Over 1 million tech questions and answers.

'Win32.netsky Q' keeps popping up on my screen.

Q: 'Win32.netsky Q' keeps popping up on my screen.

Hi all,

As stated in the subject heading, this keeps popping up in a Windows Security box, stating it's a keyboard trojun.

I've searched Google to find out where it could be on my computer, and I can't see to locate it, thus leaving me thinking it perhaps isn't in my Windows Directory, or my Registry, as yet. Alas, why does this keep popping up ? All my security settings have been updated, AVG is not picking anything up, I've also installed a SpyWare App, but this is also not picking anything up.

Could anyone help ? If you ask me to post my Hi-Jack log, please could you tell me where I can locate this script on my Vista OS.

Much appreciated,

Dummy :-)

RELEVANCY SCORE 200
Preferred Solution: 'Win32.netsky Q' keeps popping up on my screen.

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: 'Win32.netsky Q' keeps popping up on my screen.

I have also tried this, taken from another thread ..

-----

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press Enter.
* Choose your usual account.

* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
-----

When I double click the BAT File, the Command Windows opens, then closes, so I am unable to do anything, and I am running the file as Admin.

:-\

Read other 4 answers
RELEVANCY SCORE 64.4

Hey everyone.

It's been awhile since I've had any big computer problems, but today when I came back to my laptop and tried to un-idle it, it froze up and I had to manually shut down the power. Upon start up, I was met with the blue screen of doom, giving me the error codes (0x00000023, 0x000E0100, 0xF8975FC0, 0xF8975CBC, and 0x83229805).

I was able to load up with the most "recent configuration" option though. Right before the explorer fully loaded, a pop-up notification came up warning me that my computer was infected with "worm.win32.netsky". Whatever malware had infected my computer had changed the wallpaper and made it so that my computer kept suggesting these fraudulent anti-spyware programs.

I tried to use Smitfraudfix and Malwarebyte to get rid of some things, but now I can't boot up regularly at all - only in safe mode. An attempted regular boot up leads to the dead end blue screen, and the most recent configuration leads to a restart. Though the pop-up warning me about the worm has disappeared in safe mode, I cannot check if the other pop-ups and wallpaper are still there because of the blue screen of death.

Nonetheless, there's still some sort of infection going on, because google redirects hits into random pages. But most of all I want to get around the blue screen. (I've ran chk dsk F\ with no results, and tried to start the CD recovery console but it froze)

I managed to uninstall Utorrent, but Alcohol 120% will not be instal... Read more

A:Worm.Win32.Netsky, Google Redirect Virus and Blue Screen of Death

Hi,

Please do the following:

we need to disable the sptd driver or it will interfere with our tools:

Please download DeFogger to your desktop.
Double click DeFogger to run the tool. The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.


NEXT

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer... Read more

Read other 11 answers
RELEVANCY SCORE 60

It appears that I may have the Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ (or whatever it's called) virus on my laptop and would greatly appreciate your assistance. When I turned it on, it started giving me the below "Spyware Alert!" message followed by the below "WARNING" message after I logged in. My desktop background had NOT changed, as I've seen other people report. I (stupidly) tried to start removal of the virus without your assistance by deleting some of the suspected files. Now, when I login, it immediately logs off. (This happens regardless if I "Start Windows Normally" or go into "Safe Mode") Obviously, before I can post/attach a DDS or HJT log and begin the process of removing the malware, I will need assistance getting logged in. Thanks in advance for your assistance.

============================================

Spyware Alert!

Security Warning!

Worm.Win32.NetSky detected on your machine.
This virus is distributed via the Internet through e-mail and Active-x
objects.
The worm has its own SMTP engine which means it gathers e-mails
from your local computer and re-distributes itself.
In worst cases this worm can allow attachers to access your
computer, stealing passwords and personal data.
Viruses can damage your confidential data and work on your
computer.
Continue working in unprotected mode is very dangerous.
Type: Virus
System Affected: Windows 2000, NT, ME, XP, Vi... Read more

A:Possible Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum so we can get you started. ~ OB

Read other 3 answers
RELEVANCY SCORE 60

It appears that I may have the Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ (or whatever it's called) virus on my laptop and would greatly appreciate your assistance. When I turned it on the other day, it started giving me the below "Spyware Alert!" message followed by the below "WARNING" message after I logged in. My desktop background had NOT changed, as I've seen other people report. I (stupidly) tried to start removal of the virus without your assistance by deleting some of the suspected files and got caught in the Login/LogOff loop. I am now able to get logged in after following the advice here: http://windowsxp.mvps.org/peboot.htm (Thanks to BartPE, What a great tool!). Now, when I try to launch most any (I hesitate to say ALL) applications, even the Task Manager, I get the "WARNING - Application cannot be executed. The file is infected. Please activate your antivirus software." message.When I ran DDS it did not automatically open the logs in Notepad, even though I still have the "WARNING - Application cannot be executed. The file is infected. Please activate your antivirus software." message open so that I could get DDS to launch. (I saw this suggestion somewhere as a work around.) Instead I found them in "C:\WINDOWS\Temp" and have provided them here. Also worth mentioning, I noticed that there were two additional files with the same date/time stamp in the &quo... Read more

