Over 1 million tech questions and answers.

Worm.win32.netsky Detected On Your Machine

Q: Worm.win32.netsky Detected On Your Machine

Hello, I m new on this forum and as you can see instantly I have a problem sad.gif Yesterday I started getting pop-ups which said this:Worm.Win32.NetSky detected on your machine. This virus is distributed via the Internt through e-mail and Active-X objects. The worm has its own SMTP engin which means it gathers e-mails from your local computer and re-distributes itself. In worst case this worm can allow attackers to access your computer, stealing passwords and personal data.This process should be removed from your system.Type: VirusSystem Affected: Windows 2000, NT, ME, XP, VistaSecurity Risk (0-5): 5Recomendations: Click Yes to remove it from your PC immediatelyand thisWindows has detected an Internet attack attempt...Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from Internet attacts, hijacking attempts and spyware! Click to download spyware remover for total protectionAlso my task manager was blocked and I had to do the followingClick on Start, Run and type the following command exactly and press EnterREG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /fWindows XP is my OS and I m using Zone Alarm Pro.This is my HijackThis LogLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:00:40, on 22.2.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Trust_CR-1200_16-in-1_USB2_CARD_READER\shwicon2k.exeC:\WINDOWS\WebCam\M1000\M1000Mnt.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exeC:\WINDOWS\explorer.exeC:\PROGRA~1\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Internet Explorer\iexplore.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SXG Advisor - {6FFDE480-14C1-43FC-BEC1-CA97A2541FFD} - C:\WINDOWS\dmdvpnslp.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O3 - Toolbar: emotigt - {54BECB1C-D4EA-47B2-9B56-C6768144FDD5} - C:\WINDOWS\emotigt.dllO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Trust_CR-1200_16-in-1_USB2_CARD_READER\shwicon2k.exeO4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMntO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dllO9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O17 - HKLM\System\CCS\Services\Tcpip\..\{E901FCDC-AB4E-4183-B659-B9CD57218D07}: NameServer = 80.65.162.101 217.199.128.11O21 - SSODL: bdmanager - {553F089D-C14A-4463-AEA5-CEE7E908B449} - C:\WINDOWS\bdmanager.dllO21 - SSODL: admgcx - {FC017DD0-5163-4CEB-9876-D0EDD1F0D289} - C:\WINDOWS\admgcx.dllO23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exeO24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Korisnik/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg--End of file - 5480 bytes

RELEVANCY SCORE 200
Preferred Solution: Worm.win32.netsky Detected On Your Machine

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Worm.win32.netsky Detected On Your Machine

Problem solved with Rogue Remover and HijackThis!

Read other 2 answers
RELEVANCY SCORE 123.2

Hello new to this forum

I recently just upgraded my Dell Inspiron E 1705 from XP to Windows 7.
When I'm searching for something on google it would send me to a random website or say that the website may contain a virus or unprotected etc.

after i restarted the computer and turned it back on, I come to this problem of only seeing my cursor on my desktop with a black black screen and could not do anything except Ctrl+Alt Delete to see my task manager and shut down. I tried restarting over and over hoping it would just go away. I am now using my work company to write this message and find a solution. I tried reinstalling my Kaspersky onto my computer after i upgraded to Windows 7 and it says I have a risk on my computer but I never could get my Kaspersky to fix the problem.

During a restart of the computer i received a message telling me Worm.Win32.NetSky detected on your machine and suggested do a full system scan. So I x'd out the warning and the computer just showed a blank black screen with just my mouse cursor.
This is where I looked online on my work computer to see if i could find a solution and found this tech support forum on google and saw someone had the same PROBLEM as me.

Only way i was able to get online from my computer is if i signed on in Safe Mode. I would appreciate the help you could give me. I am a wreck without my personal laptop at home and will go crazy. ANY help will be very appreciative. Hope you had a HAPPY NEW YEAR and HOLIDAY!!... Read more

A:Worm.Win32.NetSky detected on your machine

I suggest that you proceed to to our Security Center, Virus/Trojan/Spyware Help Forum, to have your system reviewed by a Security Analyst. Please be sure to follow THESE STEPS carefully before posting your logs in the Security Forum.

Please be patient as the Security Analysts are very busy and one will get to you as soon as possible.

Regards. . .

jcgriff2

.

