(Email-Worm.Win32.NetSky.d, Win32/Netsky.D@mm, Win32.HLLM.Netsky, W32.Netsky.D@mm)
- Existence of a file winlogon.exe in the Windows (c:\\windows usually) directory with the size of 17424. (Warning! The winlogon.exe in the system directory - c:\\windows\\system32 usually - is part of the operating system! Deleting it can result in inability of booting the computer!)
- Existence of a value named "ICQ Net" in the registry in the key HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run with the value "%Windows%\\winlogon.exe -stealth", where %Windows% is the Windows installation directory (usually c:\\Windows).
- An intermittent beeping sound emitted by the computer if the date is March 2, 2004 and the time is between 6:00 AM and 9:00 AM.
Please let BitDefender delete the infected files.
Attila Balazs, virus researcher