A:Possible Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 35 answers
RELEVANCY SCORE 59.6

As you can see from the title, I got a bad infection. I am getting the same screen warning others are getting in other threads concerning this same infection. I am not on this computer as I am afraid to plug it into my home network. I used a memory stick to get this log. Can you please help me? Thanks in advance.
Here is Highjackthis log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:34 PM, on 12/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\... Read more

Read other answers
RELEVANCY SCORE 58

Hello, I would love it if someone could help with this problem...When I login to windows, a message pops up telling me I have worm.win32.netsky And once windows loads, windows defender tells me I have win32/fakeinitI have tried mcafee but to no avail. It does not remove the problem(s).I tried running DDS.scr but the logs never popped up (I waited a long time, too!)But here are the RootRepeal logs as requested. I await your instructions!

A:Worm.win32.netsky and win32/fakeinit

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 2 answers
RELEVANCY SCORE 56

Would really appreciate some help, since am at wits end. I had IE7 installed on my PC and it started spontaneously shutting down yesterday. It opens up fine, and even navigates to a couple of pages, but then shuts down. I have not been able to figure out if there is a pattern to the kinds of pages that make it shut down (definitely cannot go to Windows Update page).Here are some new environmental things that have been happening over the last few days:1. A game called Runescape has been played by a visiting nephew. Said nephew has also watched Loonytunes on my PC2. I installed Kaspersky AV 6.0 two days ago. My old AV software (Norton) had expired 3 days prior to installation of Kaspersky. When I ran Kaspersky yesterday, it told me that the following things had been discovered and fixed: Exploit.Java.ByteVerify, Trojan-Dropper.Java.Small.c., Win32.NetSky.aa, Trojan-Downloader.Win32.Zlob.cz, Trojan-Downloader.Win32.Zlob.cy, Win32.LovGate.w, Explot.html.mht, Trojan-Dropper.Win32.Mudrop.ao3. However, Kaspersky ran again last night, and this morning I saw that there were a number of trojans and viruses that needed to be cleaned (mostly the same as the ones above, except Trojan-Spy.HTML.Sunfraud.c and Net-Worm.Win32.Mytob.dn).Here are some of the things I have done since yesterday, which have made no difference:1. Rolled back IE7 to IE62. Tried a variety of anti-spyware softwares and the only one that turned up something was on Spyware Doctor (PS Guard). However, PS Guard has not ... Read more

A:Exploit.java.byteverify, Trojan-dropper.java.small.c, Win32.netsky.aa, Net-worm.win32.mytob.dn, Etc.

Hello GMS and welcome to the BC HijackThis forum. Let's strt with a little cleanup. Please follow the steps below in order.Step #1If Norton has expired then go to the Control Panel->Add/Remove Programs and uninstall all Symantec/Norton products. If it has expired then it isn't performing any useful function to still be installed, and running 2 AV's can easily cause file access issues.Step #2Download ATF CleanerDouble-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Step #3Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)Now close ALL open windows ... Read more

Read other 3 answers
RELEVANCY SCORE 54.8

ran some virus scans....found some downloaders in some svchosts but cant quite figure out why it wont let me on internet explorer. few other things are acting weird as well. sorry i dont have a better decription of the problem, this isn't my computer. please look at the logs and tell me it you see anything...Logfile of random's system information tool 1.04 (written by random/random)Run by Lucy Northrop at 2008-12-15 16:15:39Microsoft Windows XP Professional Service Pack 3System drive C: has 6 GB (17%) free of 38 GBTotal RAM: 1014 MB (50% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:16:16 PM, on 12/15/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\S... Read more

A:win32.netsky.Q

new info....found mjkdpl.dll, gonna try to get rid of it

edit...

removed
C:\Documents and Settings\Your Name\Application Data\Google\fhexj6825097.exe
C:\Documents and Settings\Your Name\Application Data\Google\mjkdpl.dll

we'll see what happens

any other suggestions are still welcomed!

Read other 3 answers
RELEVANCY SCORE 54.8

Hi

My computer seems to be infected by Win32.Netsky traojan. Every 10 seconds it pops up with a dialog box saying you computer is infected. The only button enabled on the box is enable protection. When I click that IE 7 opens and crashes. Same is the case when I use Google Chrome or any other browser.
Also my outlook crashes.

Please help
Regards
Rachit

Mod?s Message

We need more comprehensive logs for the analysis of potential malware. Please follow the instructions in our NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help sticky and provide the logs requested therein.

Thanks..

