not to sure how this works, but hopefully some can help me out, Thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:53:38 AM, on 10/26/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Spyware Doctor\svcntaux.exeC:\Program Files\Spyware Doctor\swdsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Prog... Read more

A:Win32.netsky?

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Stupidkid My name is Richie and i'll be helping you to fix your problems.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each Java version.12. Reboot your computer once all Java components are removed.13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.Download SDFix.exe and save it to your desktop:http://downloads.andymanchesta.com/RemovalTools/SDFix.exe* Double click on SDFix on your desktop,and install the fix to C:\ Please then reboot your computer into Safe Mode by doing the following:* Res... Read more

Read other 1 answers
RELEVANCY SCORE 54.8

Hi

My computer seems to be infected by Win32.Netsky traojan. Every 10 seconds it pops up with a dialog box saying you computer is infected. The only button enabled on the box is enable protection. When I click that IE 7 opens and crashes. Same is the case when I use Google Chrome or any other browser.
Also my outlook crashes.

Please help
Regards
Rachit

Mod?s Message

We need more comprehensive logs for the analysis of potential malware. Please follow the instructions in our NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help sticky and provide the logs requested therein.

Thanks..

A:Win32.Netsky

Hello and Welcome.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Read other 2 answers
RELEVANCY SCORE 54.8

My friend's computer is infected by some virus which windows called win32.netsky. It makes pop-up open constatly and ask him to download something to solve the problem. Also it said that there is an internet attack attempt... It desktop is sometime changing to red with some biohaphazard logo. There are also three little explorer files, one called "cleaner" and the two others I do not remember. I saw a post saying to run smitfraud fix. I did it using option two in safe mode. It looked like it worked but it came back the day after. I was just curious also to know what means in the report the saying that some "srch..." file may not inevitably be infected. Thanks for help
 

A:win32.netsky

By the way, I ran all software like adaware and norton and they found nothing. I am now trying with a program from symantec called FixNetsky. Also, When I ran smitfraud, I did not turn off system restore. Could it be why it came back?
thanks again
 

Read other 1 answers
RELEVANCY SCORE 54.8

I started getting a "Security Center Alert" dialog box today advising me to block the Win32.Netsky.Q software by clicking the "Enable Protection" button. It's actually a fake warning and a scan showed it was not present on my system. There were however two suspicious processes running that I could stop in RAM, but they would start up again after reboot: fhexj6825097.exe and mjkdpl.dll.

After spending many hours trying different methods and software to fix the problem, the only tool that I found that works was Malwarebytes (free version): http://www.malwarebytes.org/

Thanks very much to the developers of Malwarebytes!
 

Read other answers
RELEVANCY SCORE 54.8

Very non-computer savy. You guys helped me some 2 years ago to straighten out an issue I had with Winfixer...this one seems to be in the same vein.Here are my log file things, per the FAQ, that you all need.Multiple scans have been done, this thing only shows up when I start a Firefox of IE session....very unstable, and unreliable to start up a session. It keeps directing me to a site to download a spyware program. the site is www.defender-review.com/?a=112Please help me. info.txt logfile of random's system information tool 1.04 2008-12-12 21:22:05======Uninstall list======-->"C:\Program Files\Creative\SBAudigy2ZS\Program\SETUP.EXE" /S /U /W -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5... Read more

A:Win32.netsky.q

Read some similar threads, downloaded Malwarrebytes and ran it.

here is the log.

Malwarebytes' Anti-Malware 1.31
Database version: 1495
Windows 5.1.2600 Service Pack 3

12/12/2008 9:43:37 PM
mbam-log-2008-12-12 (21-43-37).txt

Scan type: Quick Scan
Objects scanned: 61881
Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Wade\Application Data\Google\mjkdpl.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wade\Application Data\Google\virus.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Read other 9 answers
RELEVANCY SCORE 54.8

Ran the combofix link on my own and seems to have killed off this nasty invader,if someone can please help further to make sure all has been deleted will post the Log,thank you.

A:win32.netsky

here are dds/gmer Logs

Read other 19 answers
RELEVANCY SCORE 54.8

Hello everybody. I am infected with this virus and i don't know how to get rid of it. Can somebody please be of assistance to help my conquer my computer back? I Have Hijack This and here is a logfile, thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:22 PM, on 12/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\... Read more

Read other answers
RELEVANCY SCORE 54.8

I have a trojan virus, the system popped up and stated that some one was trying to infect my machine. Then in another pop up it stated that I have a win32.netsky trojan. I have a HP P4 2.26Ghz with 512MB Ram, win XP Home. I would appreciate some help fixing this. Thanks

A:win32.netsky

Welcome to TSF

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


================================

Please download HJTInstaller.exe Here
Let it Place Hijackthis in C:\Program Files\Trend Micro\Hijackthis
Let it create a Desktop I... Read more

Read other 1 answers
RELEVANCY SCORE 54.8

It has a windows pop up advising of this worm, and to click on this link which prompts me to order this software. I ran Combo Fix, and the log is below.
ComboFix 08-12-12.02 - Andy 2008-12-13 2:39:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.919 [GMT -5:00]
Running from: c:\documents and settings\Andy\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\drivers\svchost.exe
c:\windows\system32\ff_vfw.dll
c:\windows\system32\xvidcore.dll
c:\windows\system32\xvidvfw.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-13 to 2008-12-13 )))))))))))))))))))))))))))))))
.

2008-12-13 01:48 . 2008-12-13 01:48 <DIR> d-------- c:\program files\Enigma Software Group
2008-12-12 22:58 . 2008-12-12 23:02 <DIR> d-------- c:\windows\$regcmp$
2008-12-12 19:12 . 2008-12-12 19:12 49,152 --a------ c:\documents and settings\Andy\Application Data\upd.exe
2008-12-06 20:50 . 2008-12-06 20:51 <DIR> d-------- c:\program files\Zune
2008-11-25 23:03 . 2008-11-25 23:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Launcher
2008-11-25 23:03 . 2008-11-25 ... Read more

Read other answers
RELEVANCY SCORE 54

Hello. I have a Dell XPS 400. It is infected with the win32.netsky virus. I have installed several anti-virus software (avg,spyware terminator,ccleaner) only to get a message that they were installed wrong or they are infected. I'm getting pop-ups from Internet Security 2010. I am able to load in safe mode and safe mode with networking. PLEASE HELP Thank You

Here the HJT report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:09 PM, on 1/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\smss32.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft... Read more

A:Win32.netsky virus

I have a dell xps 400. It is infected with the win32.netsky virus. I can log into safe mode and safe mode with networking. I have installed several anti virus programs that do not work please help me thank you
 

Read other 1 answers
RELEVANCY SCORE 54

I am working on a computer for a friend and it seem to have a virus called "Worm.Win32.Netsky". It is Dell Dimension 5150 running Windows XP Service Pack 3. It has basically disabled all these things:Task MangerWhen I try to open the Task Manager it states "Task Manager has been disabled by your administrator". I tried using a program call "procexp" to see what was running but was not able to tell anything from it.Safe ModeTrying to boot in Safe Mode hitting F5 just re-boots me to the same screenInternetWeb browser loads but will not display any pagesHijackThis resultsLogfile of Trend Micro HijackThis v2.0.2Scan saved at 23:01:51, on 1/28/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\... Read more

A:worm.win32.netsky

Hi,* Please download Malwarebytes' Anti-Malware from HerePlace the installer on your desktop. Rename the installer to firefox.exe or winlogon.exe or explorer.exeThen launch the renamed installer in order to install Malwarebytes.Once Malwarebytes is installed and it won't run, navigate to the Program Files\Malwarebytes' anti-malware folder and locate the mbam.exe file in there. Rename it as well to firefox.exe or winlogon.exe or explorer.exe.Launch the renamed mbam.exe in order to run Malwarebytes.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Do NOT post the log yet, but allow mbam to reboot.After reboot, immediately rescan with m... Read more