Read other 1 answers
RELEVANCY SCORE 123.2

Hello new to this forum

Recently purchased a new HP labtop and have recently encountered a pretty big problem

it started when computer seemed to be running fairly slow especially for a brand new computer. then internet google searches started taking me to random websites only allowing me to go to websites by directly putting the link in the address bar. i have an norton free trial for a couple months but received a McAfee antivirus as a gift so uninstalled Norton and installed McaFee. Well i had a problem once McAfee was installed i thought it was weird that it did not ask me for the Product Key that came with the CD and could find nowhere that allowed me to enter it. So tried to uninstall and reinstall and during this process during a restart of the computer i received a message telling me Worm.Win32.NetSky detected on your machine and suggested do a full system scan. so clicked ok on the warning and the computer just showed a blank black screen with windows popping up telling me a couple programs have stopped working. this is where my story ends i am stuck here and if i can get some help to resolve this problem it would be greatly appreciated thank you

Thank You

Read other answers
RELEVANCY SCORE 123.2

DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by RicardoBurton at 17:48:02.19 on Mon 01/04/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1014.556 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\RicardoBurton\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.atcomet.com/b/
uInternet Settings,ProxyOverride = *.local
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US ... Read more

A:Worm.Win32.NetSky detected on your machine

Hi,

Please do the following:

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


NEXT


Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

NEXT



Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ..... Read more

Read other 6 answers
RELEVANCY SCORE 100.4

Here is what happens:I turn on the computer (my brothers) everything is fine- shows Welcome screen. Before anything (icons or desktop) shows a pop-up appears that says the following:Spyware Alert - Security Warning - Worm.Win32.Netsky detected on your machine. This virus is distributed via the internet through email and active-x objects. The worm has its own SMTP engine which means it gathers emails from local computer and redistributes itself. In worst cases the worm can allow attaches to access your computer, stealing passwords, and personal data. Viruses can damage your confidential data and work on your computer. Continue working in unprotected mod is very dangerous.Type: VirusSystem Affected: Windows 2000, NT, ME, XP, VISTA, 7security risk: 5recommendations: It is necessary to perform full system scan.Only after i click "ok" or close the popup will the desktop, icons, and programs load.As the programs are loading during startup - Window Security Center Opens, also some AntivirusLive performing some sort of "scan"I was going to try to start this method:http://www.bleepingcomputer.com/forums/ind...3&hl=netskyI downloaded the programs on my computer (this one) saved the programs on a flash drive, then moved them to the infected computers desktop but when i tried to open the ATF Cleaner a pop-up says:Application cannot be executed. The file atf_cleaner.exe is infected. Do you want to activate the antivirus software now?Started it on safe mode to try t... Read more

A:Worm.Win32.Netsky detected

well im still here if anyone is interested in helping...

Read other 1 answers
RELEVANCY SCORE 98.4

My computer noted that i was infected with worm.win32.NetSky. I continually get a pop-up that says "Windows has detected an Internet attack attempt..." Upon closing it, it launches Internet Explorer with a website such as udefender or pcsecuresystem. Also, my background changed to a red and black image saying that my privacy is in danger. I loaded spyware doctor and it continues to give me pop ups saying "Spyware Doctor blocked an application regsvr32.exe attempting to access a file. Path c:\windows\popnetdpt.dll Threat adware.agent.bn
The following is my Hijack this log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:05 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice... Read more

A:worm.win32.netsky detected. Hijack this log included.

Read other 15 answers
RELEVANCY SCORE 82.4

ok well i was JUST infected with this worm? i guess, and it gives me the same pop-up over and over "spyware alert" and some other ones
it tells me 2 download some software
but i haven't nor will i
so some one please help me !
 

A:HELP ASAP Worm.Win32.netsky i have that worm please help me remove it

Read other 16 answers
RELEVANCY SCORE 81.6

It appears that I may have the Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ (or whatever it's called) virus on my laptop and would greatly appreciate your assistance. When I turned it on, it started giving me the below "Spyware Alert!" message followed by the below "WARNING" message after I logged in. My desktop background had NOT changed, as I've seen other people report. I (stupidly) tried to start removal of the virus without your assistance by deleting some of the suspected files. Now, when I login, it immediately logs off. (This happens regardless if I "Start Windows Normally" or go into "Safe Mode") Obviously, before I can post/attach a DDS or HJT log and begin the process of removing the malware, I will need assistance getting logged in. Thanks in advance for your assistance.

============================================

Spyware Alert!

Security Warning!

