Win32.Netsky.Q@mm
MEDIUM
LOW
28008 bytes (packed with Petite)
(W32/Netsky-Q)
Symptoms
- presence of the following files in Windows directory (%WINDIR%):
SysMonXP.exe
Firewalllogger.txt
- presence of the following entry
SysMonXP = %WINDIR%\SysMonXP.exe
in HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key
Removal instructions:
Automatic removal
Let BitDefender delete the infected files.
Analyzed By
Adrian Gostin BitDefender Virus Researcher
Technical Description:
The worm sends itself as an e-mail attachment to addresses found in
the infected computer.
It copies itself in the Windows directory as SysMonXP.exe and drops
to the same directory a DLL component: Firewalllogger.txt.
It then sets the following registry key, so it will be executed each
time Windows starts up:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SysMonXP =
%WINDIR%\SysMonXP.exe
In 30/03/2004 it generates in the computer speaker sounds with
different tones and durations
SHARE
THIS ON