Over 1 million tech questions and answers.

Worm.win32.netsky Detected On Your Machine

Q: Worm.win32.netsky Detected On Your Machine

Hello, I m new on this forum and as you can see instantly I have a problem sad.gif Yesterday I started getting pop-ups which said this:Worm.Win32.NetSky detected on your machine. This virus is distributed via the Internt through e-mail and Active-X objects. The worm has its own SMTP engin which means it gathers e-mails from your local computer and re-distributes itself. In worst case this worm can allow attackers to access your computer, stealing passwords and personal data.This process should be removed from your system.Type: VirusSystem Affected: Windows 2000, NT, ME, XP, VistaSecurity Risk (0-5): 5Recomendations: Click Yes to remove it from your PC immediatelyand thisWindows has detected an Internet attack attempt...Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from Internet attacts, hijacking attempts and spyware! Click to download spyware remover for total protectionAlso my task manager was blocked and I had to do the followingClick on Start, Run and type the following command exactly and press EnterREG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /fWindows XP is my OS and I m using Zone Alarm Pro.This is my HijackThis LogLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:00:40, on 22.2.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Trust_CR-1200_16-in-1_USB2_CARD_READER\shwicon2k.exeC:\WINDOWS\WebCam\M1000\M1000Mnt.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exeC:\WINDOWS\explorer.exeC:\PROGRA~1\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Internet Explorer\iexplore.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SXG Advisor - {6FFDE480-14C1-43FC-BEC1-CA97A2541FFD} - C:\WINDOWS\dmdvpnslp.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O3 - Toolbar: emotigt - {54BECB1C-D4EA-47B2-9B56-C6768144FDD5} - C:\WINDOWS\emotigt.dllO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Trust_CR-1200_16-in-1_USB2_CARD_READER\shwicon2k.exeO4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMntO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dllO9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O17 - HKLM\System\CCS\Services\Tcpip\..\{E901FCDC-AB4E-4183-B659-B9CD57218D07}: NameServer = 80.65.162.101 217.199.128.11O21 - SSODL: bdmanager - {553F089D-C14A-4463-AEA5-CEE7E908B449} - C:\WINDOWS\bdmanager.dllO21 - SSODL: admgcx - {FC017DD0-5163-4CEB-9876-D0EDD1F0D289} - C:\WINDOWS\admgcx.dllO23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exeO24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Korisnik/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg--End of file - 5480 bytes

RELEVANCY SCORE 200
Preferred Solution: Worm.win32.netsky Detected On Your Machine

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Worm.win32.netsky Detected On Your Machine

Problem solved with Rogue Remover and HijackThis!

Read other 2 answers
RELEVANCY SCORE 123.2

DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by RicardoBurton at 17:48:02.19 on Mon 01/04/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1014.556 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\RicardoBurton\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.atcomet.com/b/
uInternet Settings,ProxyOverride = *.local
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US ... Read more

A:Worm.Win32.NetSky detected on your machine

Hi,

Please do the following:

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


NEXT


Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

NEXT



Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ..... Read more

Read other 6 answers
RELEVANCY SCORE 123.2

Hello new to this forum

I recently just upgraded my Dell Inspiron E 1705 from XP to Windows 7.
When I'm searching for something on google it would send me to a random website or say that the website may contain a virus or unprotected etc.

after i restarted the computer and turned it back on, I come to this problem of only seeing my cursor on my desktop with a black black screen and could not do anything except Ctrl+Alt Delete to see my task manager and shut down. I tried restarting over and over hoping it would just go away. I am now using my work company to write this message and find a solution. I tried reinstalling my Kaspersky onto my computer after i upgraded to Windows 7 and it says I have a risk on my computer but I never could get my Kaspersky to fix the problem.

During a restart of the computer i received a message telling me Worm.Win32.NetSky detected on your machine and suggested do a full system scan. So I x'd out the warning and the computer just showed a blank black screen with just my mouse cursor.
This is where I looked online on my work computer to see if i could find a solution and found this tech support forum on google and saw someone had the same PROBLEM as me.

Only way i was able to get online from my computer is if i signed on in Safe Mode. I would appreciate the help you could give me. I am a wreck without my personal laptop at home and will go crazy. ANY help will be very appreciative. Hope you had a HAPPY NEW YEAR and HOLIDAY!!... Read more

A:Worm.Win32.NetSky detected on your machine

I suggest that you proceed to to our Security Center, Virus/Trojan/Spyware Help Forum, to have your system reviewed by a Security Analyst. Please be sure to follow THESE STEPS carefully before posting your logs in the Security Forum.

Please be patient as the Security Analysts are very busy and one will get to you as soon as possible.

Regards. . .

jcgriff2

.

