Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Win32.Netsky.Q popup with enable protection prompt

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 2 posts

I am new to this forum and website too. I am getting the similar popup mentioned in the forum below except the virus name is Win32.Netsky.Q


I am copying the description from that forum link and modifying the name

There is a pop up message saying "Security Center Alert"
To help protect your computer , Windows Firewall has blocked activity of harmful software.
Then there is a line seperation_______________
Then it says:Do You want to block this suspicious Software?
Name: Win32.Netsky.Q
Risk Level: High
Description: Win32.Netsky.Q is a Trojan program that records keystrokes and takes screen shots of the computer. Stealing personal financial Information.
Then it gives you three buttons to click on:
"Keep Blocking"(which is grayed out and you can't click on it anyway)
"Unblock" (which is also grayed out and you can't click on it)
"Enable Protection"()
Now back to the pop up...underneath the "buttons" it says the following:
Windows Firewall has detected unauthorized activity, but unfortunately it can not help you remove viruses. Keyloggers and other spyware threats that steal your personal information from your computer.
Next is an underlined link, it says:


I was trying to download some free ebook in pdf format and it rebooted my machine. I have disabled the internet connection (through wireless switch ) on that machine.

I have not clicked on that enable protection button yet. If i right click on the running application in task manager while that popup is showing up and choose go to process it goes to 'RealMon.exe'.

Can somebody provide me some manual removal instructions ? I am scared to start internet connection on that computer or run virus removal tools as that is my office computer.

  • 0




    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Somehow the previous post got truncated. Now editing the same post.
Here are the steps i did to remove the Win32.nesky.Q

Did a search for all the files created on the day the machine got infected including search in system and hidden folders.

Deleted following files under various

C:\Documents and Settings\YOURUSERNAME\Application Data

rasim.exe ,sinashi.exe,xerks.exe,manol.exe,netsk.exe,kernell32.dll,
gdi32.dll, mjkdpl.dll,


Deleted syshost.exe from
and removed the
registry key for it

I had to reboot my computer in SAFE MODE as otherwsie I was not able to delete some of the files.

Please advice if i am still missing something.

That dialog box is NOT showing up now but I haven't started internet access on that machine yet. I will wait for some response before start using that computer in case i am still missing something.


Edited by VSharma, 14 December 2008 - 05:00 PM.
removed malware advice

  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP