Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Limewire virus?

Started by kunald , Oct 17 2005 12:27 PM

  • Please log in to reply

#1
kunald
Posted 17 October 2005 - 12:27 PM

kunald

    New Member

  • Member
  • Pip
  • 4 posts
Hi guys, I've seen some threads similar to this one but I'm a newbie when it comes to getting rid of viruses so it didn't help me much. I'm not sure what to do; Limewire was saying I had hundreds of files for sharing in a folder named "complete" which I can't find, I can't open task manager and the system32 folder has vanished. I did a virus scan and it revealed over 10000 viruses in the said "complete" folder. It removed them, but task manager still won't open, the complete folder is still there and system 32 has gone too.

I've been trying everything I can and I can't get rid of this thing :tazz: I deleted some things with regedit such as winupdates, msmovies but nothing seems to be working. Here's my hijackthislog:

/////////////

Logfile of HijackThis v1.99.1
Scan saved at 19:15:02, on 17/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\blueyonder\PCguard\RPS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Kunal\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] c:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ms-update] scvhost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\RPS.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Hot Flash - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\PROGRA~1\HOTFLA~1\save.htm (file missing)
O9 - Extra 'Tools' menuitem: &Search SWF Files - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\PROGRA~1\HOTFLA~1\save.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1127265068000
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O18 - Protocol: msnim - 0 - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



Any help would be appreciated as I don't know what else I can do anymore! Sorry if this is annoying, I'm a newbie to this and apologize if it is...
thanks
  • 0

Advertisements

#2
Armodeluxe
Posted 20 October 2005 - 11:54 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi kunald,

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#3
kunald
Posted 22 October 2005 - 08:31 AM

kunald

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for the reply. I couldn't post the whole text because it was over 20mb... I uploaded it to my website though and it can be found here: http://www.kunation.com/yes.txt