Read other 10 answers
RELEVANCY SCORE 54

My daughters computer has been infected with the worm win32.netsky. She was getting a lot of popups and her background was replaced with an error message. We tried to run ad-aware and spybot and the avast free version, deleting the files they found. The McAfee that was on her computer was out of date so after replacing it with the Avast and restarting the desktop would not show at all, Its currently in safe mode with networking. I also ran the Stinger in safe mode, which found an Artemis trojan that is now deleted. I was browsing on here before posting and tried the Comedian to no avail, I was going to try another step that was recommended to someone else but figured it best to post the report before doing anything else. Thank you in advance for your help. I tried to start the Malwarebytes program but it will not run, also the avast is now disabledThis is the first time I have run HijackThis so please forgive any errors on my part, these are the results;Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:47:36 PM, on 2/10/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16850)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavas... Read more

A:Worm Win32.netsky

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.[We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%&#... Read more

Read other 24 answers
RELEVANCY SCORE 54

I was getting a message to say i was infected with worm.win32.netsky so I searched the web for help and found this one. Already there was an article about someone facing the same trouble and also with the reponse of help. In that help i clicked the link to download software that will remove the virus and for over 40 minutes no message saying my computer is infected.
If there is anythig I should do now to avoid worm.win32.netsky or trojans please let me know. Mant thanks.

Heres the Report Log from the scanner i downloaded from your web page:-
SDFix: Version 1.124

Run by bishop climate on 08/01/2008 at 23:05

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting...
Normal Mode:
Checking Files:

Trojan Files Found:

C:\Documents and Settings\bishop climate\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\bishop climate\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\bishop climate\Favorites\Spyware&Malware Protection.url - Deleted
C:\DOCUME~1\BISHOP~1\LOCALS~1\Temp\ac8zt2.dat - Deleted
C:\WINDOWS\ampkfst.dll - Deleted
C:\WINDOWS\bklgvsf.dll - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\ensfolr.dll - Deleted
C:\WINDOWS\foxflpd.exe - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\search_res.txt - Deleted
C:\WINDOWS\system32\NTSpool.e... Read more

Read other answers
RELEVANCY SCORE 54

hi everyone. my computer's been infected. i'm getting a message that tells me i'm infected with worm.win32.netsky. here are the symptoms my computer's exhibiting:
*after windows loads, i get a message that tells me i've been infected with worm.win32.netsky
*my desktop background has been changed to a message telling me "your system is infected"
*my computer has slowed down considerably
*my task manager has been disabled
*the task bar is displayed but nothing on it is clickable including access to the start menu
*i can't access the internet
*i can't load anything from a disc

one more problem - while i wouldn't say i'm computer illiterate, but i do speak computer at a 1st grade level. for example, i had to look up "task bar" just to be sure i was calling it the right thing. just a heads up there. any help would be appreciated.

thanks,
jim

Read other answers
RELEVANCY SCORE 54

About 2 months ago, all the contacts on my hotmail account were deleted and I stopped receiving any emails in my hotmail account. Because of the lazy person I am, I ignored this, as I don't really use email.

Then today, whilst using my computer, it froze, then restarted. When it restarted, it reached the windows XP loading screen with the moving bar in the middle of the screen and after about 3 seconds, the blue screen of death flashed up on the screen and went too quickly for me to read it, then the computer restarted again. The boot screen came up which says that windows didn't start up properly last time, so I had the choice of running in safe mode etc. Last know good configuration and normal, both resulted in the previous blue screen flashing up, that I mentioned.

Then I tried it in safe mode and after it loaded mup.sys, below that, it said 'press ESC to cancel. loading SPTD.sys'. I left it and the computer just restarted, but I didn't see the blue screen this time. When I loaded it in safe mode again, I pressed ESC to cancel the loading of SPTD.sys and safe mode booted. It asked if I wanted to use system restore, which I though would be a good idea, so I pressed 'NO' to activate it and it told me that system restore had been disabled and to contact my system administrator.

