Over 1 million tech questions and answers.

Worm.win32.netsky Detected On Your Machine

Q: Worm.win32.netsky Detected On Your Machine

Hello, I m new on this forum and as you can see instantly I have a problem sad.gif Yesterday I started getting pop-ups which said this:Worm.Win32.NetSky detected on your machine. This virus is distributed via the Internt through e-mail and Active-X objects. The worm has its own SMTP engin which means it gathers e-mails from your local computer and re-distributes itself. In worst case this worm can allow attackers to access your computer, stealing passwords and personal data.This process should be removed from your system.Type: VirusSystem Affected: Windows 2000, NT, ME, XP, VistaSecurity Risk (0-5): 5Recomendations: Click Yes to remove it from your PC immediatelyand thisWindows has detected an Internet attack attempt...Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from Internet attacts, hijacking attempts and spyware! Click to download spyware remover for total protectionAlso my task manager was blocked and I had to do the followingClick on Start, Run and type the following command exactly and press EnterREG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /fWindows XP is my OS and I m using Zone Alarm Pro.This is my HijackThis LogLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:00:40, on 22.2.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Trust_CR-1200_16-in-1_USB2_CARD_READER\shwicon2k.exeC:\WINDOWS\WebCam\M1000\M1000Mnt.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exeC:\WINDOWS\explorer.exeC:\PROGRA~1\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Internet Explorer\iexplore.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SXG Advisor - {6FFDE480-14C1-43FC-BEC1-CA97A2541FFD} - C:\WINDOWS\dmdvpnslp.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O3 - Toolbar: emotigt - {54BECB1C-D4EA-47B2-9B56-C6768144FDD5} - C:\WINDOWS\emotigt.dllO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Trust_CR-1200_16-in-1_USB2_CARD_READER\shwicon2k.exeO4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMntO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dllO9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O17 - HKLM\System\CCS\Services\Tcpip\..\{E901FCDC-AB4E-4183-B659-B9CD57218D07}: NameServer = 80.65.162.101 217.199.128.11O21 - SSODL: bdmanager - {553F089D-C14A-4463-AEA5-CEE7E908B449} - C:\WINDOWS\bdmanager.dllO21 - SSODL: admgcx - {FC017DD0-5163-4CEB-9876-D0EDD1F0D289} - C:\WINDOWS\admgcx.dllO23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exeO24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Korisnik/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg--End of file - 5480 bytes

RELEVANCY SCORE 200
Preferred Solution: Worm.win32.netsky Detected On Your Machine

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Worm.win32.netsky Detected On Your Machine

Problem solved with Rogue Remover and HijackThis!

Read other 2 answers
RELEVANCY SCORE 122.8

DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by RicardoBurton at 17:48:02.19 on Mon 01/04/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1014.556 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\RicardoBurton\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.atcomet.com/b/
uInternet Settings,ProxyOverride = *.local
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US ... Read more

A:Worm.Win32.NetSky detected on your machine

Hi,

Please do the following:

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


NEXT


Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

NEXT



Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ..... Read more

Read other 6 answers
RELEVANCY SCORE 122.8

Hello new to this forum

Recently purchased a new HP labtop and have recently encountered a pretty big problem

it started when computer seemed to be running fairly slow especially for a brand new computer. then internet google searches started taking me to random websites only allowing me to go to websites by directly putting the link in the address bar. i have an norton free trial for a couple months but received a McAfee antivirus as a gift so uninstalled Norton and installed McaFee. Well i had a problem once McAfee was installed i thought it was weird that it did not ask me for the Product Key that came with the CD and could find nowhere that allowed me to enter it. So tried to uninstall and reinstall and during this process during a restart of the computer i received a message telling me Worm.Win32.NetSky detected on your machine and suggested do a full system scan. so clicked ok on the warning and the computer just showed a blank black screen with windows popping up telling me a couple programs have stopped working. this is where my story ends i am stuck here and if i can get some help to resolve this problem it would be greatly appreciated thank you

Thank You

Read other answers
RELEVANCY SCORE 122.8

Hello new to this forum

I recently just upgraded my Dell Inspiron E 1705 from XP to Windows 7.
When I'm searching for something on google it would send me to a random website or say that the website may contain a virus or unprotected etc.

after i restarted the computer and turned it back on, I come to this problem of only seeing my cursor on my desktop with a black black screen and could not do anything except Ctrl+Alt Delete to see my task manager and shut down. I tried restarting over and over hoping it would just go away. I am now using my work company to write this message and find a solution. I tried reinstalling my Kaspersky onto my computer after i upgraded to Windows 7 and it says I have a risk on my computer but I never could get my Kaspersky to fix the problem.

During a restart of the computer i received a message telling me Worm.Win32.NetSky detected on your machine and suggested do a full system scan. So I x'd out the warning and the computer just showed a blank black screen with just my mouse cursor.
This is where I looked online on my work computer to see if i could find a solution and found this tech support forum on google and saw someone had the same PROBLEM as me.