Worm.Win32.NetSky detected on your machine.
This virus is distributed via the Internet through e-mail and Active-x
objects.
The worm has its own SMTP engine which means it gathers e-mails
from your local computer and re-distributes itself.
In worst cases this worm can allow attachers to access your
computer, stealing passwords and personal data.
Viruses can damage your confidential data and work on your
computer.
Continue working in unprotected mode is very dangerous.
Type: Virus
System Affected: Windows 2000, NT, ME, XP, Vi... Read more

A:Possible Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum so we can get you started. ~ OB

Read other 3 answers
RELEVANCY SCORE 81.6

It appears that I may have the Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ (or whatever it's called) virus on my laptop and would greatly appreciate your assistance. When I turned it on the other day, it started giving me the below "Spyware Alert!" message followed by the below "WARNING" message after I logged in. My desktop background had NOT changed, as I've seen other people report. I (stupidly) tried to start removal of the virus without your assistance by deleting some of the suspected files and got caught in the Login/LogOff loop. I am now able to get logged in after following the advice here: http://windowsxp.mvps.org/peboot.htm (Thanks to BartPE, What a great tool!). Now, when I try to launch most any (I hesitate to say ALL) applications, even the Task Manager, I get the "WARNING - Application cannot be executed. The file is infected. Please activate your antivirus software." message.When I ran DDS it did not automatically open the logs in Notepad, even though I still have the "WARNING - Application cannot be executed. The file is infected. Please activate your antivirus software." message open so that I could get DDS to launch. (I saw this suggestion somewhere as a work around.) Instead I found them in "C:\WINDOWS\Temp" and have provided them here. Also worth mentioning, I noticed that there were two additional files with the same date/time stamp in the &quo... Read more

A:Possible Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 35 answers
RELEVANCY SCORE 81.2

As you can see from the title, I got a bad infection. I am getting the same screen warning others are getting in other threads concerning this same infection. I am not on this computer as I am afraid to plug it into my home network. I used a memory stick to get this log. Can you please help me? Thanks in advance.
Here is Highjackthis log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:34 PM, on 12/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\... Read more

Read other answers
RELEVANCY SCORE 78.8

Been having constant pop ups of various "infected" statements. I run Sophos Anti Virus which is really good but seems these have slipped through. I run adaware every now and then as well. Being a little tech savy i tried the normal things i have done in the past. I have followed the thread about what to do in these circumstances and done the 5 steps.

Below is the log after dss.exe

Not sure what else i can do as i know these things are present. The online Pandasoftware search found several issues but was only able to fix one.


Deckard's System Scanner v20071014.68
Run by Brett on 2007-12-20 17:24:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
72: 2007-12-20 07:24:57 UTC - RP675 - Deckard's System Scanner Restore Point
71: 2007-12-20 02:16:36 UTC - RP674 - System Checkpoint
70: 2007-12-17 05:05:29 UTC - RP673 - Installed Sophos Anti-Virus
69: 2007-12-17 05:03:13 UTC - RP672 - Removed Sophos Anti-Virus
68: 2007-12-13 14:08:06 UTC - RP671 - System Checkpoint


-- First Restore Point --
1: 2007-10-02 09:34:52 UTC - RP604 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis Clone --------------------------... Read more

A:Constant pop ups - Windows has Detected... worm.w32.netsky....

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------------------------------------- Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop


Disconnect from the internet....pull the plug!
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
Go to -> Run -> paste in the following single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall


Follow the prompts. Type "1" and press Enter to begin the scan.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is no... Read more

Read other 3 answers
RELEVANCY SCORE 78.8

My homepage has been changed, my Task Manager was blocked, I keep getting pop ups for Malware removal programs, a litte red 'x' appears in my tray, and I get a warning saying something about Worm.Win32.Netsky. Here is my HiJackThis log, please help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:41 AM, on 12/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\WINNT\System32\devldr32.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1124839753\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodServ... Read more

A:Worm.Win32.NetSky

Read other 8 answers
RELEVANCY SCORE 78.8

I am trying to remove the worm netsky from my system. I downloaded HiJack This and here is the log file. Please help. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:21 PM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program ... Read more

Read other answers
RELEVANCY SCORE 78.8

hi everyone. my computer's been infected. i'm getting a message that tells me i'm infected with worm.win32.netsky. here are the symptoms my computer's exhibiting:
*after windows loads, i get a message that tells me i've been infected with worm.win32.netsky
*my desktop background has been changed to a message telling me "your system is infected"
*my computer has slowed down considerably
*my task manager has been disabled
*the task bar is displayed but nothing on it is clickable including access to the start menu
*i can't access the internet
*i can't load anything from a disc

one more problem - while i wouldn't say i'm computer illiterate, but i do speak computer at a 1st grade level. for example, i had to look up "task bar" just to be sure i was calling it the right thing. just a heads up there. any help would be appreciated.

thanks,
jim

Read other answers
RELEVANCY SCORE 78.8

Hello, recently i got an attack. At startup computer states im infected with worm.win32.netsky.

Computer Specs: Windows XP Media Center Edition 2005. XFX Radeon HD 4890 1gb GDDR5. 4GB RAM (Reads at 3.5gb)
AMD Athlon 64 X2 Dual Core 3800+, 2.00GHz

What logs are needed so i may post for further assistance?

EDIT: Symptoms so far are some random popups and redirected page clicks, have to copy+paste most site addresses in to be able to enter.

Read other answers
RELEVANCY SCORE 78.8

I would be happy to make a donation to your website if you could help.
I have downloaded hijack and ran it on my computer, is this what you need? What should i do next? Thank you very much for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:07 AM, on 10/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\printer.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.ex... Read more

A:Worm.Win32.netsky, what next?

Read other 6 answers
RELEVANCY SCORE 78.8

My daughters computer has been infected with the worm win32.netsky. She was getting a lot of popups and her background was replaced with an error message. We tried to run ad-aware and spybot and the avast free version, deleting the files they found. The McAfee that was on her computer was out of date so after replacing it with the Avast and restarting the desktop would not show at all, Its currently in safe mode with networking. I also ran the Stinger in safe mode, which found an Artemis trojan that is now deleted. I was browsing on here before posting and tried the Comedian to no avail, I was going to try another step that was recommended to someone else but figured it best to post the report before doing anything else. Thank you in advance for your help. I tried to start the Malwarebytes program but it will not run, also the avast is now disabledThis is the first time I have run HijackThis so please forgive any errors on my part, these are the results;Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:47:36 PM, on 2/10/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16850)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavas... Read more

A:Worm Win32.netsky

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.[We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%&#... Read more

Read other 24 answers
RELEVANCY SCORE 78.8

My daughter's computer appears to have been infected. There are worm.win32.netsky virus warnings are constantly popping up and the desktop has changed. Also, Google desktop appears to have been installed. My daughter says she didn't install it, but i can't be sure she didn't do it inadvertently. Any help would be appreciated. Thank -you.
 

A:WORM.WIN32.NETSKY- Help please

Read other 16 answers
RELEVANCY SCORE 78.8

Hello, I just got infected with this thing last night and i'm having trouble getting rid of it. It won't let me connect to the internet, or the task manager, Even in safe mode! I had to boot off an Ubuntu disk in order to even connect to the internet, thats how im doing this right now. I have HJT and MBAM installed but since i cant connect to the inernet, i have no way of posting the logs. Plleeeeeeeeaaaaase help me!!!!
 

A:Worm.Win32.NetSky?!?

Read other 15 answers
RELEVANCY SCORE 78.8

I have a computer problem now..ever since I cliked on a link for a pic i wanted to see, something has hijacked my computer. I get popups telling me that i have a virus or that something is trying to hack my computer. Other popups tell me to download specific software to help remove virus'. My homepage has been changed, i change it back to yahoo and it reverts to: http://ucleaner.com/main.php?wmid=6010&mid=MjI6Mjo4OQ==&lndid=2 . I cant use my ctl alt and delete keys..it says that the task manager has been disabled by the adminstrator . I am the admin on my computer and I didnt disable anything..

here is one of the things I get:

windows has detected an Internet Attack attempt..somebodys trying to infect your pc with spyware or harmful viruses.Run full system scan now to protect your PC from Internet attacks,hijacking attempts ans spyware! Clik here to download spyware remover for total protection.

I clik on cancel because I dont want to download anything I dont know about or who it came from..It then proceeds to open a new webpage, which i close asap.

I also get a a popup "Spyware Alert" saying that Worm.Win32.NetSky is detected on my machine. I don't even know where this alert comes from?

I also have 3 new icons on my desktop..

Error cleaner,
http://viruswebprotect.com/shandler.php?sid=502&said=7&aid=668&pn=5&sg=1
Spyware and malwar protection

http://viruswebprotect.com/shandler.php?sid=502&said=7&aid=668&pn=... Read more

Read other answers
RELEVANCY SCORE 78.8

My computer has the typical pop-ups, etc, as discussed in the other netsky threads. Here is my log. When I ran DSS, it would not create a extra.txt file. Thank you for your help.

Deckard's System Scanner v20071014.68
Run by Greg Mooradian on 2008-01-30 23:10:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Greg Mooradian.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:57 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\C... Read more

A:Worm.win32.netsky

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the cl... Read more

Read other 15 answers
RELEVANCY SCORE 78.8

Hello, i caught a worm.win32.netsky , i followed some of the advice given on the subject in a similar thread but i don't know what to do next and which files are infected or not so please someone help me with the reports from Hijackthis, Combofix and SDFix. Reports are submitted below. Thank you.

A:Please help - worm.win32.netsky

Read other 9 answers
RELEVANCY SCORE 78.8

I need help removing this I also have the biohazard sign that seems to be a hyperlink. I did not download anything. I have tried the symantec fix for netsky but it did not help. I also ran adaware and it removed a trojan and lots of other stuff. I am running norton now with out using the os. I tried to do a selective start but it seems to load at startup anyway. Stinger also did not find anything.
 