Once I'd closed that, a window appeared, telling me that I had Worm.win32.NetSky. I googled this on another computer in the house and looked for ways to remove it, bu... Read more

Read other answers
RELEVANCY SCORE 54

Pardon me if i'm not doing this correctly but this is my first time using Hijackthis and posting a log. If i'm missing anything please quickly ask me what i need to include.
A few days ago i let me friend use my laptop but unfortunately i left him alone and he was surfing the web freely. After a day later i noticed something happening with my computer. While doing nothing on my laptop i suddenly get this windows firewall popup telling me that unauthorized activity has been detected and that unfortunately it cannot help me remove it.
Name: Win32.Netsky.Q
Risk Level: High
Description: This trojan has a keyboard logging function, which is intended to steal information from users of a range of online payment systems.

There are two options, one is grayed out not letting me click on it which is "keep blocking", the other option is "protect" which i can click on.
Clicking on protect will send me to a website here:

http://www.defender-review.com/?a=111

Although before u go there even i'm not sure if that site is safe or not but just look up the following keyword on google.com: safe soft

As i was typing this the popup showed up all of a sudden. This also always happen when i boot up the laptop after everything finishes loading for 2 minutes.
This is a dual core processor 2.0ghz. I am currently using Windows Vista. 32-bit operating system.
Oh and in advance if i need to, can you please tell me how to go to safe mode on vista? Thank you.
Here is t... Read more

A:Trouble with: win32.netsky.q

Oh n/m, i think i might have solved it. I went to research this a lil bit and malwarebyte couldn't find it even after 2 hours of waiting.
I finally came up with this solution on this site:
http://answers.yahoo.com/question/index?qid=20081213122329AAhMo2x

Look at the last answer where the person asks you to reboot in safe mode and delete files using regedit. It followed same procedure except my computer does have the this "fhexj" thing. Everything else was followed.
I rebooted my computer and FINALLY no more of that annoying windows firewall pop up every 15mins. Thank god!
For other people infected with this, please follow the directions from that link.
I hope this doesn't come back up again as it doesn't seem to be currently. Thanks anyway for people who tried to help me.
 

Read other 1 answers
RELEVANCY SCORE 54

Here is the log from after doing the scan and running the fix.

Getting a lot of "virus neutralized" messages from Panda as well as "Adware detected."

Thanks

[Registry - All]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\ddkret not found.
File C:\WINNT\ddkret.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\nopctrl not found.
File C:\WINNT\nopctrl.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F675EED8-4A4B-4A11-801B-08297749B83D} not found.
File C:\WINNT\oprevnpx.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully.
[Files/Folders - Created Within 30 days]
File C:\WINNT\bonsws.dll not found!
File C:\WINNT\ddkret.dll not found!
File C:\WINNT\nopctrl.dll not found!
File C:\WINNT\oprevnpx.dll not found!
File C:\WINNT\sawkip.exe not found!
[Empty Temp Folders]
C:\DOCUME~1\PREFER~1\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
< End of log >
Created on 11/20/2007 14:29:40
 

Read other answers
RELEVANCY SCORE 54

I'm getting constant popups... "Windows has detected an Internet attack attempt", "Click here to download spyware remover for total protection" "Security warning Worm.Win32.Netsky has been detected on your machine" "download adremover 2007" etc. IE keeps popping open to the ad remover website. No spyware programs seem to work.Someone please helpLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:19:33, on 2007-11-19Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeC:\WINDOWS\system32\bmwebcfg.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.6.0_... Read more

A:Worm.win32.netsky Help!1

Hello jiayou,NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Please download SmitfraudFix Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htmYou should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account.Once in Safe Mode, double-click SmitfraudFix.exe Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. Th... Read more

Read other 2 answers
RELEVANCY SCORE 54

On a HP tc4400 tablet pc running MS XP, have encountered the worm.win32.netsky virus by indication of the "spyware alert"/ security warning. Have run hijack and norton internet security with little or no impact on the popups and the overtaking of my desktop screen with bogus file. Can u help?
 