Only way i was able to get online from my computer is if i signed on in Safe Mode. I would appreciate the help you could give me. I am a wreck without my personal laptop at home and will go crazy. ANY help will be very appreciative. Hope you had a HAPPY NEW YEAR and HOLIDAY!!... Read more

A:Worm.Win32.NetSky detected on your machine

I suggest that you proceed to to our Security Center, Virus/Trojan/Spyware Help Forum, to have your system reviewed by a Security Analyst. Please be sure to follow THESE STEPS carefully before posting your logs in the Security Forum.

Please be patient as the Security Analysts are very busy and one will get to you as soon as possible.

Regards. . .

jcgriff2

.

Read other 1 answers
RELEVANCY SCORE 100.4

Here is what happens:I turn on the computer (my brothers) everything is fine- shows Welcome screen. Before anything (icons or desktop) shows a pop-up appears that says the following:Spyware Alert - Security Warning - Worm.Win32.Netsky detected on your machine. This virus is distributed via the internet through email and active-x objects. The worm has its own SMTP engine which means it gathers emails from local computer and redistributes itself. In worst cases the worm can allow attaches to access your computer, stealing passwords, and personal data. Viruses can damage your confidential data and work on your computer. Continue working in unprotected mod is very dangerous.Type: VirusSystem Affected: Windows 2000, NT, ME, XP, VISTA, 7security risk: 5recommendations: It is necessary to perform full system scan.Only after i click "ok" or close the popup will the desktop, icons, and programs load.As the programs are loading during startup - Window Security Center Opens, also some AntivirusLive performing some sort of "scan"I was going to try to start this method:http://www.bleepingcomputer.com/forums/ind...3&hl=netskyI downloaded the programs on my computer (this one) saved the programs on a flash drive, then moved them to the infected computers desktop but when i tried to open the ATF Cleaner a pop-up says:Application cannot be executed. The file atf_cleaner.exe is infected. Do you want to activate the antivirus software now?Started it on safe mode to try t... Read more

A:Worm.Win32.Netsky detected

well im still here if anyone is interested in helping...

Read other 1 answers
RELEVANCY SCORE 98.4

My computer noted that i was infected with worm.win32.NetSky. I continually get a pop-up that says "Windows has detected an Internet attack attempt..." Upon closing it, it launches Internet Explorer with a website such as udefender or pcsecuresystem. Also, my background changed to a red and black image saying that my privacy is in danger. I loaded spyware doctor and it continues to give me pop ups saying "Spyware Doctor blocked an application regsvr32.exe attempting to access a file. Path c:\windows\popnetdpt.dll Threat adware.agent.bn
The following is my Hijack this log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:05 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice... Read more

A:worm.win32.netsky detected. Hijack this log included.

Read other 15 answers
RELEVANCY SCORE 82

ok well i was JUST infected with this worm? i guess, and it gives me the same pop-up over and over "spyware alert" and some other ones
it tells me 2 download some software
but i haven't nor will i
so some one please help me !
 

A:HELP ASAP Worm.Win32.netsky i have that worm please help me remove it

Read other 16 answers
RELEVANCY SCORE 81.2

It appears that I may have the Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ (or whatever it's called) virus on my laptop and would greatly appreciate your assistance. When I turned it on the other day, it started giving me the below "Spyware Alert!" message followed by the below "WARNING" message after I logged in. My desktop background had NOT changed, as I've seen other people report. I (stupidly) tried to start removal of the virus without your assistance by deleting some of the suspected files and got caught in the Login/LogOff loop. I am now able to get logged in after following the advice here: http://windowsxp.mvps.org/peboot.htm (Thanks to BartPE, What a great tool!). Now, when I try to launch most any (I hesitate to say ALL) applications, even the Task Manager, I get the "WARNING - Application cannot be executed. The file is infected. Please activate your antivirus software." message.When I ran DDS it did not automatically open the logs in Notepad, even though I still have the "WARNING - Application cannot be executed. The file is infected. Please activate your antivirus software." message open so that I could get DDS to launch. (I saw this suggestion somewhere as a work around.) Instead I found them in "C:\WINDOWS\Temp" and have provided them here. Also worth mentioning, I noticed that there were two additional files with the same date/time stamp in the &quo... Read more

A:Possible Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 35 answers
RELEVANCY SCORE 81.2

It appears that I may have the Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ (or whatever it's called) virus on my laptop and would greatly appreciate your assistance. When I turned it on, it started giving me the below "Spyware Alert!" message followed by the below "WARNING" message after I logged in. My desktop background had NOT changed, as I've seen other people report. I (stupidly) tried to start removal of the virus without your assistance by deleting some of the suspected files. Now, when I login, it immediately logs off. (This happens regardless if I "Start Windows Normally" or go into "Safe Mode") Obviously, before I can post/attach a DDS or HJT log and begin the process of removing the malware, I will need assistance getting logged in. Thanks in advance for your assistance.

============================================

Spyware Alert!

Security Warning!