Read other 1 answers
RELEVANCY SCORE 123.2

Hello new to this forum

Recently purchased a new HP labtop and have recently encountered a pretty big problem

it started when computer seemed to be running fairly slow especially for a brand new computer. then internet google searches started taking me to random websites only allowing me to go to websites by directly putting the link in the address bar. i have an norton free trial for a couple months but received a McAfee antivirus as a gift so uninstalled Norton and installed McaFee. Well i had a problem once McAfee was installed i thought it was weird that it did not ask me for the Product Key that came with the CD and could find nowhere that allowed me to enter it. So tried to uninstall and reinstall and during this process during a restart of the computer i received a message telling me Worm.Win32.NetSky detected on your machine and suggested do a full system scan. so clicked ok on the warning and the computer just showed a blank black screen with windows popping up telling me a couple programs have stopped working. this is where my story ends i am stuck here and if i can get some help to resolve this problem it would be greatly appreciated thank you

Thank You

Read other answers
RELEVANCY SCORE 100.4

Here is what happens:I turn on the computer (my brothers) everything is fine- shows Welcome screen. Before anything (icons or desktop) shows a pop-up appears that says the following:Spyware Alert - Security Warning - Worm.Win32.Netsky detected on your machine. This virus is distributed via the internet through email and active-x objects. The worm has its own SMTP engine which means it gathers emails from local computer and redistributes itself. In worst cases the worm can allow attaches to access your computer, stealing passwords, and personal data. Viruses can damage your confidential data and work on your computer. Continue working in unprotected mod is very dangerous.Type: VirusSystem Affected: Windows 2000, NT, ME, XP, VISTA, 7security risk: 5recommendations: It is necessary to perform full system scan.Only after i click "ok" or close the popup will the desktop, icons, and programs load.As the programs are loading during startup - Window Security Center Opens, also some AntivirusLive performing some sort of "scan"I was going to try to start this method:http://www.bleepingcomputer.com/forums/ind...3&hl=netskyI downloaded the programs on my computer (this one) saved the programs on a flash drive, then moved them to the infected computers desktop but when i tried to open the ATF Cleaner a pop-up says:Application cannot be executed. The file atf_cleaner.exe is infected. Do you want to activate the antivirus software now?Started it on safe mode to try t... Read more

A:Worm.Win32.Netsky detected

well im still here if anyone is interested in helping...

Read other 1 answers
RELEVANCY SCORE 98.4

My computer noted that i was infected with worm.win32.NetSky. I continually get a pop-up that says "Windows has detected an Internet attack attempt..." Upon closing it, it launches Internet Explorer with a website such as udefender or pcsecuresystem. Also, my background changed to a red and black image saying that my privacy is in danger. I loaded spyware doctor and it continues to give me pop ups saying "Spyware Doctor blocked an application regsvr32.exe attempting to access a file. Path c:\windows\popnetdpt.dll Threat adware.agent.bn
The following is my Hijack this log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:05 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice... Read more

A:worm.win32.netsky detected. Hijack this log included.

Read other 15 answers
RELEVANCY SCORE 82

ok well i was JUST infected with this worm? i guess, and it gives me the same pop-up over and over "spyware alert" and some other ones
it tells me 2 download some software
but i haven't nor will i
so some one please help me !
 

A:HELP ASAP Worm.Win32.netsky i have that worm please help me remove it

Read other 16 answers
RELEVANCY SCORE 81.2

It appears that I may have the Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ (or whatever it's called) virus on my laptop and would greatly appreciate your assistance. When I turned it on, it started giving me the below "Spyware Alert!" message followed by the below "WARNING" message after I logged in. My desktop background had NOT changed, as I've seen other people report. I (stupidly) tried to start removal of the virus without your assistance by deleting some of the suspected files. Now, when I login, it immediately logs off. (This happens regardless if I "Start Windows Normally" or go into "Safe Mode") Obviously, before I can post/attach a DDS or HJT log and begin the process of removing the malware, I will need assistance getting logged in. Thanks in advance for your assistance.

============================================

Spyware Alert!

Security Warning!

Worm.Win32.NetSky detected on your machine.
This virus is distributed via the Internet through e-mail and Active-x
objects.
The worm has its own SMTP engine which means it gathers e-mails
from your local computer and re-distributes itself.
In worst cases this worm can allow attachers to access your
computer, stealing passwords and personal data.
Viruses can damage your confidential data and work on your
computer.
Continue working in unprotected mode is very dangerous.
Type: Virus
System Affected: Windows 2000, NT, ME, XP, Vi... Read more

A:Possible Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum so we can get you started. ~ OB

Read other 3 answers
RELEVANCY SCORE 81.2

It appears that I may have the Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ (or whatever it's called) virus on my laptop and would greatly appreciate your assistance. When I turned it on the other day, it started giving me the below "Spyware Alert!" message followed by the below "WARNING" message after I logged in. My desktop background had NOT changed, as I've seen other people report. I (stupidly) tried to start removal of the virus without your assistance by deleting some of the suspected files and got caught in the Login/LogOff loop. I am now able to get logged in after following the advice here: http://windowsxp.mvps.org/peboot.htm (Thanks to BartPE, What a great tool!). Now, when I try to launch most any (I hesitate to say ALL) applications, even the Task Manager, I get the "WARNING - Application cannot be executed. The file is infected. Please activate your antivirus software." message.When I ran DDS it did not automatically open the logs in Notepad, even though I still have the "WARNING - Application cannot be executed. The file is infected. Please activate your antivirus software." message open so that I could get DDS to launch. (I saw this suggestion somewhere as a work around.) Instead I found them in "C:\WINDOWS\Temp" and have provided them here. Also worth mentioning, I noticed that there were two additional files with the same date/time stamp in the &quo... Read more