Read other answers
RELEVANCY SCORE 54

below is my latest hjt log--apparently my machine is still infected.

any help is appreciated

Logfile of HijackThis v1.99.1
Scan saved at 4:06:29 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\SearchIndexer.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINNT\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\Pr... Read more

A:HJT Log worm.win32.netsky

...it's not like there's been anything better to do for the last 12 hours than watch this worm/virus/malware/whatever play hell with TSG-recommended AV or spyware...

Well, there's always a first time for everything, and this is the first time you folks came up empty...

A Donating Member
 

Read other 1 answers
RELEVANCY SCORE 54

hi guys love your site! you already helped me twice before through your site as a guest. now i'm asking as a member, i have a virus malware or something! Please help!I'm not super computer savvy but i can do some things.i cleaned up my laptop and my friends laptop using malwarebytesnow on my moms comp i cannot by any means download or run the softwarei even tried putting it on a disk and running from the disk, no use.then i tried vundofix, nothing.worm.win32.netsky is what keeps popping upand another that says trojanspm/lxi unplugged the internet from the infected comp and im using my laptopyesterday, i saw my regular screen. tonight, its a green screen that says "your system is infected!"like i said before, im only skilled to a point. im afraid to ruin the comp. what should i do? im super frustrated and need help asap!!!!!help please!

A:worm.win32.netsky....

Hello and thank you.. I am moving this from Vista to Am I Infected.Let's try this.. Run RKill then immediately run MBAM..post that log.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.You will need to run the application again if rebooting the computer occurs along the way.

Read other 1 answers
RELEVANCY SCORE 54

Please help me get this off my pc, pop-ups keep popping up to tell me Worm.Win32.NetSky has been detected on my machine. Also my home page keeps redirecting to:
http://ucleaner.com/main.php?wmid=6010&mid=MjI6Mjo4OQ==&lndid=2

I read on other forums to get a log file from hijackthis. here is what I have. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:10 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony... Read more

A:Help with Worm.Win32.NetSky

Can Anybody Help Me
 

Read other 2 answers
RELEVANCY SCORE 54

I was looking at a video and it said it needed an active x codec installed to work. It was fake. It installed a worm.

Did anyone get this too. It has a bio hazard symbol that it dis playes on the background of my computer instead of my standard xp background. It then says your privacy is in danger below it. It then has tons of pop ups trying to get me differnt products that are for romoving spyware, cleaning the pc, etc.

Windows security alert says "windows has detected an internet attact attempt Somebody's trying to infect your PzC with spyware or harmful viruses. Run Full system scan now to protect your pc from Internet attacts, hijacking attempts and spyware! Click here to download spyware remover for total protection."

I get another message from security alterts that says I have worm.win32.netsky

Here is my Hijack This log file

Logfile of HijackThis v1.99.1
Scan saved at 1:52:16 PM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Adobe\Photos... Read more

Read other answers
RELEVANCY SCORE 54

My computer has the typical pop-ups, etc, as discussed in the other netsky threads. Here is my log. When I ran DSS, it would not create a extra.txt file. Thank you for your help.

Deckard's System Scanner v20071014.68
Run by Greg Mooradian on 2008-01-30 23:10:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Greg Mooradian.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:57 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\C... Read more

A:Worm.win32.netsky

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the cl... Read more

Read other 15 answers
RELEVANCY SCORE 54

hey i was here a couple months with a virus kinda the same, and im back again with another one i can't get rid rid, windows says its worm.win32.NetSky it gives me pops evry 2 minuits saying to download crap, i have no idea how i got it because i didn't download anything for a while, probably my step dad.
i searched on forums for a quick fix to this but it doesn't look very simple, so ill just post my hijack this log and im currently scanning with SUPERantispyware so ill post up what it says when its done.