Worm.Win32.NetSky detected on your machine.
This virus is distributed via the Internet through e-mail and Active-x
objects.
The worm has its own SMTP engine which means it gathers e-mails
from your local computer and re-distributes itself.
In worst cases this worm can allow attachers to access your
computer, stealing passwords and personal data.
Viruses can damage your confidential data and work on your
computer.
Continue working in unprotected mode is very dangerous.
Type: Virus
System Affected: Windows 2000, NT, ME, XP, Vi... Read more

A:Possible Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum so we can get you started. ~ OB

Read other 3 answers
RELEVANCY SCORE 80.8

As you can see from the title, I got a bad infection. I am getting the same screen warning others are getting in other threads concerning this same infection. I am not on this computer as I am afraid to plug it into my home network. I used a memory stick to get this log. Can you please help me? Thanks in advance.
Here is Highjackthis log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:34 PM, on 12/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\... Read more

Read other answers
RELEVANCY SCORE 78.8

Been having constant pop ups of various "infected" statements. I run Sophos Anti Virus which is really good but seems these have slipped through. I run adaware every now and then as well. Being a little tech savy i tried the normal things i have done in the past. I have followed the thread about what to do in these circumstances and done the 5 steps.

Below is the log after dss.exe

Not sure what else i can do as i know these things are present. The online Pandasoftware search found several issues but was only able to fix one.


Deckard's System Scanner v20071014.68
Run by Brett on 2007-12-20 17:24:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
72: 2007-12-20 07:24:57 UTC - RP675 - Deckard's System Scanner Restore Point
71: 2007-12-20 02:16:36 UTC - RP674 - System Checkpoint
70: 2007-12-17 05:05:29 UTC - RP673 - Installed Sophos Anti-Virus
69: 2007-12-17 05:03:13 UTC - RP672 - Removed Sophos Anti-Virus
68: 2007-12-13 14:08:06 UTC - RP671 - System Checkpoint


-- First Restore Point --
1: 2007-10-02 09:34:52 UTC - RP604 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis Clone --------------------------... Read more

A:Constant pop ups - Windows has Detected... worm.w32.netsky....

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------------------------------------- Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop


Disconnect from the internet....pull the plug!
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
Go to -> Run -> paste in the following single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall


Follow the prompts. Type "1" and press Enter to begin the scan.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is no... Read more

Read other 3 answers
RELEVANCY SCORE 78.4

I have a Dell Dimension 3000 running Windows XP I purchased in 2005(?). I used to get to the screen that told me it was "Worm.Win32.Netsky". Now when I turn it on, it boots to the Internet Security 2010 screen just like I read in previous posts. But I cannot do the install of "RKRILL" or anything else. The task manager is shut off as well. I can only hit the F2 and F12 keys at start up. I called Dell support like I did before for my HP. I wanted them to send the operating system install CDs. Hp sent me them to uninstall and the reinstall. Worked great. Dell did not send those. I received a couple driver CDs and a Windows Xp service pack 2 Cd and a tool system software Cd and a Resource Cd. I cannot do anything with these. I have very limited computer knowledge, so if someone does reply with help, please talk so I can follow without making you irritated with my Q's. Please help!

I AM SORRY TO SAY THAT I PAID DELL SUPPORT TO WIPE MY OPERATING SYSTEM AND RELOAD WINDOWS. I LOVE ALL THE INFORMATION ON THIS SITE AND WILL CONTINUE TO LEARN FROM YOU ALL. BUT AS OF NOW, YOU CAN REMOVE MY REQUEST SO YOU CAN HELP OTHERS MORE QUICKLY. THANK YOU.

A:WORM.WIN32.NETSKY

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 1 answers
RELEVANCY SCORE 78.4

Basically, My brother was on the computer, and now we've been getting pop ups, and the CPU Usage goes straight to 100%I've post the Hijack this logs into the category already, and, typing this is really hard because the line thing keeps going back lettersAnd pages keep switching on there own to like random apps.This one i just closeThis one is stupid. It runs as IEXPLORER.exe and no matter what i do, it opens a ie page.I just close this as wellAny help would be AMAZING

A:Worm.win32.netsky

Your log is posted here.After posting a log you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".To avoid confusing, I am closing this topic until you are cleared by the HJT Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.Thanks for your cooperation and good luck with your log.

Read other 1 answers
RELEVANCY SCORE 78.4

I need help removing this I also have the biohazard sign that seems to be a hyperlink. I did not download anything. I have tried the symantec fix for netsky but it did not help. I also ran adaware and it removed a trojan and lots of other stuff. I am running norton now with out using the os. I tried to do a selective start but it seems to load at startup anyway. Stinger also did not find anything.
 

Read other answers
RELEVANCY SCORE 78.4

Logfile of HijackThis v1.99.1
Scan saved at 10:09:36 AM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Progr... Read more

A:worm.win32.netsky Help!