A:Win32.Netsky

Hello and Welcome.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Read other 2 answers
RELEVANCY SCORE 54.8

My PC was infected today with the Win32.netsky WORM. I cannot do anything on my PC. I can't access the Registry. I cannot get online. When I boot up it says the the pc has been infected. I was getting alerts saying that I had a 'generic fakealert!htm' but that has stopped. I keep getting popups saying that Windows detects something harmful in my pc and to scan with anti-spyware. When I scanned it came up with 10 items but was only able to remove 7 of the 10 items. Please help!! Thanks so much.
I know it is difficult to help as I cannot get online to download anything. Also... I bought a new software Kaspersky antivirus - but when I try to install it - I get an error and it tells me to go online to get a key and I cannot go online. My service provider tried to help me go online but it says something about connectivity and the IP address. She tried many times to change the IP address but it would not change. I have Windows XP.

Thanks again!
 

Read other answers
RELEVANCY SCORE 54.8

Hello everybody. I am infected with this virus and i don't know how to get rid of it. Can somebody please be of assistance to help my conquer my computer back? I Have Hijack This and here is a logfile, thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:22 PM, on 12/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\... Read more

Read other answers
RELEVANCY SCORE 54.8

Very non-computer savy. You guys helped me some 2 years ago to straighten out an issue I had with Winfixer...this one seems to be in the same vein.Here are my log file things, per the FAQ, that you all need.Multiple scans have been done, this thing only shows up when I start a Firefox of IE session....very unstable, and unreliable to start up a session. It keeps directing me to a site to download a spyware program. the site is www.defender-review.com/?a=112Please help me. info.txt logfile of random's system information tool 1.04 2008-12-12 21:22:05======Uninstall list======-->"C:\Program Files\Creative\SBAudigy2ZS\Program\SETUP.EXE" /S /U /W -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5... Read more

A:Win32.netsky.q

Read some similar threads, downloaded Malwarrebytes and ran it.

here is the log.

Malwarebytes' Anti-Malware 1.31
Database version: 1495
Windows 5.1.2600 Service Pack 3

12/12/2008 9:43:37 PM
mbam-log-2008-12-12 (21-43-37).txt

Scan type: Quick Scan
Objects scanned: 61881
Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Wade\Application Data\Google\mjkdpl.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wade\Application Data\Google\virus.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Read other 9 answers
RELEVANCY SCORE 54.8

Ran the combofix link on my own and seems to have killed off this nasty invader,if someone can please help further to make sure all has been deleted will post the Log,thank you.

A:win32.netsky

here are dds/gmer Logs

Read other 19 answers
RELEVANCY SCORE 54.8

My friend's computer is infected by some virus which windows called win32.netsky. It makes pop-up open constatly and ask him to download something to solve the problem. Also it said that there is an internet attack attempt... It desktop is sometime changing to red with some biohaphazard logo. There are also three little explorer files, one called "cleaner" and the two others I do not remember. I saw a post saying to run smitfraud fix. I did it using option two in safe mode. It looked like it worked but it came back the day after. I was just curious also to know what means in the report the saying that some "srch..." file may not inevitably be infected. Thanks for help
 

A:win32.netsky

By the way, I ran all software like adaware and norton and they found nothing. I am now trying with a program from symantec called FixNetsky. Also, When I ran smitfraud, I did not turn off system restore. Could it be why it came back?
thanks again
 

Read other 1 answers
RELEVANCY SCORE 54.8

I have a computer infected with the Win32.Netsky virus. I had been locked out of the system for sometime, but found a way in by replacing the userinit file. Now that I am back into Windows I want to finally rid the computer of this nemesis! I have run the DDS file. The computer started one of its famous shut downs when you try to run any removal programs. I did manage to save the file on my zip drive with 15 seconds left before shut done. Can you please advise what I might be able to do to fix this situation. I have attached the file the DDS program generated. Your help will be greatly appreciated!Amy

A:Win32.Netsky

Can you also please post the DDS.txt log so we can take a look.Thanks. Re-run DDS if you need to.

Read other 3 answers
RELEVANCY SCORE 54.8

Help...I have been infected with some stupid Malware. Not sure if or when I will get back on.

win32.netsky.q

Picked this up from some normal looking site.

Scanned using AVG free version, Spybot S&D and windows defender, none of them will get rid of it.

I happened to see a post somewhere about a file that this downloaded, I tried to delete it, and it would not let me.

It is one of those malware things that installs something, then makes IE and Firefox think you are infected. Both are very unstable. I can not delete the files that look to be causing this, and I can't get on reliably at all.

Please help me...you did before.

A:Win32.netsky.Q

Hello welcome ,take your time,, Run this SAS scan please. I am moving this from XP to the Am I Infected forum also.Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before th... Read more

Read other 2 answers
RELEVANCY SCORE 54.8

Not to sure how this works, but hopefully some can help me out, Thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:53:38 AM, on 10/26/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Spyware Doctor\svcntaux.exeC:\Program Files\Spyware Doctor\swdsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Prog... Read more

A:Win32.netsky?

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Stupidkid My name is Richie and i'll be helping you to fix your problems.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each Java version.12. Reboot your computer once all Java components are removed.13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.Download SDFix.exe and save it to your desktop:http://downloads.andymanchesta.com/RemovalTools/SDFix.exe* Double click on SDFix on your desktop,and install the fix to C:\ Please then reboot your computer into Safe Mode by doing the following:* Res... Read more

Read other 1 answers
RELEVANCY SCORE 54.8

One of the house's computers was getting a Win32.Netsky.Q security alert. I attempted to fix that myself by deleting a google folder from the C:Document and Setting/Username/application data folder and the Win32.Netsky.Q alerts are gone. The computer is still running very slow. Some websites seem to load but many (including this one) won't load at all. I have used Adaware several times and I have deleted everything it has found. Malwarebytes is installed on the computer but it won't open. The system restore feature does not seem to work and some programs won't install while others will. I attempted to run Kaspersky but the page cannot be displayed on that computer. Thanks for any help.Below are the logs from RSIT:Info:info.txt logfile of random's system information tool 1.04 2008-12-16 18:07:48

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDl... Read more

A:Tried to fix Win32.Netsky.Q

Hello catbox_9,Welcome to Bleeping Computer.My name mas_pogi and I will be helping you with your Malware problem.As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.Attention!Please do not run any other tool untill instructed to do so.Please tell me about any problems that have occurred during the fix.Please tell me of any other symptoms you may be having as these can help also.Please try as much as possible not to run anything while executing a fix.Please reply to this thread, do not start another.You might want to save this page on your bookmark, so you can find it again when you return.Firefox: Then click on Done.IExplorer: Then click on Add.Stay calm and everything will be just alright.I will be analyzing your log. I will get back to you with instructions as soon as possible.With Regards,mas_pogi

Read other 16 answers
RELEVANCY SCORE 54.8

I started getting a "Security Center Alert" dialog box today advising me to block the Win32.Netsky.Q software by clicking the "Enable Protection" button. It's actually a fake warning and a scan showed it was not present on my system. There were however two suspicious processes running that I could stop in RAM, but they would start up again after reboot: fhexj6825097.exe and mjkdpl.dll.

After spending many hours trying different methods and software to fix the problem, the only tool that I found that works was Malwarebytes (free version): http://www.malwarebytes.org/

Thanks very much to the developers of Malwarebytes!
 

Read other answers
RELEVANCY SCORE 54.8

I have a trojan virus, the system popped up and stated that some one was trying to infect my machine. Then in another pop up it stated that I have a win32.netsky trojan. I have a HP P4 2.26Ghz with 512MB Ram, win XP Home. I would appreciate some help fixing this. Thanks

A:win32.netsky

Welcome to TSF

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


================================

Please download HJTInstaller.exe Here
Let it Place Hijackthis in C:\Program Files\Trend Micro\Hijackthis
Let it create a Desktop I... Read more

Read other 1 answers
RELEVANCY SCORE 54.8

It has a windows pop up advising of this worm, and to click on this link which prompts me to order this software. I ran Combo Fix, and the log is below.
ComboFix 08-12-12.02 - Andy 2008-12-13 2:39:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.919 [GMT -5:00]
Running from: c:\documents and settings\Andy\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\drivers\svchost.exe
c:\windows\system32\ff_vfw.dll
c:\windows\system32\xvidcore.dll
c:\windows\system32\xvidvfw.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-13 to 2008-12-13 )))))))))))))))))))))))))))))))
.

2008-12-13 01:48 . 2008-12-13 01:48 <DIR> d-------- c:\program files\Enigma Software Group
2008-12-12 22:58 . 2008-12-12 23:02 <DIR> d-------- c:\windows\$regcmp$
2008-12-12 19:12 . 2008-12-12 19:12 49,152 --a------ c:\documents and settings\Andy\Application Data\upd.exe
2008-12-06 20:50 . 2008-12-06 20:51 <DIR> d-------- c:\program files\Zune
2008-11-25 23:03 . 2008-11-25 23:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Launcher
2008-11-25 23:03 . 2008-11-25 ... Read more

Read other answers
RELEVANCY SCORE 54.8

I was getting the Win32.netsky.Q message constantly from windows defender yesterday
the message was saying the virus could detect keyboard information and lead to password detection (somewhere along that line)

and on top of that a generic trojan horse c_abus & abuu & abuc (not too sure on the name)
but after i ran AVG i believe/hope healed all of it!
but now everytime i'm logging onto a site that requires username and password a BEEPING noise goes off...

i ran AVG a second time and nothing was detected
but was i suppose to run AVG in safe mode? not sure if i did this all right

just want to make sure it's ok thanks

here's my hijack this scan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:19:26 PM, on 12/14/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\TabUserW.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iT... Read more