A:Possible Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 35 answers
RELEVANCY SCORE 80.8

As you can see from the title, I got a bad infection. I am getting the same screen warning others are getting in other threads concerning this same infection. I am not on this computer as I am afraid to plug it into my home network. I used a memory stick to get this log. Can you please help me? Thanks in advance.
Here is Highjackthis log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:34 PM, on 12/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\... Read more

Read other answers
RELEVANCY SCORE 78.8

Been having constant pop ups of various "infected" statements. I run Sophos Anti Virus which is really good but seems these have slipped through. I run adaware every now and then as well. Being a little tech savy i tried the normal things i have done in the past. I have followed the thread about what to do in these circumstances and done the 5 steps.

Below is the log after dss.exe

Not sure what else i can do as i know these things are present. The online Pandasoftware search found several issues but was only able to fix one.


Deckard's System Scanner v20071014.68
Run by Brett on 2007-12-20 17:24:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
72: 2007-12-20 07:24:57 UTC - RP675 - Deckard's System Scanner Restore Point
71: 2007-12-20 02:16:36 UTC - RP674 - System Checkpoint
70: 2007-12-17 05:05:29 UTC - RP673 - Installed Sophos Anti-Virus
69: 2007-12-17 05:03:13 UTC - RP672 - Removed Sophos Anti-Virus
68: 2007-12-13 14:08:06 UTC - RP671 - System Checkpoint


-- First Restore Point --
1: 2007-10-02 09:34:52 UTC - RP604 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis Clone --------------------------... Read more

A:Constant pop ups - Windows has Detected... worm.w32.netsky....

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------------------------------------- Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop


Disconnect from the internet....pull the plug!
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
Go to -> Run -> paste in the following single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall


Follow the prompts. Type "1" and press Enter to begin the scan.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is no... Read more

Read other 3 answers
RELEVANCY SCORE 78.8

Starting last week, my wallpaper got changed and there's a box in the middle saying "Your comuter is infected", but I was still able to use the internet, then I download the malwarebyte, and then i restarted the comp,
but it didn't work!!
now everytime I start my computer, there'd be a
"SECURITY ALERT!
Worm.Win32.NetSky detected on your computer"
and a beep

I can't open the internet any more so i can't download any more anti spyware stuff.
I tried to do the recovery thing, but then it says something like "ERROR CODE 14"
I tried using another computer to download some anti spyware softwares into a flashdrive, but my infected computer wouldn't load the flashdrive
So then I tried writing those files into a CD and then paste them into the infected computer, and it wouldn't let me paste
I can't open the regedit either
When I did the ctrl+alt+del, it says "the task manager has been disabled by your administrator".

I downloaded the OTLPE.iso thing, but i don't know why is the file size isn't what it's supposed to be(292MB), it's 270mb instead.

and then I booted the laptop with that CD, then I clicked the OTLPE icon, it asked me "Do you wish to load the remote registry", i clicked yes

then it says

Browse for Folder
Choose Windows Directory
My Computer
RAMDISK (B)
ReatogoPE (X)
Shared Documents

but when i click them, it'll say "target is not 2000 or later" or "no windows inst... Read more

Read other answers
RELEVANCY SCORE 78.8

Hello,I'm posting here asking for help with a problem the laptop has been having recently. For the past 2 weeks or so internet explorer has randomly popped up while I am browsing (my browser is Firefox) but I never paid it any mind. Then earlier today someone else was using the laptop and noticed that the desktop had changed itself to "Your computer is infected" and that I must run a spy ware scan immediately. I ran two and got rid of a few trojans/viruses but not this one. Whenever I reboot the computer it notifies me that it is the worm.win32.netsky it is infected with but offers no help in removing it. Starting up in safe mode was of no aid as the trojan/virus was still present. I can not run the dds as the virus will not allow me to, and I can't ctrl alt del. Here is my logs:HiJackThisLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:49:37 AM, on 12/9/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system... Read more

A:Worm.Win32.NetSky

Problem solved - thanks.

Read other 2 answers
RELEVANCY SCORE 78.8

About 2 months ago, all the contacts on my hotmail account were deleted and I stopped receiving any emails in my hotmail account. Because of the lazy person I am, I ignored this, as I don't really use email.

Then today, whilst using my computer, it froze, then restarted. When it restarted, it reached the windows XP loading screen with the moving bar in the middle of the screen and after about 3 seconds, the blue screen of death flashed up on the screen and went too quickly for me to read it, then the computer restarted again. The boot screen came up which says that windows didn't start up properly last time, so I had the choice of running in safe mode etc. Last know good configuration and normal, both resulted in the previous blue screen flashing up, that I mentioned.

Then I tried it in safe mode and after it loaded mup.sys, below that, it said 'press ESC to cancel. loading SPTD.sys'. I left it and the computer just restarted, but I didn't see the blue screen this time. When I loaded it in safe mode again, I pressed ESC to cancel the loading of SPTD.sys and safe mode booted. It asked if I wanted to use system restore, which I though would be a good idea, so I pressed 'NO' to activate it and it told me that system restore had been disabled and to contact my system administrator.