Hi and welcome to TSG,

Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
Instead of Windows loading as normal, the Advanced Options Menu should appear
Select the first option, to run Windows in Safe Mode, then press Enter
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any... Read more

Read other 1 answers
RELEVANCY SCORE 78.4

Hi my computer got infected yesterday. According to the computer is said i was infected with worm.win32.NetSky. I continually get a pop-up that says "Windows has detected an Internet attack attempt..." Upon closing it, it launches Internet Explorer with a website such as udefender or pcsecuresystem. Also, my background has been changing to a red and black image saying that my privacy is in danger and to download all of this stuff to stop it. The CPU is running at 100% use constantly! Please help i need my computer for my work asap! Thanks. - I saw someone else on the forums seems to have the same problem but hasnt appeared to solved it yet! Please Help!

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:38:04 PM, on 11/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program File... Read more

A:worm.win32.netsky

Read other 8 answers
RELEVANCY SCORE 78.4

Hello, recently i got an attack. At startup computer states im infected with worm.win32.netsky.

Computer Specs: Windows XP Media Center Edition 2005. XFX Radeon HD 4890 1gb GDDR5. 4GB RAM (Reads at 3.5gb)
AMD Athlon 64 X2 Dual Core 3800+, 2.00GHz

What logs are needed so i may post for further assistance?

EDIT: Symptoms so far are some random popups and redirected page clicks, have to copy+paste most site addresses in to be able to enter.

Read other answers
RELEVANCY SCORE 78.4

O.o
Okay, so I was recently infected with this virus/trojan....
I was stupid, k?
I downloaded an ActiveX control.
I was 10, for crying out loud!
I'm 11.
Yes, I'm young.
But don't underestimate me, I own a website, and know a good bit... Maybe not as much as you peeps out there, but you get it. =)
Back to the point....
Okay, so I was just wondering what it is.
I don't want to get infected with it again.
It was totally DESTRUCTIVE.
I mean, it kept prompting me and prompting me and PROMPTING ME to install something. (forgot)
It was so annoying.
Then it changed my background, saying "WARNING: Your computer has been infected! Click here to install the latest virus protection!" Or something like that...
It was uber scary.
So, then I tried to use Internet Explorer.
CRASH BOOM BANG OUCH.
Yea, it didn't work.
So then, I scanned with Norton.
Gah, it froze up.
So I rebooted.
Nothing.
I mean, something, but it was WAY worse.
So, my mom told her computer tech guy person (xD) about it.
He looked at it.
Our entire hard drive was slowly being destroyed.
He said there was nothing he could do about it, except clearing the entire computer, and putting in all kinds of new thing. (You know, a new gfx adapter, chips, etc)
So, yea...
My site went on haitus.
BTW, the computer I am using right now is a Vista Pro Home. @ my dad's right now.
So, erm, can you tell me a lil' 'bout it?

Thanks,
~Dawn Hall
*dies of laughter at the smiley*

A:Worm.win32.netsky?

And your question is....??

Read other 1 answers
RELEVANCY SCORE 78.4

Hello, i caught a worm.win32.netsky , i followed some of the advice given on the subject in a similar thread but i don't know what to do next and which files are infected or not so please someone help me with the reports from Hijackthis, Combofix and SDFix. Reports are submitted below. Thank you.

A:Please help - worm.win32.netsky

Read other 9 answers
RELEVANCY SCORE 78.4

Hello,I'm posting here asking for help with a problem the laptop has been having recently. For the past 2 weeks or so internet explorer has randomly popped up while I am browsing (my browser is Firefox) but I never paid it any mind. Then earlier today someone else was using the laptop and noticed that the desktop had changed itself to "Your computer is infected" and that I must run a spy ware scan immediately. I ran two and got rid of a few trojans/viruses but not this one. Whenever I reboot the computer it notifies me that it is the worm.win32.netsky it is infected with but offers no help in removing it. Starting up in safe mode was of no aid as the trojan/virus was still present. I can not run the dds as the virus will not allow me to, and I can't ctrl alt del. Here is my logs:HiJackThisLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:49:37 AM, on 12/9/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system... Read more

A:Worm.Win32.NetSky

Problem solved - thanks.

Read other 2 answers
RELEVANCY SCORE 78.4

I'm running Windows XP (up to date...have auto update turned on). I am getting a popup that I am infected with worm.win32.netsky. I am running AVG 8.5 (paid version). So far I've tried the AVG scan, the AVG rootkit scan, the Microsoft's MRT, FxNetsky, and one other that I can't remember the name of. Now I need help (or a new computer). Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:17 PM, on 1/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\smss32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\SYSTEM32\MRT.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myw... Read more

A:worm.win32.netsky

Read other 16 answers
RELEVANCY SCORE 78.4

Picked up this spyware tonight. Hijacked background and was unable to go to any internet sites. Tried to run MBAM and could not. Ran Super AntiSpyware that found & cleaned several files. Reboot still had issue. Ran Avast, found some issues and deleted them. Reboot, some issues gone but still unable to go to your web site. Restored using System Restore, reboot and was able to run MBAM. Found "fake spyware", cleaned, rebooted and reran MBAM with log all clear. Computer seems to be back to normal. All seems to be well but would like to confirm. Please advise if any additional steps are necessary if MBAM log runs clear. Thanks.