Read other answers
RELEVANCY SCORE 78.8

I downloaded DDS and GMER as instructed and transferred them to the desktop of the PC that is showing the Worm.Win32.NetSky pop-up.

When I double click the DDS icon I get a cannot run window.
Second time I ran it, a blank black window opens with nothing visible.
Similar to a command window - but without anything except the blinking cursor.

When I run GMER, the initial window opened as shown in the initial tutorial. A soon as I try to deselect sections, the box goes black. After 12 minutes and several pop-ups from my current viruses, the desktop is blank. I tried to run GMER again and other than the initial busy cursor, nothing happens. Then the virus pop-ups return.

Not sure what to do next.

A:Worm.Win32.NetSky

Hello and welcome to TSF.

You might want to use the following tool to help allow the programs to run. (courtesy of BleepingComputer.com)

There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.


Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif


Once the tool has run, do NOT reboot the machine, and then try once again to run DDS and GMER and post their logs in a new thread, as this one shall be closed to place it back in the queue.

Read other 1 answers
RELEVANCY SCORE 78.8

I am now offically in way over my head. I turned on my computer yesterday to find new "spyware" removal software installed on my computer, which I did not do. (Along with thousands of pop-ups and the scary red wallpaper) After searching a little bit, I see that I am not the first one to have this happen to them. However, I don't what else to do to fix it!!! I've tried to install different spyware and anti-virus programs and run the scans on programs I already had, and nothing has brought me back to normal. I used Webroot Spy Sweeper and it got and seemed to remover some Spy Cookies, whatever they may be. I'll stop going on and on now. ANY HELP WOULD BE GREATLY APPRECIATED!!!!!

Thanks!!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:33 PM, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Fi... Read more

A:NEED HELP!! worm.win32.netsky

Hi Welcome to TSG!!
Download SDFix and save it to your Desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool ... Read more

Read other 3 answers
RELEVANCY SCORE 78.8

Hi, in the beginning of January, I got infected by worm.win32.netskymy wallpaper got changed and at first I could still use the internet, and then the next day the internet stopped workingthen I went online and searched for solutions (I ran the malwarebyte and removed the things it listed) , and I got rid of the infected wallpaperbut my computer beeps everyday I turn it on now, and the internet does not work, and the PASTE thing doesn't work.The system restore didn't work.When I was trying to run the system recovery, it said something like "File\minint\system32\ntkrnlmp.exe could not be loaded. error code 14"I inserted the Gateway reinstallation CD, but it didn't run at all.Hopefully you guys can help me, please!I have the DDS, ATTACH, and the malwarebyte log too but I don't know if I should post them.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:46:22 PM, on 3/12/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Kaspersky L... Read more

A:worm.win32.netsky? i think

can some one help me please?

Read other 26 answers
RELEVANCY SCORE 78.8

please help i downloaded a virus/worn^^(title) and i cant get rid of it. Yesterday i bought an antivirus (Trend micro anti-virus 2007 ) spent $50 and still didnt get rid of it. Can some1 please help me! Ive donated to this site before so dont think im a leech.. i ran a hijack this not sure what that will do but here's the log

Logfile of HijackThis v1.99.1
Scan saved at 3:15:13 AM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.e... Read more

A:worm.win32.netsky HELP!!!!!!!!!!!!!!

Read other 16 answers
RELEVANCY SCORE 78.8

I was looking at a video and it said it needed an active x codec installed to work. It was fake. It installed a worm.

Did anyone get this too. It has a bio hazard symbol that it dis playes on the background of my computer instead of my standard xp background. It then says your privacy is in danger below it. It then has tons of pop ups trying to get me differnt products that are for romoving spyware, cleaning the pc, etc.

Windows security alert says "windows has detected an internet attact attempt Somebody's trying to infect your PzC with spyware or harmful viruses. Run Full system scan now to protect your pc from Internet attacts, hijacking attempts and spyware! Click here to download spyware remover for total protection."

I get another message from security alterts that says I have worm.win32.netsky

Here is my Hijack This log file

Logfile of HijackThis v1.99.1
Scan saved at 1:52:16 PM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Adobe\Photos... Read more

Read other answers
RELEVANCY SCORE 78.8

You all have probably heard of this one, right? Well I have an unusual problem here. Its the same stuff with the Bio Hazard symbol background and the fake Windows alerts and all. I have succeeded in removing it several times, however I always get this Trojan.Zlob attack ever 10-15 minutes afterwards. After a couple of Hours of Norton Blocking this Trojan, Worm.win32.Netsky comes back at full strength. I was wondering if anyone here can help me out?

Here is my SmitFraudFix Report:

SmitFraudFix v2.254

Scan done at 16:27:23.34, Mon 26/11/2007
Run from C:\Documents and Settings\cling08\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
... Read more

A:Worm.win32.NetSky

Hi, Welcome to TSG!!