Once I'd closed that, a window appeared, telling me that I had Worm.win32.NetSky. I googled this on another computer in the house and looked for ways to remove it, bu... Read more

Read other answers
RELEVANCY SCORE 78.8

Hi:My machine is having a problem.It is not allowing me to restore my machine to back date and also not allowing any updates.Please help if possible.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:41:49 PM, on 11/30/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\inetsrv\inetinfo.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exeC:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exec:\Program Files\Microsoft SQL Se... Read more

A:Worm.win32.netsky

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 78.8

I would be happy to make a donation to your website if you could help.
I have downloaded hijack and ran it on my computer, is this what you need? What should i do next? Thank you very much for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:07 AM, on 10/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\printer.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.ex... Read more

A:Worm.Win32.netsky, what next?

Read other 6 answers
RELEVANCY SCORE 78.8

Hi. Can someone please direct me to instructions and software on this site for removing worm.win32.netsky. I did a search and couldn't find it.

My wife called me at work and said she gets the worm.win32.netsky message when booting up. I am doing this search on a different computer (work). I'll try messing with the infected computer when I get home in a few hours.

I had a lot of luck last summer beating another Malware virus through this site. I was hoping to get lucky again.

Thanks

A:worm.win32.netsky

Hello and welcome.. I am moving this from XP to the Am I Infected forum.Follow the Automated Removal Instructions for Internet Security 2010 in this guide. Use alll the steps. Remove Internet Security 2010 (Uninstall Guide)Post the Malwarebytes log.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Read other 3 answers
RELEVANCY SCORE 78.8

Hi,
My computer has recently been infected with the worm.win32.netsky.It has disabled the firewall, internet explorer and system restore. Have run macafee antivirus, adaware and spybot but still not got rid of it. I have also ran spy doctor and smit something. Can anyone help.

Read other answers
RELEVANCY SCORE 78.8

Hello,

Recently my friend turned on her computer to find it ransacked with viruses and malware/adware. I hooked her up with Panda Internet security. So now she has good anti-virus. We just need to eliminate the adware that is still there. One claims she has a worm.win32.netsky.

She has a few items that are also hijacking her browser. As well as a flashing red stopsign with an x that reminds me of the killbox programs icon. It pops up a spyware alert. I am posting this hoping she will be able to come into this and fix her issues. So please explain as best you can as she is not hugely experienced with this kind of thing.

Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:35 PM, on 2/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Soft... Read more

A:worm.win32.netsky

Hello and Welcome. Apologies for any delay in replying, but we have been rather busy lately.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

If you still require assistance for this issue, and since it has been a few days since you first posted, please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your syste... Read more

Read other 1 answers
RELEVANCY SCORE 78.8

hi guys love your site! you already helped me twice before through your site as a guest. now i'm asking as a member, i have a virus malware or something! Please help!I'm not super computer savvy but i can do some things.i cleaned up my laptop and my friends laptop using malwarebytesnow on my moms comp i cannot by any means download or run the softwarei even tried putting it on a disk and running from the disk, no use.then i tried vundofix, nothing.worm.win32.netsky is what keeps popping upand another that says trojanspm/lxi unplugged the internet from the infected comp and im using my laptopyesterday, i saw my regular screen. tonight, its a green screen that says "your system is infected!"like i said before, im only skilled to a point. im afraid to ruin the comp. what should i do? im super frustrated and need help asap!!!!!help please!

A:worm.win32.netsky....

Hello and thank you.. I am moving this from Vista to Am I Infected.Let's try this.. Run RKill then immediately run MBAM..post that log.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.You will need to run the application again if rebooting the computer occurs along the way.

Read other 1 answers
RELEVANCY SCORE 78.8

Hello, I just got infected with this thing last night and i'm having trouble getting rid of it. It won't let me connect to the internet, or the task manager, Even in safe mode! I had to boot off an Ubuntu disk in order to even connect to the internet, thats how im doing this right now. I have HJT and MBAM installed but since i cant connect to the inernet, i have no way of posting the logs. Plleeeeeeeeaaaaase help me!!!!
 

A:Worm.Win32.NetSky?!?

Read other 15 answers
RELEVANCY SCORE 78.8

Hi, in the beginning of January, I got infected by worm.win32.netskymy wallpaper got changed and at first I could still use the internet, and then the next day the internet stopped workingthen I went online and searched for solutions (I ran the malwarebyte and removed the things it listed) , and I got rid of the infected wallpaperbut my computer beeps everyday I turn it on now, and the internet does not work, and the PASTE thing doesn't work.The system restore didn't work.When I was trying to run the system recovery, it said something like "File\minint\system32\ntkrnlmp.exe could not be loaded. error code 14"I inserted the Gateway reinstallation CD, but it didn't run at all.Hopefully you guys can help me, please!I have the DDS, ATTACH, and the malwarebyte log too but I don't know if I should post them.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:46:22 PM, on 3/12/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Kaspersky L... Read more

A:worm.win32.netsky? i think

can some one help me please?