A:worm.Win32.NetSky

Updated MBAM and ran a full scan. Logfile posted below. Will update SAS and run a complete scan while at work. Will post back with results. Seems to be running fine. Thanks.

Malwarebytes' Anti-Malware 1.42
Database version: 3348
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/12/2009 6:44:07 AM
mbam-log-2009-12-12 (06-43-50).txt

Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 219016
Time elapsed: 56 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Randy\Local Settings\Temp\vftgbjdbuyt.tmp (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP280\A0026777.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP280\A0026779.exe (Rogue.AdvancedVirusRemover) -> No action taken.
C:\System Volume Information\... Read more

Read other 2 answers
RELEVANCY SCORE 78.4

My computer has Worm.Win32.Netsky. I'm using another computer as I can no longer use my other. (which is why i can't include all the file stuff) Everything was fine till a last night. A few webpages where coming up red and saying I was infected or whatever so I closed everything off. It seemed like something fake. I reboot but when I did sign back on everything was messed up.

When I first load up windows it goes to the logon screen like everything is normal but than an error pops up. scvhost.exe Application error. I close that ans sign on. I get the long Spyware Alert message. Saying Security Alert. Worm.Win32.Netsky has been detected. Describes what it is and that I should perform a system scan. During this only my desktop loads up (not my tool bar where you click start)

A few secs later a System Shutdown window pops up saying it is shutting down and it's because of RPC and there is a minute countdown.

I tried to access Task Manager (by keys) and it said it was disabled by ADMIN so tried do some RUN: then going to registry or anything trying to and that also did not work. .It said I was infected. I tried safe boot (any safe boot) but it shows all the text scrolling for a bit and then just restarts...

Allot of posts Iv run into talk of downloading things and this and that but I can't even access anything. I'm not a computer expert and really need some help. This all happened quite suddenly. Is there anyway to go delete something without loading up wind... Read more

A:Worm.Win32.Netsky

Lets'ee if we can free task managerThis step involves making changes in the registry. Always back up your registry before making any changes.Go to Start ? Run and type: regeditClick OK.On the left side, click to highlight My Computer at the top.Go up to File ? Export Make sure in that window there is a tick next to "All" under Export Branch.Leave the "Save As Type" as "Registration Files".Under "Filename" put RegBackup.Choose to save it to C:\Click save and then go to File ? Exit.Or you can download and use ERUNTwhich is an excellent free tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed.Click on the link below:http://www.kellys-korner-xp.com/xp_tweaks.htmScroll down to #275 and click "Lift Restrictions - TM, Regedit and CMD" in the left column. Go to File, choose "Save page as" All Files and save regtmcmdrestore.vbs to your desktop. Double-click on that file to allow the script to run and reboot when done. Since the script modifies certain registry settings your anti-virus package may warn you about it. Ignore the warning and allow it to run.If this does or doesn't work.. run The Vipre Rescue Program.

Read other 5 answers
RELEVANCY SCORE 78.4

On a HP tc4400 tablet pc running MS XP, have encountered the worm.win32.netsky virus by indication of the "spyware alert"/ security warning. Have run hijack and norton internet security with little or no impact on the popups and the overtaking of my desktop screen with bogus file. Can u help?
 

Read other answers
RELEVANCY SCORE 78.4

my pc keeps coming up with a box saying windows security alert... windows has detected an internet attack attempt and then another box which says i have WORM.WIN32.NETSKY!!

HIJACK LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:53:20, on 29/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDO... Read more

A:please help!! worm.win32.netsky

Download SDFix and save it to your desktop.


Please then reboot your computer in Safe Mode by doing the following :
Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.

It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.

Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum.


=========================================

This will help to identify any malware on your system.
Please download Combofix from HERE or HERE

Save ComboFix to t... Read more

Read other 1 answers
RELEVANCY SCORE 78.4

Hi, it seems i ive got this virus like others on here, please can someone help me.

Im getting pop ups taking me to

http://securepccleaner.com
http://scanner.adwareremover2007.com
http://directnameservice.com
http://pcsecuresystem.com

plus the screen went red yesterday with a privacy warning

this is my hi jack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:04, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C... Read more

Read other answers
RELEVANCY SCORE 78.4

You all have probably heard of this one, right? Well I have an unusual problem here. Its the same stuff with the Bio Hazard symbol background and the fake Windows alerts and all. I have succeeded in removing it several times, however I always get this Trojan.Zlob attack ever 10-15 minutes afterwards. After a couple of Hours of Norton Blocking this Trojan, Worm.win32.Netsky comes back at full strength. I was wondering if anyone here can help me out?

Here is my SmitFraudFix Report:

SmitFraudFix v2.254

Scan done at 16:27:23.34, Mon 26/11/2007
Run from C:\Documents and Settings\cling08\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
... Read more

A:Worm.win32.NetSky

Hi, Welcome to TSG!!