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mc... Read more

A:worm.win32.NetSky

Read other 6 answers
RELEVANCY SCORE 54

Hi my computer got infected yesterday. According to the computer is said i was infected with worm.win32.NetSky. I continually get a pop-up that says "Windows has detected an Internet attack attempt..." Upon closing it, it launches Internet Explorer with a website such as udefender or pcsecuresystem. Also, my background has been changing to a red and black image saying that my privacy is in danger and to download all of this stuff to stop it. The CPU is running at 100% use constantly! Please help i need my computer for my work asap! Thanks. - I saw someone else on the forums seems to have the same problem but hasnt appeared to solved it yet! Please Help!

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:38:04 PM, on 11/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program File... Read more

A:worm.win32.netsky

Read other 8 answers
RELEVANCY SCORE 54

Hi Guys!

I started my laptop the other day to be greeted by a message saying:
Security Warning!
Worm.Win32.Netsky detected on your machine.
This virus is distributed via the Internet through email and Active-x
objects.
The worm has its own smtp engine which means it gathers
emails from your local computer and re-distributes itself.
In worst cases this worm can allow attachers to access your
computer, stealing passwords and personal data.
Viruses can damage your confidential data and work on your
computer.
Continue working in unprotected mode is very dangerous.


My wallpaper has changed to bright green with a black box saying:
YOUR SYSTEM IS INFECTED!
System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommended to use spyware removal tool to prevent data loss. Do not use the computer before all spyware is removed."


I googled it and found these instructions to remove it: :removed
but when I boot to safe mode and run SmitfraudFix I get a message saying: Application cannot be executed. The file is infected. Please activate your antivirus software.


I really don't know what to do now. Any help would be very much appreciated!

A:Worm.Win32.Netsky

That's a pretty dated fix you're trying to follow. More likely, the machine is infected with a newish rogue. Security Essentials 2010, Internet Security 2010, or similar.

If you have an active internet connection, copy/paste the links below into your browser, don't click them or the rogue might redirect. If you don't have an active internet connection, download the tools from another machine, and transfer them to the affected machine via USB flash drive.


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.


http://download.bleepingcomputer.com/grinler/rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.com
http://download.bleepingcomputer.com/grinler/rkill.scr
http://download.bleepingcomputer.com/grinler/rkill.pif

Note:

You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

At this point, you should now be able to run analysis tools.

Once the tool has run, do NOT reboot the ma... Read more

Read other 19 answers
RELEVANCY SCORE 54

You all have probably heard of this one, right? Well I have an unusual problem here. Its the same stuff with the Bio Hazard symbol background and the fake Windows alerts and all. I have succeeded in removing it several times, however I always get this Trojan.Zlob attack ever 10-15 minutes afterwards. After a couple of Hours of Norton Blocking this Trojan, Worm.win32.Netsky comes back at full strength. I was wondering if anyone here can help me out?

Here is my SmitFraudFix Report:

SmitFraudFix v2.254

Scan done at 16:27:23.34, Mon 26/11/2007
Run from C:\Documents and Settings\cling08\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
... Read more

A:Worm.win32.NetSky

Hi, Welcome to TSG!!

Smitfraud fix has been updated. Please delete the version you have and download (save) it again from here
SmitfraudFix (by S!Ri).
Extract the content (a folder named SmitfraudFix) to your Desktop. Select all of the contents and Extract them
to a new folder called SmitfraudFix.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

Read other 1 answers
RELEVANCY SCORE 54

My computer has told me I have this and is trying to download numerous programs that will clean my harddrive and protect me from 3rd parties; I don't trust these sites at all, it seems they cmae from the virus. I saw I was supposed to post a HiJack This list so here it is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:37:11 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\M-Audio Fast Track\GBInst.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.e... Read more

A:Worm.Win32.NetSky

Download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
...
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
 

Read other 1 answers
RELEVANCY SCORE 54

Everytime i turn on my computer there is a pop up screen that informs me that i have been infected with worm.win32.netsky.
Thats not the only thing, the desktop icons along with the start menu dont appear they are missing and i cannot enter task manager exept when i enter safe mode there i can access the internet along with my desktop with the help of windows explorer. fortunatly i am able to use the internet to get help and fix my computer (vista ultimate).