Smitfraud fix has been updated. Please delete the version you have and download (save) it again from here
SmitfraudFix (by S!Ri).
Extract the content (a folder named SmitfraudFix) to your Desktop. Select all of the contents and Extract them
to a new folder called SmitfraudFix.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

Read other 1 answers
RELEVANCY SCORE 78.8

hi guys love your site! you already helped me twice before through your site as a guest. now i'm asking as a member, i have a virus malware or something! Please help!I'm not super computer savvy but i can do some things.i cleaned up my laptop and my friends laptop using malwarebytesnow on my moms comp i cannot by any means download or run the softwarei even tried putting it on a disk and running from the disk, no use.then i tried vundofix, nothing.worm.win32.netsky is what keeps popping upand another that says trojanspm/lxi unplugged the internet from the infected comp and im using my laptopyesterday, i saw my regular screen. tonight, its a green screen that says "your system is infected!"like i said before, im only skilled to a point. im afraid to ruin the comp. what should i do? im super frustrated and need help asap!!!!!help please!

A:worm.win32.netsky....

Hello and thank you.. I am moving this from Vista to Am I Infected.Let's try this.. Run RKill then immediately run MBAM..post that log.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.You will need to run the application again if rebooting the computer occurs along the way.

Read other 1 answers
RELEVANCY SCORE 78.8

Hi my computer got infected yesterday. According to the computer is said i was infected with worm.win32.NetSky. I continually get a pop-up that says "Windows has detected an Internet attack attempt..." Upon closing it, it launches Internet Explorer with a website such as udefender or pcsecuresystem. Also, my background has been changing to a red and black image saying that my privacy is in danger and to download all of this stuff to stop it. The CPU is running at 100% use constantly! Please help i need my computer for my work asap! Thanks. - I saw someone else on the forums seems to have the same problem but hasnt appeared to solved it yet! Please Help!

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:38:04 PM, on 11/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program File... Read more

A:worm.win32.netsky

Read other 8 answers
RELEVANCY SCORE 78.8

Picked up this spyware tonight. Hijacked background and was unable to go to any internet sites. Tried to run MBAM and could not. Ran Super AntiSpyware that found & cleaned several files. Reboot still had issue. Ran Avast, found some issues and deleted them. Reboot, some issues gone but still unable to go to your web site. Restored using System Restore, reboot and was able to run MBAM. Found "fake spyware", cleaned, rebooted and reran MBAM with log all clear. Computer seems to be back to normal. All seems to be well but would like to confirm. Please advise if any additional steps are necessary if MBAM log runs clear. Thanks.

A:worm.Win32.NetSky

Updated MBAM and ran a full scan. Logfile posted below. Will update SAS and run a complete scan while at work. Will post back with results. Seems to be running fine. Thanks.

Malwarebytes' Anti-Malware 1.42
Database version: 3348
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/12/2009 6:44:07 AM
mbam-log-2009-12-12 (06-43-50).txt

Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 219016
Time elapsed: 56 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Randy\Local Settings\Temp\vftgbjdbuyt.tmp (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP280\A0026777.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP280\A0026779.exe (Rogue.AdvancedVirusRemover) -> No action taken.
C:\System Volume Information\... Read more

Read other 2 answers
RELEVANCY SCORE 78.8

Please help me get this off my pc, pop-ups keep popping up to tell me Worm.Win32.NetSky has been detected on my machine. Also my home page keeps redirecting to:
http://ucleaner.com/main.php?wmid=6010&mid=MjI6Mjo4OQ==&lndid=2

I read on other forums to get a log file from hijackthis. here is what I have. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:10 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony... Read more

A:Help with Worm.Win32.NetSky

Can Anybody Help Me
 

Read other 2 answers
RELEVANCY SCORE 78.8

My computer has Worm.Win32.Netsky. I'm using another computer as I can no longer use my other. (which is why i can't include all the file stuff) Everything was fine till a last night. A few webpages where coming up red and saying I was infected or whatever so I closed everything off. It seemed like something fake. I reboot but when I did sign back on everything was messed up.

When I first load up windows it goes to the logon screen like everything is normal but than an error pops up. scvhost.exe Application error. I close that ans sign on. I get the long Spyware Alert message. Saying Security Alert. Worm.Win32.Netsky has been detected. Describes what it is and that I should perform a system scan. During this only my desktop loads up (not my tool bar where you click start)

A few secs later a System Shutdown window pops up saying it is shutting down and it's because of RPC and there is a minute countdown.