Read other answers
RELEVANCY SCORE 54

this along with other thing keeps popping up "security warning!
worm.win32.netsky detected on your machine. this virus is distributed via the internet through email and active-x objects. the worn has its own smtp engine which means it gathers e-mails from your local computers and re redistributes itself...
tye---virus
system affected windows 2000,nt,me,xp,vista
security risk(0-5): 5
recommendations click yes to remove it from your pc immediately
the weird this is that when it pops up on the task bar it shows it as a folder icon..ive never seen a pop up shown as a folder
its really starting to piss me off it makes my pc so ****ing slow!!!!
and i have the little blinking red x on my task bar thing

ive tried a whole lot of things like prevx
regcure
norton trial i cant afford norton
ive tried spybot
malware scanner
a few more thing that i cant think of i dont know internet explorer things keep popping up i hate i.e
i use mozilla
umm system alert warnings keep popping up
saying that my system is infected
i dont know what to do anymore
im trying my best to get rid of the problem...

im using compaq preserio xp i think its just regular xp

well if u could help me out that would be wonderful...

o and every time i start my comp there are three new icons on the desktop there all tools to remove spyware malware ect. i didnt put em there they are just there

ive had a friend whos comp did the same thing

i dont remember what he did
but everytime i delete the 3 icons next time ... Read more

Read other answers
RELEVANCY SCORE 54

hi,

My friend's computer has a virus (worm.win32.netsky)! tried to remove it with mcafee but couldn't! then i read one of the post here mentioning hijackthis! so i downloaded it, ran it and here's my log! could someone please let me know what to do?? thanks a lot!

more info: he has installed a few programs on the desktop : spyware&malware protection, error cleaner, privacy protector and find spyware remover!.. plus it seems this virus is trying to access the web I guess because IE windows keep popping every time!
Logfile of HijackThis v1.99.1
Scan saved at 6:24:00 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEB... Read more

A:worm.win32.netsky Help! here's my log!

anyone?
 

Read other 2 answers
RELEVANCY SCORE 54

Hi, in the beginning of January, I got infected by worm.win32.netskymy wallpaper got changed and at first I could still use the internet, and then the next day the internet stopped workingthen I went online and searched for solutions (I ran the malwarebyte and removed the things it listed) , and I got rid of the infected wallpaperbut my computer beeps everyday I turn it on now, and the internet does not work, and the PASTE thing doesn't work.The system restore didn't work.When I was trying to run the system recovery, it said something like "File\minint\system32\ntkrnlmp.exe could not be loaded. error code 14"I inserted the Gateway reinstallation CD, but it didn't run at all.Hopefully you guys can help me, please!I have the DDS, ATTACH, and the malwarebyte log too but I don't know if I should post them.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:46:22 PM, on 3/12/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Kaspersky L... Read more

A:worm.win32.netsky? i think

can some one help me please?

Read other 26 answers
RELEVANCY SCORE 54

Something's creeped onto my wife's laptop. It keeps bringing up IE windows for virus programs and spyware alerts and talking about some "worm.win32.netsky" virus.

Here's the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:02:51 PM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Prog... Read more

A:Worm.win32.netsky bug

Read other 9 answers
RELEVANCY SCORE 54

Hi my computer got infected yesterday. According to the computer is said i was infected with worm.win32.NetSky. I continually get a pop-up that says "Windows has detected an Internet attack attempt..." Upon closing it, it launches Internet Explorer with a website such as udefender or pcsecuresystem. Also, my background has been changing to a red and black image saying that my privacy is in danger and to download all of this stuff to stop it. The CPU is running at 100% use constantly! Please help i need my computer for my work asap! Thanks. - I saw someone else on the forums seems to have the same problem but hasnt appeared to solved it yet! Please Help!
 

A:worm.win32.netsky HELP please!

* Click here to download HJTsetup.exe.
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 1 answers
RELEVANCY SCORE 54

My computer has told me I have this and is trying to download numerous programs that will clean my harddrive and protect me from 3rd parties; I don't trust these sites at all, it seems they cmae from the virus. I saw I was supposed to post a HiJack This list so here it is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:37:11 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\M-Audio Fast Track\GBInst.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.e... Read more

A:Worm.Win32.NetSky

Download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
...
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
 

Read other 1 answers
RELEVANCY SCORE 54

My laptop is telling me that I have this virus on my computer and is continually telling me spyware alerts and things of that nature..
what is the most effective and fast way to rid my computer of this. I have a lot of school work on here and cannot lose any.
 

A:help me!! worm.win32.netsky

Hi and welcome to TSG,

Click here to download HJTsetup.exe.

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

 

Read other 1 answers
RELEVANCY SCORE 54

About 2 months ago, all the contacts on my hotmail account were deleted and I stopped receiving any emails in my hotmail account. Because of the lazy person I am, I ignored this, as I don't really use email.