Smitfraud fix has been updated. Please delete the version you have and download (save) it again from here
SmitfraudFix (by S!Ri).
Extract the content (a folder named SmitfraudFix) to your Desktop. Select all of the contents and Extract them
to a new folder called SmitfraudFix.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

Read other 1 answers
RELEVANCY SCORE 78.4

this along with other thing keeps popping up "security warning!
worm.win32.netsky detected on your machine. this virus is distributed via the internet through email and active-x objects. the worn has its own smtp engine which means it gathers e-mails from your local computers and re redistributes itself...
tye---virus
system affected windows 2000,nt,me,xp,vista
security risk(0-5): 5
recommendations click yes to remove it from your pc immediately
the weird this is that when it pops up on the task bar it shows it as a folder icon..ive never seen a pop up shown as a folder
its really starting to piss me off it makes my pc so ****ing slow!!!!
and i have the little blinking red x on my task bar thing

ive tried a whole lot of things like prevx
regcure
norton trial i cant afford norton
ive tried spybot
malware scanner
a few more thing that i cant think of i dont know internet explorer things keep popping up i hate i.e
i use mozilla
umm system alert warnings keep popping up
saying that my system is infected
i dont know what to do anymore
im trying my best to get rid of the problem...

im using compaq preserio xp i think its just regular xp

well if u could help me out that would be wonderful...

o and every time i start my comp there are three new icons on the desktop there all tools to remove spyware malware ect. i didnt put em there they are just there

ive had a friend whos comp did the same thing

i dont remember what he did
but everytime i delete the 3 icons next time ... Read more

Read other answers
RELEVANCY SCORE 78.4

Hi,
My computer has recently been infected with the worm.win32.netsky.It has disabled the firewall, internet explorer and system restore. Have run macafee antivirus, adaware and spybot but still not got rid of it. I have also ran spy doctor and smit something. Can anyone help.

Read other answers
RELEVANCY SCORE 78.4

Hi Guys!

I started my laptop the other day to be greeted by a message saying:
Security Warning!
Worm.Win32.Netsky detected on your machine.
This virus is distributed via the Internet through email and Active-x
objects.
The worm has its own smtp engine which means it gathers
emails from your local computer and re-distributes itself.
In worst cases this worm can allow attachers to access your
computer, stealing passwords and personal data.
Viruses can damage your confidential data and work on your
computer.
Continue working in unprotected mode is very dangerous.


My wallpaper has changed to bright green with a black box saying:
YOUR SYSTEM IS INFECTED!
System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommended to use spyware removal tool to prevent data loss. Do not use the computer before all spyware is removed."


I googled it and found these instructions to remove it: :removed
but when I boot to safe mode and run SmitfraudFix I get a message saying: Application cannot be executed. The file is infected. Please activate your antivirus software.


I really don't know what to do now. Any help would be very much appreciated!

A:Worm.Win32.Netsky

That's a pretty dated fix you're trying to follow. More likely, the machine is infected with a newish rogue. Security Essentials 2010, Internet Security 2010, or similar.

If you have an active internet connection, copy/paste the links below into your browser, don't click them or the rogue might redirect. If you don't have an active internet connection, download the tools from another machine, and transfer them to the affected machine via USB flash drive.


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.


http://download.bleepingcomputer.com/grinler/rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.com
http://download.bleepingcomputer.com/grinler/rkill.scr
http://download.bleepingcomputer.com/grinler/rkill.pif

Note:

You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

At this point, you should now be able to run analysis tools.

Once the tool has run, do NOT reboot the ma... Read more

Read other 19 answers
RELEVANCY SCORE 78.4

I followed the steps of installing dds and gmer to no avail. Amatuer suggested running rkill and provided four versions. None worked, but one of them did wake up my virus while in safe mode. It is A LOT slower and not over powering, but is now running.

While in safe mode, dds did not work. gmer is currently running, but I was curious, will the scan/report still be as valid since it is being run in safe mode. I think so, but thought I'd ask while I wait.

A:Worm.Win32.NetSky...still

Here is the gmer log.

Thanks

Read other 4 answers
RELEVANCY SCORE 78.4

below is my latest hjt log--apparently my machine is still infected.

any help is appreciated

Logfile of HijackThis v1.99.1
Scan saved at 4:06:29 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\SearchIndexer.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINNT\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\Pr... Read more

A:HJT Log worm.win32.netsky

...it's not like there's been anything better to do for the last 12 hours than watch this worm/virus/malware/whatever play hell with TSG-recommended AV or spyware...

Well, there's always a first time for everything, and this is the first time you folks came up empty...

A Donating Member
 

Read other 1 answers
RELEVANCY SCORE 78.4

My computer has Worm.Win32.Netsky. I'm using another computer as I can no longer use my other. (which is why i can't include all the file stuff) Everything was fine till a little while ago, some webpages where coming up red and saying I was infected or whatever so I closed everything off. I was installing my new virus program (figured it was a good time with the weird stuff on the webpages) and I had to reboot but when I did everything was messed up. I get several error messages one being the long one saying that im infected with Worm.Win32.Netsky and need to get spyware removal. But my start tool bar never comes up and not long after that I get a message saying it's restarting because of RPC or something and a count down then everything goes off. I tried to access Task Manager and it said it was disabled so tried do some RUN: then going to registry or anything trying to and that also did not work. .I tried safe boot but it shows all the text scrolling for a bit and then just restarts...Allot of posts Iv run into talk of downloading things and this and that but I can't even access anything. I'm not a computer expert and really need some help. Is there anyway to go delete something without loading up windows?