I tried to access Task Manager (by keys) and it said it was disabled by ADMIN so tried do some RUN: then going to registry or anything trying to and that also did not work. .It said I was infected. I tried safe boot (any safe boot) but it shows all the text scrolling for a bit and then just restarts...

Allot of posts Iv run into talk of downloading things and this and that but I can't even access anything. I'm not a computer expert and really need some help. This all happened quite suddenly. Is there anyway to go delete something without loading up wind... Read more

A:Worm.Win32.Netsky

Lets'ee if we can free task managerThis step involves making changes in the registry. Always back up your registry before making any changes.Go to Start ? Run and type: regeditClick OK.On the left side, click to highlight My Computer at the top.Go up to File ? Export Make sure in that window there is a tick next to "All" under Export Branch.Leave the "Save As Type" as "Registration Files".Under "Filename" put RegBackup.Choose to save it to C:\Click save and then go to File ? Exit.Or you can download and use ERUNTwhich is an excellent free tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed.Click on the link below:http://www.kellys-korner-xp.com/xp_tweaks.htmScroll down to #275 and click "Lift Restrictions - TM, Regedit and CMD" in the left column. Go to File, choose "Save page as" All Files and save regtmcmdrestore.vbs to your desktop. Double-click on that file to allow the script to run and reboot when done. Since the script modifies certain registry settings your anti-virus package may warn you about it. Ignore the warning and allow it to run.If this does or doesn't work.. run The Vipre Rescue Program.

Read other 5 answers
RELEVANCY SCORE 78.8

I have a Dell Dimension 3000 running Windows XP I purchased in 2005(?). I used to get to the screen that told me it was "Worm.Win32.Netsky". Now when I turn it on, it boots to the Internet Security 2010 screen just like I read in previous posts. But I cannot do the install of "RKRILL" or anything else. The task manager is shut off as well. I can only hit the F2 and F12 keys at start up. I called Dell support like I did before for my HP. I wanted them to send the operating system install CDs. Hp sent me them to uninstall and the reinstall. Worked great. Dell did not send those. I received a couple driver CDs and a Windows Xp service pack 2 Cd and a tool system software Cd and a Resource Cd. I cannot do anything with these. I have very limited computer knowledge, so if someone does reply with help, please talk so I can follow without making you irritated with my Q's. Please help!

I AM SORRY TO SAY THAT I PAID DELL SUPPORT TO WIPE MY OPERATING SYSTEM AND RELOAD WINDOWS. I LOVE ALL THE INFORMATION ON THIS SITE AND WILL CONTINUE TO LEARN FROM YOU ALL. BUT AS OF NOW, YOU CAN REMOVE MY REQUEST SO YOU CAN HELP OTHERS MORE QUICKLY. THANK YOU.

A:WORM.WIN32.NETSKY

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 1 answers
RELEVANCY SCORE 78.8

Hi, it seems i ive got this virus like others on here, please can someone help me.

Im getting pop ups taking me to

http://securepccleaner.com
http://scanner.adwareremover2007.com
http://directnameservice.com
http://pcsecuresystem.com

plus the screen went red yesterday with a privacy warning

this is my hi jack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:04, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C... Read more

Read other answers
RELEVANCY SCORE 78.8

I think this is a fake trojan that is trying to get me to buy anti-virus software. I already partially removed it once when I was able to run the Task Manager but it has been disabled by the malware again. Malware Bytes will not load (the computer cannot find MBAM.exe). Please help! I have attached the Hijack this log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:42:38 PM, on 2/8/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Common Files\AOL\ACS\AOLAcs... Read more

A:Worm.Win32.Netsky

Please download The Comedian.exe by Rorschach112 to your desktopPlease disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..Double click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedSTOP! if you can't complete this step.. Tell me more about it..NEXTPlease download OTS by OldTimer and unzip it to your Desktop..Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Double-click on OTS to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).At the top, tick on Scan All Users sectionAt File Age set it to 90 DaysIn the Processes, Modules, Services, Drivers and Registry section, please set on Safe List.In the Files Created Within and Files Modified Within section, set it to File AgeAt the bottom, tick on all Safe List and Use Company Name WhiteList optionUnder Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them:Reg - Disabled MS Config ItemsReg - Drivers32Reg - ExtReg - IE Explorer BarReg - NetSvcsReg - Safeboot MinimalReg - Safeboot NetworkFile - Lop CheckFile - Purity Sca... Read more

Read other 17 answers
RELEVANCY SCORE 78.8

Logfile of HijackThis v1.99.1
Scan saved at 10:09:36 AM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Progr... Read more

A:worm.win32.netsky Help!

Hi and welcome to TSG,

Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
Instead of Windows loading as normal, the Advanced Options Menu should appear
Select the first option, to run Windows in Safe Mode, then press Enter
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any... Read more

Read other 1 answers
RELEVANCY SCORE 78.8

I was getting a message to say i was infected with worm.win32.netsky so I searched the web for help and found this one. Already there was an article about someone facing the same trouble and also with the reponse of help. In that help i clicked the link to download software that will remove the virus and for over 40 minutes no message saying my computer is infected.
If there is anythig I should do now to avoid worm.win32.netsky or trojans please let me know. Mant thanks.

Heres the Report Log from the scanner i downloaded from your web page:-
SDFix: Version 1.124

Run by bishop climate on 08/01/2008 at 23:05

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting...
Normal Mode:
Checking Files:

Trojan Files Found:

C:\Documents and Settings\bishop climate\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\bishop climate\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\bishop climate\Favorites\Spyware&Malware Protection.url - Deleted
C:\DOCUME~1\BISHOP~1\LOCALS~1\Temp\ac8zt2.dat - Deleted
C:\WINDOWS\ampkfst.dll - Deleted
C:\WINDOWS\bklgvsf.dll - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\ensfolr.dll - Deleted
C:\WINDOWS\foxflpd.exe - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\search_res.txt - Deleted
C:\WINDOWS\system32\NTSpool.e... Read more

Read other answers
RELEVANCY SCORE 78.8

On a HP tc4400 tablet pc running MS XP, have encountered the worm.win32.netsky virus by indication of the "spyware alert"/ security warning. Have run hijack and norton internet security with little or no impact on the popups and the overtaking of my desktop screen with bogus file. Can u help?
 

Read other answers
RELEVANCY SCORE 78.8

I am working on a computer for a friend and it seem to have a virus called "Worm.Win32.Netsky". It is Dell Dimension 5150 running Windows XP Service Pack 3. It has basically disabled all these things:Task MangerWhen I try to open the Task Manager it states "Task Manager has been disabled by your administrator". I tried using a program call "procexp" to see what was running but was not able to tell anything from it.Safe ModeTrying to boot in Safe Mode hitting F5 just re-boots me to the same screenInternetWeb browser loads but will not display any pagesHijackThis resultsLogfile of Trend Micro HijackThis v2.0.2Scan saved at 23:01:51, on 1/28/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\... Read more

A:worm.win32.netsky

Hi,* Please download Malwarebytes' Anti-Malware from HerePlace the installer on your desktop. Rename the installer to firefox.exe or winlogon.exe or explorer.exeThen launch the renamed installer in order to install Malwarebytes.Once Malwarebytes is installed and it won't run, navigate to the Program Files\Malwarebytes' anti-malware folder and locate the mbam.exe file in there. Rename it as well to firefox.exe or winlogon.exe or explorer.exe.Launch the renamed mbam.exe in order to run Malwarebytes.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Do NOT post the log yet, but allow mbam to reboot.After reboot, immediately rescan with m... Read more

Read other 10 answers
RELEVANCY SCORE 78.8

I have contracted this virus on my computer and am unsure how to get rid of it. I ran McAfee Virus scan but that didn't get rid of it. Can anyone give me any advice asap? Much appreciated. Thanks.

A:Worm.Win32.NetSky

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 78.8

Something's creeped onto my wife's laptop. It keeps bringing up IE windows for virus programs and spyware alerts and talking about some "worm.win32.netsky" virus.

Here's the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:02:51 PM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Prog... Read more

A:Worm.win32.netsky bug

Read other 9 answers
RELEVANCY SCORE 78.8

below is my latest hjt log--apparently my machine is still infected.

any help is appreciated

Logfile of HijackThis v1.99.1
Scan saved at 4:06:29 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\SearchIndexer.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINNT\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\Pr... Read more

A:HJT Log worm.win32.netsky

...it's not like there's been anything better to do for the last 12 hours than watch this worm/virus/malware/whatever play hell with TSG-recommended AV or spyware...

Well, there's always a first time for everything, and this is the first time you folks came up empty...

A Donating Member
 

Read other 1 answers
RELEVANCY SCORE 78.8

My computer has told me I have this and is trying to download numerous programs that will clean my harddrive and protect me from 3rd parties; I don't trust these sites at all, it seems they cmae from the virus. I saw I was supposed to post a HiJack This list so here it is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:37:11 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\M-Audio Fast Track\GBInst.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.e... Read more

A:Worm.Win32.NetSky

Download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
...
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
 

Read other 1 answers
RELEVANCY SCORE 78.8

My laptop is telling me that I have this virus on my computer and is continually telling me spyware alerts and things of that nature..
what is the most effective and fast way to rid my computer of this. I have a lot of school work on here and cannot lose any.
 

A:help me!! worm.win32.netsky

Hi and welcome to TSG,

Click here to download HJTsetup.exe.

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

 

Read other 1 answers