Then today, whilst using my computer, it froze, then restarted. When it restarted, it reached the windows XP loading screen with the moving bar in the middle of the screen and after about 3 seconds, the blue screen of death flashed up on the screen and went too quickly for me to read it, then the computer restarted again. The boot screen came up which says that windows didn't start up properly last time, so I had the choice of running in safe mode etc. Last know good configuration and normal, both resulted in the previous blue screen flashing up, that I mentioned.

Then I tried it in safe mode and after it loaded mup.sys, below that, it said 'press ESC to cancel. loading SPTD.sys'. I left it and the computer just restarted, but I didn't see the blue screen this time. When I loaded it in safe mode again, I pressed ESC to cancel the loading of SPTD.sys and safe mode booted. It asked if I wanted to use system restore, which I though would be a good idea, so I pressed 'NO' to activate it and it told me that system restore had been disabled and to contact my system administrator.

Once I'd closed that, a window appeared, telling me that I had Worm.win32.NetSky. I googled this on another computer in the house and looked for ways to remove it, bu... Read more

Read other answers
RELEVANCY SCORE 54

hi i downloaded the HJTsteup and have the following log. I know several people have had this problem before. Anyone got a fix yet?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:22 AM, on 10/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Mozy\mozybackup.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\s... Read more

A:worm.win32.netsky

Hi, Welcome to TSG!

Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Open the c:\SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

 

Read other 3 answers
RELEVANCY SCORE 54

Logfile of HijackThis v1.99.1
Scan saved at 10:09:36 AM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Progr... Read more

A:worm.win32.netsky Help!

Hi and welcome to TSG,

Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
Instead of Windows loading as normal, the Advanced Options Menu should appear
Select the first option, to run Windows in Safe Mode, then press Enter
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any... Read more

Read other 1 answers
RELEVANCY SCORE 54

Basically, My brother was on the computer, and now we've been getting pop ups, and the CPU Usage goes straight to 100%I've post the Hijack this logs into the category already, and, typing this is really hard because the line thing keeps going back lettersAnd pages keep switching on there own to like random apps.This one i just closeThis one is stupid. It runs as IEXPLORER.exe and no matter what i do, it opens a ie page.I just close this as wellAny help would be AMAZING

A:Worm.win32.netsky

Your log is posted here.After posting a log you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".To avoid confusing, I am closing this topic until you are cleared by the HJT Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.Thanks for your cooperation and good luck with your log.

Read other 1 answers
RELEVANCY SCORE 54

hi everyone. my computer's been infected. i'm getting a message that tells me i'm infected with worm.win32.netsky. here are the symptoms my computer's exhibiting:
*after windows loads, i get a message that tells me i've been infected with worm.win32.netsky
*my desktop background has been changed to a message telling me "your system is infected"
*my computer has slowed down considerably
*my task manager has been disabled
*the task bar is displayed but nothing on it is clickable including access to the start menu
*i can't access the internet
*i can't load anything from a disc

one more problem - while i wouldn't say i'm computer illiterate, but i do speak computer at a 1st grade level. for example, i had to look up "task bar" just to be sure i was calling it the right thing. just a heads up there. any help would be appreciated.

thanks,
jim

Read other answers
RELEVANCY SCORE 54

I somehow have this virus, worm, or trojan that I can not get rid of. It will not allow me to go to the task monitor, burn files, and it has slowed down my pc dramatically. I get an insane amount of pop up that tell me that my pc is infected and I had better buy their software or I will lose everything. One pop up in particular is from Windows security and it says that I have the "worm.win32.netsky" virus. It pops up every 3 minutes or so. Also every time I open up IE7 I am redirected to some site about cleaning up spyware. I went out and bought McAfee Total Protection but after running it there is no improvement and the same messages appear. So annoying!!! McAfee only picks up about 5 cookies and that is it. I also tried their virus removal tool "stng380". No help. What do I do??? I have a ton of precious pictures that I can not lose. Please help... Here is the Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:17 PM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee... Read more

A:Help please worm.win32.netsky

Read other 16 answers
RELEVANCY SCORE 54

Hello,

Recently my friend turned on her computer to find it ransacked with viruses and malware/adware. I hooked her up with Panda Internet security. So now she has good anti-virus. We just need to eliminate the adware that is still there. One claims she has a worm.win32.netsky.

She has a few items that are also hijacking her browser. As well as a flashing red stopsign with an x that reminds me of the killbox programs icon. It pops up a spyware alert. I am posting this hoping she will be able to come into this and fix her issues. So please explain as best you can as she is not hugely experienced with this kind of thing.

Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:35 PM, on 2/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Soft... Read more

A:worm.win32.netsky

Hello and Welcome. Apologies for any delay in replying, but we have been rather busy lately.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

If you still require assistance for this issue, and since it has been a few days since you first posted, please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your syste... Read more

Read other 1 answers
RELEVANCY SCORE 54

I am trying to remove the worm netsky from my system. I downloaded HiJack This and here is the log file. Please help. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:21 PM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program ... Read more

Read other answers
RELEVANCY SCORE 54

I'm getting constant popups... "Windows has detected an Internet attack attempt", "Click here to download spyware remover for total protection" "Security warning Worm.Win32.Netsky has been detected on your machine" "download adremover 2007" etc. IE keeps popping open to the ad remover website. No spyware programs seem to work.Someone please helpLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:19:33, on 2007-11-19Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeC:\WINDOWS\system32\bmwebcfg.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.6.0_... Read more

A:Worm.win32.netsky Help!1

Hello jiayou,NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Please download SmitfraudFix Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htmYou should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account.Once in Safe Mode, double-click SmitfraudFix.exe Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. Th... Read more

Read other 2 answers
RELEVANCY SCORE 54

My computer was exposed to the Win32.Netsky.Q worm. Since then i have been getting Security Center Alerts asking if this program should be block, but does not allow the Keep Blocking or Unblock option to be selected. In addition to this pop up, Firefox has been starting up with a message that says "Insecure Internet activity. Threat of virus attack" and then closing. I then get an error message saying that Firefox crashed.

I have run the symantec program that is suppose to get rid of this but it couldn't find anything. I then followed the advise of a previous post and ran Malwarebytes software. It found and removed 2 pieces of malware and a second search found none. Since then the Alerts keep appearing but now Firefox does not immediately crash when I start it, when I try and check my mail it still crashes.

Hope you can help. Here is my Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:13 PM, on 12/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Fi... Read more

A:Problems with Win32.Netsky.Q

After continuing to mess with Malwarebytes I was eventually able to get it to update. It was then able to find and remove the files associated with Win32.Netsky.Q. My computer seems clean now, Thanks to the people who suggested Malwarebytes.
 

Read other 1 answers
RELEVANCY SCORE 54

I think this is a fake trojan that is trying to get me to buy anti-virus software. I already partially removed it once when I was able to run the Task Manager but it has been disabled by the malware again. Malware Bytes will not load (the computer cannot find MBAM.exe). Please help! I have attached the Hijack this log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:42:38 PM, on 2/8/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Common Files\AOL\ACS\AOLAcs... Read more

A:Worm.Win32.Netsky

Please download The Comedian.exe by Rorschach112 to your desktopPlease disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..Double click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedSTOP! if you can't complete this step.. Tell me more about it..NEXTPlease download OTS by OldTimer and unzip it to your Desktop..Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Double-click on OTS to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).At the top, tick on Scan All Users sectionAt File Age set it to 90 DaysIn the Processes, Modules, Services, Drivers and Registry section, please set on Safe List.In the Files Created Within and Files Modified Within section, set it to File AgeAt the bottom, tick on all Safe List and Use Company Name WhiteList optionUnder Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them:Reg - Disabled MS Config ItemsReg - Drivers32Reg - ExtReg - IE Explorer BarReg - NetSvcsReg - Safeboot MinimalReg - Safeboot NetworkFile - Lop CheckFile - Purity Sca... Read more

Read other 17 answers
RELEVANCY SCORE 54

Yesterday (3/6/08) the wife asked about a some problem while she was playing snood. I noticed a gray window that stated "Security warning! Worm win32.Netsky detected on your machine. This virus is distributed via the internet through e-mails and active-x objects. The worm has its own SMTP engine which means it gathers e-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers toaccess yor computer, steal passwords and personal data. This process should be removed from your system

Type: Virus

Systems Affected: Windows 2000, NY,ME, XP, Vista

Security Risk: (0-5): 5

Click yes to remove it from your PC immediately."

I also developed a flashing red stop sign that comes and goes on the task bar that generates the following: "Warning; Windows has detected virus activity. This may impact performance of your computer. Please use recommended antispyware software to protect your system from parasitic programs. This shows up in a balloon above the right hand corner task bar by time/date.


There is also a gray window that pops up usually in the middle of screen that reads as follows: Windows Security Alert Windows has detected an internet attack attempt...Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from internet attacks, hijacking attempts and spyware. Click here to download spyware remover for total protection. I have n... Read more

A:Win32.Netsky Problem or Not!

I wanted to add a few things. I missed last night. I have three icons that will not go away no matter how many times I delete them. They are spyware&Malware Protection,Error Cleaner and Privacy Protector they all go to the same site


I also forgot to tell you I am running a Dell 4600 with XP SP2.