A:Worm.Win32.Netsky

Can i add to my post? *Wanted to mention that I can access the recovery console

Read other 1 answers
RELEVANCY SCORE 78.4

My daughter's computer appears to have been infected. There are worm.win32.netsky virus warnings are constantly popping up and the desktop has changed. Also, Google desktop appears to have been installed. My daughter says she didn't install it, but i can't be sure she didn't do it inadvertently. Any help would be appreciated. Thank -you.
 

A:WORM.WIN32.NETSKY- Help please

Read other 16 answers
RELEVANCY SCORE 78.4

I am now offically in way over my head. I turned on my computer yesterday to find new "spyware" removal software installed on my computer, which I did not do. (Along with thousands of pop-ups and the scary red wallpaper) After searching a little bit, I see that I am not the first one to have this happen to them. However, I don't what else to do to fix it!!! I've tried to install different spyware and anti-virus programs and run the scans on programs I already had, and nothing has brought me back to normal. I used Webroot Spy Sweeper and it got and seemed to remover some Spy Cookies, whatever they may be. I'll stop going on and on now. ANY HELP WOULD BE GREATLY APPRECIATED!!!!!

Thanks!!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:33 PM, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Fi... Read more

A:NEED HELP!! worm.win32.netsky

Hi Welcome to TSG!!
Download SDFix and save it to your Desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool ... Read more

Read other 3 answers
RELEVANCY SCORE 78.4

A day or two ago my Mom's computer started getting strange pop ups saying Windows detected the Worm.Win32.Netsky and that software must be downloaded. It put three shortcuts on the desktop. It just keeps popping up messages. Please help remove it. Here is my HJT log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:50, on 2008-01-24Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exeC:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA... Read more

A:Worm.win32.netsky

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

Read other 1 answers
RELEVANCY SCORE 78.4

Everytime i turn on my computer there is a pop up screen that informs me that i have been infected with worm.win32.netsky.
Thats not the only thing, the desktop icons along with the start menu dont appear they are missing and i cannot enter task manager exept when i enter safe mode there i can access the internet along with my desktop with the help of windows explorer. fortunatly i am able to use the internet to get help and fix my computer (vista ultimate).

I dont know what to do please help

A:Worm.Win32.netsky HELP

Hi and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, as far as they possibly can, before posting for assistance.

http://www.techsupportforum.com/f50/...lp-305963.html

If you have problems with any of the steps, simply move on to the next one and make a note of the problem in your reply.

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply - it may take a few days.

This thread will now be closed.

Read other 1 answers
RELEVANCY SCORE 78.4

Hi. Can someone please direct me to instructions and software on this site for removing worm.win32.netsky. I did a search and couldn't find it.

My wife called me at work and said she gets the worm.win32.netsky message when booting up. I am doing this search on a different computer (work). I'll try messing with the infected computer when I get home in a few hours.

I had a lot of luck last summer beating another Malware virus through this site. I was hoping to get lucky again.

Thanks

A:worm.win32.netsky

Hello and welcome.. I am moving this from XP to the Am I Infected forum.Follow the Automated Removal Instructions for Internet Security 2010 in this guide. Use alll the steps. Remove Internet Security 2010 (Uninstall Guide)Post the Malwarebytes log.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Read other 3 answers
RELEVANCY SCORE 78.4

The description says it all. I get warnings, IE self-starting with offers of free scans, &c, &c.Any help is appreciated.Regards,DougMod Edit: Topic moved to more appropriate forum~ TMacK

A:Worm.win32.netsky

After an attack by Worm.Win32.Netsky, my mouse no longer behaves in the manner I wish. Checking the folder options, I find the mouse options I usually use have been disabled (see attachment). Any clues?Regards,Dorjun DriverMod Edit: Topic " Folder Options Conundrum" merged with this topic for continuity purposes.~ TMacK

Read other 10 answers
RELEVANCY SCORE 78.4

Am experiencing an annoying problem on my ThinkPad running XP Pro SP2. The system hung up while deleting old emails. I unplugged the ethernet cable and tried to close the window without success. Meanwhile a popup appeared warning I had "Worm.WIN32.NetSky." Couldn't access the Start menu or open Task Manager. Had to force a shutdown using the power button.

Started back up in Safe Mode and ran SUPERAntiSpyware which found and vaulted:
"worm.Agobot-WC" (x1)
"SMSS32.EXE" (x3)
While SUPERAntiSpyware was running, a popup purportedly from "IDS Software" warned it had detected "TROJANSPM/LX." I suspect this was fake but in a careless moment closed the popup by clicking "x" in its upper corner.

Now when rebooting, either in Safe Mode or normally, my usual desktop loads briefly and then the Welcome screen comes up. I've never booted to the Welcome screen before. Nor have I ever booted using a password. Clicking the "Administrator" log on icon went briefly to the desktop then back to the Welcome screen. But now only the "User" and not the "Administrator" log on icon appears on the Welcome screen.

Can't get past the Welcome screen except by CTRL-ALT-DEL to shutdown or by a suspicious looking "Turn Off Test" icon at the lower left on the Welcome screen, which brings up a shutdown menu box.

I've tried to make a boot repair using Recovery Console from the XP CD ... Read more

A:Worm.WIN32.NetSky

This topic has been split into it's own topic.. including a small bump here. Original was split from this topic in Windows XP Home and Pro I have pm'd the member with a link to let them know.

Read other 2 answers
RELEVANCY SCORE 78.4

I would be happy to make a donation to your website if you could help.
I have downloaded hijack and ran it on my computer, is this what you need? What should i do next? Thank you very much for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:07 AM, on 10/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\printer.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.ex... Read more

A:Worm.Win32.netsky, what next?

Read other 6 answers
RELEVANCY SCORE 78.4

hi everyone. my computer's been infected. i'm getting a message that tells me i'm infected with worm.win32.netsky. here are the symptoms my computer's exhibiting:
*after windows loads, i get a message that tells me i've been infected with worm.win32.netsky
*my desktop background has been changed to a message telling me "your system is infected"
*my computer has slowed down considerably
*my task manager has been disabled
*the task bar is displayed but nothing on it is clickable including access to the start menu
*i can't access the internet
*i can't load anything from a disc

one more problem - while i wouldn't say i'm computer illiterate, but i do speak computer at a 1st grade level. for example, i had to look up "task bar" just to be sure i was calling it the right thing. just a heads up there. any help would be appreciated.

thanks,
jim

Read other answers
RELEVANCY SCORE 78.4

hey i was here a couple months with a virus kinda the same, and im back again with another one i can't get rid rid, windows says its worm.win32.NetSky it gives me pops evry 2 minuits saying to download crap, i have no idea how i got it because i didn't download anything for a while, probably my step dad.
i searched on forums for a quick fix to this but it doesn't look very simple, so ill just post my hijack this log and im currently scanning with SUPERantispyware so ill post up what it says when its done.

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mc... Read more

A:worm.win32.NetSky

Read other 6 answers
RELEVANCY SCORE 78.4

I was looking at a video and it said it needed an active x codec installed to work. It was fake. It installed a worm.

Did anyone get this too. It has a bio hazard symbol that it dis playes on the background of my computer instead of my standard xp background. It then says your privacy is in danger below it. It then has tons of pop ups trying to get me differnt products that are for romoving spyware, cleaning the pc, etc.

Windows security alert says "windows has detected an internet attact attempt Somebody's trying to infect your PzC with spyware or harmful viruses. Run Full system scan now to protect your pc from Internet attacts, hijacking attempts and spyware! Click here to download spyware remover for total protection."

I get another message from security alterts that says I have worm.win32.netsky

Here is my Hijack This log file

Logfile of HijackThis v1.99.1
Scan saved at 1:52:16 PM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Adobe\Photos... Read more

Read other answers
RELEVANCY SCORE 78.4

About 2 months ago, all the contacts on my hotmail account were deleted and I stopped receiving any emails in my hotmail account. Because of the lazy person I am, I ignored this, as I don't really use email.

Then today, whilst using my computer, it froze, then restarted. When it restarted, it reached the windows XP loading screen with the moving bar in the middle of the screen and after about 3 seconds, the blue screen of death flashed up on the screen and went too quickly for me to read it, then the computer restarted again. The boot screen came up which says that windows didn't start up properly last time, so I had the choice of running in safe mode etc. Last know good configuration and normal, both resulted in the previous blue screen flashing up, that I mentioned.

Then I tried it in safe mode and after it loaded mup.sys, below that, it said 'press ESC to cancel. loading SPTD.sys'. I left it and the computer just restarted, but I didn't see the blue screen this time. When I loaded it in safe mode again, I pressed ESC to cancel the loading of SPTD.sys and safe mode booted. It asked if I wanted to use system restore, which I though would be a good idea, so I pressed 'NO' to activate it and it told me that system restore had been disabled and to contact my system administrator.

Once I'd closed that, a window appeared, telling me that I had Worm.win32.NetSky. I googled this on another computer in the house and looked for ways to remove it, bu... Read more

Read other answers
RELEVANCY SCORE 78.4

Please help me get this off my pc, pop-ups keep popping up to tell me Worm.Win32.NetSky has been detected on my machine. Also my home page keeps redirecting to:
http://ucleaner.com/main.php?wmid=6010&mid=MjI6Mjo4OQ==&lndid=2

I read on other forums to get a log file from hijackthis. here is what I have. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:10 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony... Read more

A:Help with Worm.Win32.NetSky

Can Anybody Help Me
 

Read other 2 answers