Read other 26 answers
RELEVANCY SCORE 78.8

hi everyone. my computer's been infected. i'm getting a message that tells me i'm infected with worm.win32.netsky. here are the symptoms my computer's exhibiting:
*after windows loads, i get a message that tells me i've been infected with worm.win32.netsky
*my desktop background has been changed to a message telling me "your system is infected"
*my computer has slowed down considerably
*my task manager has been disabled
*the task bar is displayed but nothing on it is clickable including access to the start menu
*i can't access the internet
*i can't load anything from a disc

one more problem - while i wouldn't say i'm computer illiterate, but i do speak computer at a 1st grade level. for example, i had to look up "task bar" just to be sure i was calling it the right thing. just a heads up there. any help would be appreciated.

thanks,
jim

Read other answers
RELEVANCY SCORE 78.8

I have a computer problem now..ever since I cliked on a link for a pic i wanted to see, something has hijacked my computer. I get popups telling me that i have a virus or that something is trying to hack my computer. Other popups tell me to download specific software to help remove virus'. My homepage has been changed, i change it back to yahoo and it reverts to: http://ucleaner.com/main.php?wmid=6010&mid=MjI6Mjo4OQ==&lndid=2 . I cant use my ctl alt and delete keys..it says that the task manager has been disabled by the adminstrator . I am the admin on my computer and I didnt disable anything..

here is one of the things I get:

windows has detected an Internet Attack attempt..somebodys trying to infect your pc with spyware or harmful viruses.Run full system scan now to protect your PC from Internet attacks,hijacking attempts ans spyware! Clik here to download spyware remover for total protection.

I clik on cancel because I dont want to download anything I dont know about or who it came from..It then proceeds to open a new webpage, which i close asap.

I also get a a popup "Spyware Alert" saying that Worm.Win32.NetSky is detected on my machine. I don't even know where this alert comes from?

I also have 3 new icons on my desktop..

Error cleaner,
http://viruswebprotect.com/shandler.php?sid=502&said=7&aid=668&pn=5&sg=1
Spyware and malwar protection

http://viruswebprotect.com/shandler.php?sid=502&said=7&aid=668&pn=... Read more

Read other answers
RELEVANCY SCORE 78.8

My daughters computer has been infected with the worm win32.netsky. She was getting a lot of popups and her background was replaced with an error message. We tried to run ad-aware and spybot and the avast free version, deleting the files they found. The McAfee that was on her computer was out of date so after replacing it with the Avast and restarting the desktop would not show at all, Its currently in safe mode with networking. I also ran the Stinger in safe mode, which found an Artemis trojan that is now deleted. I was browsing on here before posting and tried the Comedian to no avail, I was going to try another step that was recommended to someone else but figured it best to post the report before doing anything else. Thank you in advance for your help. I tried to start the Malwarebytes program but it will not run, also the avast is now disabledThis is the first time I have run HijackThis so please forgive any errors on my part, these are the results;Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:47:36 PM, on 2/10/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16850)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavas... Read more

A:Worm Win32.netsky

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.[We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%&#... Read more

Read other 24 answers
RELEVANCY SCORE 78.8

hey i was here a couple months with a virus kinda the same, and im back again with another one i can't get rid rid, windows says its worm.win32.NetSky it gives me pops evry 2 minuits saying to download crap, i have no idea how i got it because i didn't download anything for a while, probably my step dad.
i searched on forums for a quick fix to this but it doesn't look very simple, so ill just post my hijack this log and im currently scanning with SUPERantispyware so ill post up what it says when its done.

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mc... Read more

A:worm.win32.NetSky

Read other 6 answers
RELEVANCY SCORE 78.8

I am working on a computer for a friend and it seem to have a virus called "Worm.Win32.Netsky". It is Dell Dimension 5150 running Windows XP Service Pack 3. It has basically disabled all these things:Task MangerWhen I try to open the Task Manager it states "Task Manager has been disabled by your administrator". I tried using a program call "procexp" to see what was running but was not able to tell anything from it.Safe ModeTrying to boot in Safe Mode hitting F5 just re-boots me to the same screenInternetWeb browser loads but will not display any pagesHijackThis resultsLogfile of Trend Micro HijackThis v2.0.2Scan saved at 23:01:51, on 1/28/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\... Read more

A:worm.win32.netsky

Hi,* Please download Malwarebytes' Anti-Malware from HerePlace the installer on your desktop. Rename the installer to firefox.exe or winlogon.exe or explorer.exeThen launch the renamed installer in order to install Malwarebytes.Once Malwarebytes is installed and it won't run, navigate to the Program Files\Malwarebytes' anti-malware folder and locate the mbam.exe file in there. Rename it as well to firefox.exe or winlogon.exe or explorer.exe.Launch the renamed mbam.exe in order to run Malwarebytes.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Do NOT post the log yet, but allow mbam to reboot.After reboot, immediately rescan with m... Read more