Andy

Read other 1 answers
RELEVANCY SCORE 54

Hi, I think I am stuck with Worm.Win32.Netsky. Probably was a leftover from SpySheriff (which was removed through smitfraudfix). The scans stopped the agressive popups but my explorer is still slow and the home page keeps going back to random adds. If you see anything wrong, I would really appreciate it.ThanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:44:13 PM, on 12/19/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\Ati2evxx.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\ISS\BlackICE\blackd.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeC:\Program Files\HP DVD\Umbrella\DVDTray.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\... Read more

A:Worm.win32.netsky

Hi,I see you have two Firewalls (Blackice and Sygate) installed and no Antivirus.More than 1 Firewall installed is a real bad idea, it may cause your system to crash or at least cause a serious system slowdown and connection problems. So I suggest you uninstall one of them.Also install an Antivirus, because you really need one. How are you supposed to prevent further infections otherwise? By the way, AVG Antispyware is NO Antivirus.Also, I see you Microsoft Antispyware installed. This one is real outdated, so uninstall it if still present.Then reboot. Important.After reboot, * Download SDFix and save it to your Desktop.* Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)* Reboot into Safe Mode`: ( without networking support !)?To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times. Choose Safe Mode from the menu that will appear and press Enter. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix... Read more

Read other 8 answers
RELEVANCY SCORE 54

got hit with this about 30mins ago and have seen member JTMC post in other sections about how to get rid of it, but being a bit of a computer novice i really need a step by step dummie version of how to get rid of this without having to pay for any malware things, please help, i need my computer!! )
 

A:need help removing win32.netsky.q

forgot to say i got it when tryin to d/l a .rar file

ran a search for FHEXJ6825097 in My Computer (like JTMC said) and in folder C:\WINDOWS\Prefetch was FHEXJ6825097-EXE-1727CD3D.pf and in folder C:\Documentsandsettings\(myusername)\Applicationsdata\Google was FHEXJ6825097.exe with what looked like the windows firewall icon
 

Read other 1 answers
RELEVANCY SCORE 54

Starting last week, my wallpaper got changed and there's a box in the middle saying "Your comuter is infected", but I was still able to use the internet, then I download the malwarebyte, and then i restarted the comp,
but it didn't work!!
now everytime I start my computer, there'd be a
"SECURITY ALERT!
Worm.Win32.NetSky detected on your computer"
and a beep

I can't open the internet any more so i can't download any more anti spyware stuff.
I tried to do the recovery thing, but then it says something like "ERROR CODE 14"
I tried using another computer to download some anti spyware softwares into a flashdrive, but my infected computer wouldn't load the flashdrive
So then I tried writing those files into a CD and then paste them into the infected computer, and it wouldn't let me paste
I can't open the regedit either
When I did the ctrl+alt+del, it says "the task manager has been disabled by your administrator".

I downloaded the OTLPE.iso thing, but i don't know why is the file size isn't what it's supposed to be(292MB), it's 270mb instead.

and then I booted the laptop with that CD, then I clicked the OTLPE icon, it asked me "Do you wish to load the remote registry", i clicked yes

then it says

Browse for Folder
Choose Windows Directory
My Computer
RAMDISK (B)
ReatogoPE (X)
Shared Documents

but when i click them, it'll say "target is not 2000 or later" or "no windows inst... Read more

Read other answers
RELEVANCY SCORE 54

Am experiencing an annoying problem on my ThinkPad running XP Pro SP2. The system hung up while deleting old emails. I unplugged the ethernet cable and tried to close the window without success. Meanwhile a popup appeared warning I had "Worm.WIN32.NetSky." Couldn't access the Start menu or open Task Manager. Had to force a shutdown using the power button.

Started back up in Safe Mode and ran SUPERAntiSpyware which found and vaulted:
"worm.Agobot-WC" (x1)
"SMSS32.EXE" (x3)
While SUPERAntiSpyware was running, a popup purportedly from "IDS Software" warned it had detected "TROJANSPM/LX." I suspect this was fake but in a careless moment closed the popup by clicking "x" in its upper corner.

Now when rebooting, either in Safe Mode or normally, my usual desktop loads briefly and then the Welcome screen comes up. I've never booted to the Welcome screen before. Nor have I ever booted using a password. Clicking the "Administrator" log on icon went briefly to the desktop then back to the Welcome screen. But now only the "User" and not the "Administrator" log on icon appears on the Welcome screen.

Can't get past the Welcome screen except by CTRL-ALT-DEL to shutdown or by a suspicious looking "Turn Off Test" icon at the lower left on the Welcome screen, which brings up a shutdown menu box.

I've tried to make a boot repair using Recovery Console from the XP CD ... Read more

A:Worm.WIN32.NetSky

This topic has been split into it's own topic.. including a small bump here. Original was split from this topic in Windows XP Home and Pro I have pm'd the member with a link to let them know.

Read other 2 answers
RELEVANCY SCORE 54

The description says it all. I get warnings, IE self-starting with offers of free scans, &c, &c.Any help is appreciated.Regards,DougMod Edit: Topic moved to more appropriate forum~ TMacK

A:Worm.win32.netsky

After an attack by Worm.Win32.Netsky, my mouse no longer behaves in the manner I wish. Checking the folder options, I find the mouse options I usually use have been disabled (see attachment). Any clues?Regards,Dorjun DriverMod Edit: Topic " Folder Options Conundrum" merged with this topic for continuity purposes.~ TMacK

Read other 10 answers