Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

worm.win32.netsky has attacked my computer!


  • Please log in to reply

#1
grfloyd

grfloyd

    New Member

  • Member
  • Pip
  • 3 posts
Hi, it looks like my computer has recently been infected with worm.win32.netsky. At least that's what the initial warning when I try to start it up says, I'm assuming that it's not a fake warning. It causes numerous popups and other windows security alerts that all try to route me to buying some software to clean it up. I'm guessing that those ARE fake. I haven't been able to follow any of the existing threads because this worm is stopping me from doing simple processes like accessing registry's, add/remove options and even accessing the internet. Any help on removing this from my computer would be greatly greatly appreciated! Thanks.

grfloyd
  • 0

Advertisements


#2
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    nvstor32.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    nvrd32.sys
    /md5stop
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
  • 0

#3
grfloyd

grfloyd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thank you for your response. The problem with me downloading anything is that the virus will not allow me to access any websites except the malware website that it directs me to. It says that the website can not be loaded because it contains malicious material. Is their either A) A way around this so that I can get on the internet or B) A program that I can download to an external hardrive that I can move over manually? (I have another computer that is working fine.)

Thanks,

grfloyd
  • 0

#4
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Do you have access to a clean computer to download files to and then transfer them across?
  • 0

#5
grfloyd

grfloyd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
yes, I've just had some problems when I was trying to do that. However, I am no professional so I was probably doing something wrong. I will try putting them on my external and transfering them. Where should I go to download this?
  • 0

#6
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
If you can get to another computer then this would work for downloading the files, you can put them on a cd or memory stick and then transfer them to the desktop of the infected computer.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP