My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Win32.Netsky.Q@mm

MEDIUM
LOW
28008 bytes (packed with Petite)
(W32/Netsky-Q)

Symptoms

- presence of the following files in Windows directory (%WINDIR%):
SysMonXP.exe
Firewalllogger.txt
- presence of the following entry
SysMonXP = %WINDIR%\SysMonXP.exe
in HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key

Removal instructions:

Automatic removal
Let BitDefender delete the infected files.

Analyzed By

Adrian Gostin BitDefender Virus Researcher

Technical Description:

The worm sends itself as an e-mail attachment to addresses found in
the infected computer.

It copies itself in the Windows directory as SysMonXP.exe and drops
to the same directory a DLL component: Firewalllogger.txt.
It then sets the following registry key, so it will be executed each
time Windows starts up:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SysMonXP =
%WINDIR%\SysMonXP.exe

In 30/03/2004 it generates in the computer speaker sounds with
different tones and durations