I dont know what to do please help

A:Worm.Win32.netsky HELP

Hi and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, as far as they possibly can, before posting for assistance.

http://www.techsupportforum.com/f50/...lp-305963.html

If you have problems with any of the steps, simply move on to the next one and make a note of the problem in your reply.

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply - it may take a few days.

This thread will now be closed.

Read other 1 answers
RELEVANCY SCORE 54

I praise myself for not getting any viruses and having my machines clean for the past 10 years or so (I see myself as an IT geek:)smile.gif but viruses and technology are advancing faster than I can keep up with)... until yesterday, this is my 2nd virus, first one was back in 1996:) As I was browsing the Net I can only assume a website must have installed something without my consent and I got the system warning about Win32.Netsky.Q, same as the photo. I obviously didn't think and clicked protect... I can only assume this was the virus in disguise. Straight away SpyBot told me a new registry was trying to get added something to do with windpipe of course I clicked decline and AVG told me something about Netsky found and it cleaned it but a MSN popup box appeared asking me to log into MSN, kept cancelling and about 10 seconds later my system Shut Down, I got a warning from Word stating that I had to save my file which I didn't... and lost my work but never mind that. On Reboot I was warned by SpyBot that this program was trying to access my Registry, the culprit was in a folder called Google inside my Documents and Settings under Application Data, I've used Unlocker to delete the files as they were in use and though that's that since the Google folder was now gone... but nooo, upon Reboot I was asked again about a registry editing with windpipe so of course I declined and looked into the registry and deleted the record, also as soon as I connect to the NET I get the MSN login ... Read more

A:Win32.Netsky.Q or other Virus

Anyone shed any light on this issue?

Read other 5 answers
RELEVANCY SCORE 54

I downloaded DDS and GMER as instructed and transferred them to the desktop of the PC that is showing the Worm.Win32.NetSky pop-up.

When I double click the DDS icon I get a cannot run window.
Second time I ran it, a blank black window opens with nothing visible.
Similar to a command window - but without anything except the blinking cursor.

When I run GMER, the initial window opened as shown in the initial tutorial. A soon as I try to deselect sections, the box goes black. After 12 minutes and several pop-ups from my current viruses, the desktop is blank. I tried to run GMER again and other than the initial busy cursor, nothing happens. Then the virus pop-ups return.

Not sure what to do next.

A:Worm.Win32.NetSky

Hello and welcome to TSF.

You might want to use the following tool to help allow the programs to run. (courtesy of BleepingComputer.com)

There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.


Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif


Once the tool has run, do NOT reboot the machine, and then try once again to run DDS and GMER and post their logs in a new thread, as this one shall be closed to place it back in the queue.

Read other 1 answers
RELEVANCY SCORE 54

My computer has Worm.Win32.Netsky. I'm using another computer as I can no longer use my other. (which is why i can't include all the file stuff) Everything was fine till a little while ago, some webpages where coming up red and saying I was infected or whatever so I closed everything off. I was installing my new virus program (figured it was a good time with the weird stuff on the webpages) and I had to reboot but when I did everything was messed up. I get several error messages one being the long one saying that im infected with Worm.Win32.Netsky and need to get spyware removal. But my start tool bar never comes up and not long after that I get a message saying it's restarting because of RPC or something and a count down then everything goes off. I tried to access Task Manager and it said it was disabled so tried do some RUN: then going to registry or anything trying to and that also did not work. .I tried safe boot but it shows all the text scrolling for a bit and then just restarts...Allot of posts Iv run into talk of downloading things and this and that but I can't even access anything. I'm not a computer expert and really need some help. Is there anyway to go delete something without loading up windows?

A:Worm.Win32.Netsky

Can i add to my post? *Wanted to mention that I can access the recovery console

Read other 1 answers