Read other 10 answers
RELEVANCY SCORE 78.8

I think this is a fake trojan that is trying to get me to buy anti-virus software. I already partially removed it once when I was able to run the Task Manager but it has been disabled by the malware again. Malware Bytes will not load (the computer cannot find MBAM.exe). Please help! I have attached the Hijack this log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:42:38 PM, on 2/8/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Common Files\AOL\ACS\AOLAcs... Read more

A:Worm.Win32.Netsky

Please download The Comedian.exe by Rorschach112 to your desktopPlease disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..Double click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedSTOP! if you can't complete this step.. Tell me more about it..NEXTPlease download OTS by OldTimer and unzip it to your Desktop..Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Double-click on OTS to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).At the top, tick on Scan All Users sectionAt File Age set it to 90 DaysIn the Processes, Modules, Services, Drivers and Registry section, please set on Safe List.In the Files Created Within and Files Modified Within section, set it to File AgeAt the bottom, tick on all Safe List and Use Company Name WhiteList optionUnder Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them:Reg - Disabled MS Config ItemsReg - Drivers32Reg - ExtReg - IE Explorer BarReg - NetSvcsReg - Safeboot MinimalReg - Safeboot NetworkFile - Lop CheckFile - Purity Sca... Read more

Read other 17 answers
RELEVANCY SCORE 78.8

Hi my computer got infected yesterday. According to the computer is said i was infected with worm.win32.NetSky. I continually get a pop-up that says "Windows has detected an Internet attack attempt..." Upon closing it, it launches Internet Explorer with a website such as udefender or pcsecuresystem. Also, my background has been changing to a red and black image saying that my privacy is in danger and to download all of this stuff to stop it. The CPU is running at 100% use constantly! Please help i need my computer for my work asap! Thanks. - I saw someone else on the forums seems to have the same problem but hasnt appeared to solved it yet! Please Help!
 

A:worm.win32.netsky HELP please!

* Click here to download HJTsetup.exe.
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 1 answers
RELEVANCY SCORE 78.8

hi,

My friend's computer has a virus (worm.win32.netsky)! tried to remove it with mcafee but couldn't! then i read one of the post here mentioning hijackthis! so i downloaded it, ran it and here's my log! could someone please let me know what to do?? thanks a lot!

more info: he has installed a few programs on the desktop : spyware&malware protection, error cleaner, privacy protector and find spyware remover!.. plus it seems this virus is trying to access the web I guess because IE windows keep popping every time!
Logfile of HijackThis v1.99.1
Scan saved at 6:24:00 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEB... Read more

A:worm.win32.netsky Help! here's my log!

anyone?
 

Read other 2 answers
RELEVANCY SCORE 78.8

Hi, it seems i ive got this virus like others on here, please can someone help me.

Im getting pop ups taking me to

http://securepccleaner.com
http://scanner.adwareremover2007.com
http://directnameservice.com
http://pcsecuresystem.com

plus the screen went red yesterday with a privacy warning

this is my hi jack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:04, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C... Read more

Read other answers
RELEVANCY SCORE 78.8

I have a Dell Dimension 3000 running Windows XP I purchased in 2005(?). I used to get to the screen that told me it was "Worm.Win32.Netsky". Now when I turn it on, it boots to the Internet Security 2010 screen just like I read in previous posts. But I cannot do the install of "RKRILL" or anything else. The task manager is shut off as well. I can only hit the F2 and F12 keys at start up. I called Dell support like I did before for my HP. I wanted them to send the operating system install CDs. Hp sent me them to uninstall and the reinstall. Worked great. Dell did not send those. I received a couple driver CDs and a Windows Xp service pack 2 Cd and a tool system software Cd and a Resource Cd. I cannot do anything with these. I have very limited computer knowledge, so if someone does reply with help, please talk so I can follow without making you irritated with my Q's. Please help!

I AM SORRY TO SAY THAT I PAID DELL SUPPORT TO WIPE MY OPERATING SYSTEM AND RELOAD WINDOWS. I LOVE ALL THE INFORMATION ON THIS SITE AND WILL CONTINUE TO LEARN FROM YOU ALL. BUT AS OF NOW, YOU CAN REMOVE MY REQUEST SO YOU CAN HELP OTHERS MORE QUICKLY. THANK YOU.

A:WORM.WIN32.NETSKY

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 1 answers
RELEVANCY SCORE 78.8

You all have probably heard of this one, right? Well I have an unusual problem here. Its the same stuff with the Bio Hazard symbol background and the fake Windows alerts and all. I have succeeded in removing it several times, however I always get this Trojan.Zlob attack ever 10-15 minutes afterwards. After a couple of Hours of Norton Blocking this Trojan, Worm.win32.Netsky comes back at full strength. I was wondering if anyone here can help me out?

Here is my SmitFraudFix Report:

SmitFraudFix v2.254

Scan done at 16:27:23.34, Mon 26/11/2007
Run from C:\Documents and Settings\cling08\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
... Read more

A:Worm.win32.NetSky

Hi, Welcome to TSG!!

Smitfraud fix has been updated. Please delete the version you have and download (save) it again from here
SmitfraudFix (by S!Ri).
Extract the content (a folder named SmitfraudFix) to your Desktop. Select all of the contents and Extract them
to a new folder called SmitfraudFix.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

Read other 1 answers
RELEVANCY SCORE 78.8

below is my latest hjt log--apparently my machine is still infected.

any help is appreciated

Logfile of HijackThis v1.99.1
Scan saved at 4:06:29 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\SearchIndexer.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINNT\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\Pr... Read more

A:HJT Log worm.win32.netsky

...it's not like there's been anything better to do for the last 12 hours than watch this worm/virus/malware/whatever play hell with TSG-recommended AV or spyware...

Well, there's always a first time for everything, and this is the first time you folks came up empty...

A Donating Member
 

Read other 1 answers
RELEVANCY SCORE 78.8

Please help me get this off my pc, pop-ups keep popping up to tell me Worm.Win32.NetSky has been detected on my machine. Also my home page keeps redirecting to:
http://ucleaner.com/main.php?wmid=6010&mid=MjI6Mjo4OQ==&lndid=2

I read on other forums to get a log file from hijackthis. here is what I have. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:10 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony... Read more

A:Help with Worm.Win32.NetSky

Can Anybody Help Me
 

Read other 2 answers
RELEVANCY SCORE 78.8

My computer has Worm.Win32.Netsky. I'm using another computer as I can no longer use my other. (which is why i can't include all the file stuff) Everything was fine till a last night. A few webpages where coming up red and saying I was infected or whatever so I closed everything off. It seemed like something fake. I reboot but when I did sign back on everything was messed up.

When I first load up windows it goes to the logon screen like everything is normal but than an error pops up. scvhost.exe Application error. I close that ans sign on. I get the long Spyware Alert message. Saying Security Alert. Worm.Win32.Netsky has been detected. Describes what it is and that I should perform a system scan. During this only my desktop loads up (not my tool bar where you click start)

A few secs later a System Shutdown window pops up saying it is shutting down and it's because of RPC and there is a minute countdown.

I tried to access Task Manager (by keys) and it said it was disabled by ADMIN so tried do some RUN: then going to registry or anything trying to and that also did not work. .It said I was infected. I tried safe boot (any safe boot) but it shows all the text scrolling for a bit and then just restarts...

Allot of posts Iv run into talk of downloading things and this and that but I can't even access anything. I'm not a computer expert and really need some help. This all happened quite suddenly. Is there anyway to go delete something without loading up wind... Read more

A:Worm.Win32.Netsky

Lets'ee if we can free task managerThis step involves making changes in the registry. Always back up your registry before making any changes.Go to Start ? Run and type: regeditClick OK.On the left side, click to highlight My Computer at the top.Go up to File ? Export Make sure in that window there is a tick next to "All" under Export Branch.Leave the "Save As Type" as "Registration Files".Under "Filename" put RegBackup.Choose to save it to C:\Click save and then go to File ? Exit.Or you can download and use ERUNTwhich is an excellent free tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed.Click on the link below:http://www.kellys-korner-xp.com/xp_tweaks.htmScroll down to #275 and click "Lift Restrictions - TM, Regedit and CMD" in the left column. Go to File, choose "Save page as" All Files and save regtmcmdrestore.vbs to your desktop. Double-click on that file to allow the script to run and reboot when done. Since the script modifies certain registry settings your anti-virus package may warn you about it. Ignore the warning and allow it to run.If this does or doesn't work.. run The Vipre Rescue Program.

Read other 5 answers
RELEVANCY SCORE 78.8

I was looking at a video and it said it needed an active x codec installed to work. It was fake. It installed a worm.

Did anyone get this too. It has a bio hazard symbol that it dis playes on the background of my computer instead of my standard xp background. It then says your privacy is in danger below it. It then has tons of pop ups trying to get me differnt products that are for romoving spyware, cleaning the pc, etc.

Windows security alert says "windows has detected an internet attact attempt Somebody's trying to infect your PzC with spyware or harmful viruses. Run Full system scan now to protect your pc from Internet attacts, hijacking attempts and spyware! Click here to download spyware remover for total protection."

I get another message from security alterts that says I have worm.win32.netsky

Here is my Hijack This log file

Logfile of HijackThis v1.99.1
Scan saved at 1:52:16 PM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Adobe\Photos... Read more

Read other answers
RELEVANCY SCORE 78.8

Hi my computer got infected yesterday. According to the computer is said i was infected with worm.win32.NetSky. I continually get a pop-up that says "Windows has detected an Internet attack attempt..." Upon closing it, it launches Internet Explorer with a website such as udefender or pcsecuresystem. Also, my background has been changing to a red and black image saying that my privacy is in danger and to download all of this stuff to stop it. The CPU is running at 100% use constantly! Please help i need my computer for my work asap! Thanks. - I saw someone else on the forums seems to have the same problem but hasnt appeared to solved it yet! Please Help!

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:38:04 PM, on 11/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program File... Read more

A:worm.win32.netsky

Read other 8 answers
RELEVANCY SCORE 78.8

I somehow have this virus, worm, or trojan that I can not get rid of. It will not allow me to go to the task monitor, burn files, and it has slowed down my pc dramatically. I get an insane amount of pop up that tell me that my pc is infected and I had better buy their software or I will lose everything. One pop up in particular is from Windows security and it says that I have the "worm.win32.netsky" virus. It pops up every 3 minutes or so. Also every time I open up IE7 I am redirected to some site about cleaning up spyware. I went out and bought McAfee Total Protection but after running it there is no improvement and the same messages appear. So annoying!!! McAfee only picks up about 5 cookies and that is it. I also tried their virus removal tool "stng380". No help. What do I do??? I have a ton of precious pictures that I can not lose. Please help... Here is the Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:17 PM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee... Read more

A:Help please worm.win32.netsky

Read other 16 answers
RELEVANCY SCORE 78.8

I followed the steps of installing dds and gmer to no avail. Amatuer suggested running rkill and provided four versions. None worked, but one of them did wake up my virus while in safe mode. It is A LOT slower and not over powering, but is now running.

While in safe mode, dds did not work. gmer is currently running, but I was curious, will the scan/report still be as valid since it is being run in safe mode. I think so, but thought I'd ask while I wait.

A:Worm.Win32.NetSky...still

Here is the gmer log.

Thanks

Read other 4 answers
RELEVANCY SCORE 78.8

My computer has Worm.Win32.Netsky. I'm using another computer as I can no longer use my other. (which is why i can't include all the file stuff) Everything was fine till a little while ago, some webpages where coming up red and saying I was infected or whatever so I closed everything off. I was installing my new virus program (figured it was a good time with the weird stuff on the webpages) and I had to reboot but when I did everything was messed up. I get several error messages one being the long one saying that im infected with Worm.Win32.Netsky and need to get spyware removal. But my start tool bar never comes up and not long after that I get a message saying it's restarting because of RPC or something and a count down then everything goes off. I tried to access Task Manager and it said it was disabled so tried do some RUN: then going to registry or anything trying to and that also did not work. .I tried safe boot but it shows all the text scrolling for a bit and then just restarts...Allot of posts Iv run into talk of downloading things and this and that but I can't even access anything. I'm not a computer expert and really need some help. Is there anyway to go delete something without loading up windows?

A:Worm.Win32.Netsky

Can i add to my post? *Wanted to mention that I can access the recovery console

Read other 1 answers
RELEVANCY SCORE 78.8

On a HP tc4400 tablet pc running MS XP, have encountered the worm.win32.netsky virus by indication of the "spyware alert"/ security warning. Have run hijack and norton internet security with little or no impact on the popups and the overtaking of my desktop screen with bogus file. Can u help?
 

Read other answers
RELEVANCY SCORE 78.8

hi i downloaded the HJTsteup and have the following log. I know several people have had this problem before. Anyone got a fix yet?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:22 AM, on 10/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Mozy\mozybackup.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\s... Read more

A:worm.win32.netsky

Hi, Welcome to TSG!

Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Open the c:\SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

 

Read other 3 answers
RELEVANCY SCORE 78.8

Am experiencing an annoying problem on my ThinkPad running XP Pro SP2. The system hung up while deleting old emails. I unplugged the ethernet cable and tried to close the window without success. Meanwhile a popup appeared warning I had "Worm.WIN32.NetSky." Couldn't access the Start menu or open Task Manager. Had to force a shutdown using the power button.

Started back up in Safe Mode and ran SUPERAntiSpyware which found and vaulted:
"worm.Agobot-WC" (x1)
"SMSS32.EXE" (x3)
While SUPERAntiSpyware was running, a popup purportedly from "IDS Software" warned it had detected "TROJANSPM/LX." I suspect this was fake but in a careless moment closed the popup by clicking "x" in its upper corner.

Now when rebooting, either in Safe Mode or normally, my usual desktop loads briefly and then the Welcome screen comes up. I've never booted to the Welcome screen before. Nor have I ever booted using a password. Clicking the "Administrator" log on icon went briefly to the desktop then back to the Welcome screen. But now only the "User" and not the "Administrator" log on icon appears on the Welcome screen.

Can't get past the Welcome screen except by CTRL-ALT-DEL to shutdown or by a suspicious looking "Turn Off Test" icon at the lower left on the Welcome screen, which brings up a shutdown menu box.

I've tried to make a boot repair using Recovery Console from the XP CD ... Read more

A:Worm.WIN32.NetSky

This topic has been split into it's own topic.. including a small bump here. Original was split from this topic in Windows XP Home and Pro I have pm'd the member with a link to let them know.

Read other 2 answers
RELEVANCY SCORE 78.8

Something's creeped onto my wife's laptop. It keeps bringing up IE windows for virus programs and spyware alerts and talking about some "worm.win32.netsky" virus.

Here's the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:02:51 PM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Prog... Read more

A:Worm.win32.netsky bug

Read other 9 answers
RELEVANCY SCORE 78.8

I need help removing this I also have the biohazard sign that seems to be a hyperlink. I did not download anything. I have tried the symantec fix for netsky but it did not help. I also ran adaware and it removed a trojan and lots of other stuff. I am running norton now with out using the os. I tried to do a selective start but it seems to load at startup anyway. Stinger also did not find anything.
 

Read other answers