Here's part of it:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, October 22, 2005 13:27:05
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 22/10/2005
Kaspersky Anti-Virus database records: 155504
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 230520
Number of viruses found: 11
Number of infected objects: 103379
Number of suspicious objects: 0
Duration of the scan process: 31025 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Kunal\Complete\& Lesbian Oldy Licking In Kitchen.zip/Video.exe Infected: Trojan-Dropper.Win32.WinAD.h
C:\Documents and Settings\Kunal\Complete\& Lesbian Oldy Licking In Kitchen.zip Infected: Trojan-Dropper.Win32.WinAD.h
C:\Documents and Settings\Kunal\Complete\& Mature Lesbian Rubbing Their Boobs.zip/Video.exe Infected: Trojan-Dropper.Win32.WinAD.h
C:\Documents and Settings\Kunal\Complete\& Mature Lesbian Rubbing Their Boobs.zip Infected: Trojan-Dropper.Win32.WinAD.h
C:\Documents and Settings\Kunal\Complete\Zoe Masturbates Mans Big [bleep].zip Infected: Trojan-Dropper.Win32.WinAD.h
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/INBOX.Trash/[From "Post Office" <[email protected]>][Date Sat, 28 Aug 2004 13:27:29 +0530]/UNNAMED/kunation.com Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/INBOX.Trash/[From "Post Office" <[email protected]>][Date Sat, 28 Aug 2004 13:27:29 +0530]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/INBOX.Trash/[From "Post Office" <[email protected]>][Date Sat, 28 Aug 2004 18:39:58 +0530]/UNNAMED/[email protected] Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/INBOX.Trash/[From "Post Office" <[email protected]>][Date Sat, 28 Aug 2004 18:39:58 +0530]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/INBOX.Trash/[From [email protected]][Date Mon, 30 Aug 2004 08:11:48 -0500]/UNNAMED/text.exe Infected: Email-Worm.Win32.Mydoom.o
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/INBOX.Trash/[From [email protected]][Date Mon, 30 Aug 2004 08:11:48 -0500]/UNNAMED/[From [email protected]][Date Mon, 30 Aug 2004 19:03:14 -0500]/text/[From "Mail Administrator" <[email protected]>][Date Tue, 31 Aug 2004 10:00:18 +0530]/kunation.com.zip/kunation.com.html .com Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/INBOX.Trash/[From [email protected]][Date Mon, 30 Aug 2004 08:11:48 -0500]/UNNAMED/[From [email protected]][Date Mon, 30 Aug 2004 19:03:14 -0500]/text/[From "Mail Administrator" <[email protected]>][Date Tue, 31 Aug 2004 10:00:18 +0530]/kunation.com.zip Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/INBOX.Trash/[From [email protected]][Date Mon, 30 Aug 2004 08:11:48 -0500]/UNNAMED/[From [email protected]][Date Mon, 30 Aug 2004 19:03:14 -0500]/text Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/INBOX.Trash/[From [email protected]][Date Mon, 30 Aug 2004 08:11:48 -0500]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/INBOX.Trash/[From "Bounced mail" <[email protected]>][Date Tue, 31 Aug 2004 21:21:10 +0530]/UNNAMED/[email protected] Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/INBOX.Trash/[From "Bounced mail" <[email protected]>][Date Tue, 31 Aug 2004 21:21:10 +0530]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/INBOX.Trash/[From "MAILER-DAEMON" <[email protected]>][Date Thu, 2 Sep 2004 00:19:19 +0530]/UNNAMED/[email protected] Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/INBOX.Trash/[From "MAILER-DAEMON" <[email protected]>][Date Thu, 2 Sep 2004 00:19:19 +0530]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/INBOX.Trash Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 18:31:39 +0800]/Informations.zip/Informations.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 18:31:39 +0800]/Informations.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/Part-2.zip/Part-2.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/Part-2.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/Textfile.zip/Textfile.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/Textfile.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2 ... /Part-2.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED/[From ... /[From 0.3 NO_REAL_NAME From: does not include a real name][Date Thu, 1 Jul 2004 16:27:20 -0400]/Part-2.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun ... /Details.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED/[From autolearn=n ... /[From 0.9 FROM_ENDS_IN_NUMS From: ends in numbers][Date Thu, 1 Jul 2004 16:27: ... /Details.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED/[From aut ... /[From 0.3 ... /data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED/[From aut ... /[From 0.3 NO_REAL_NAME From: does not include a real name][Date Thu, 1 Jul 2004 16:41: ... /msg_kun.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED/[From aut ... /[From 0.3 NO_ ... /details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED/[From aut ... /[From 0.3 NO_REAL_NAME From: does not include a real name][Date Thu, 1 Jul 2004 16:42 ... /your_doc.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED/[From aut ... /[From 0.3 NO_REAL_NAME From: does not include a real name][Date Thu, 1 Jul 2004 16:42:01 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 ... /Informations.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED/[From aut ... /[From 0.3 NO_REAL_NAME From: does not include a real name][Date Thu, 1 Jul 2004 2 ... /Informations.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED/[From aut ... /[F ... /[From ... /document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED/[From aut ... /[F ... /[From 0.9 FROM_ENDS_IN_NUMS From: ends in numbers][Date Thu, 1 Jul 2004 20:23: ... /msg_kun.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED/[From aut ... /[F ... /[From 0.9 FROM_ENDS_IN_NUMS From: ends in numbers][Date Thu, 1 Jul 2004 20:23:31 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED/[From aut ... /[From 0.3 NO_REAL_NAME From: does not include a real name][Date Thu, 1 Jul 2004 20:08:14 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED/[From aut ... /[From 0.3 NO_R ... /document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED/[From aut ... /[From 0.3 NO_REAL_NAME From: does not include a real name][Date Thu, 1 Jul 2004 20:23:39 ... /text.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED/[From aut ... /[From 0.3 NO_REAL_NAME From: does not include a real name][Date Thu, 1 Jul 2004 20:23:39 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun ... /Textfile.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT) ... /[From 1.4 DNS_FROM_RFCI_DSN RBL: From: sender listed in dsn.rfc-ignorant.org][Date Fri, 2 Jul 2004 10:35 ... /Textfile.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT) ... /[From 1.4 DN ... /[From 0.3 ... /data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT) ... /[From 1.4 DN ... /[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 2 Jul 2004 ... /part_01_kunal.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT) ... /[From 1.4 DN ... /[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 2 Jul 2004 10:58:40 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT) ... /[From 1.4 DNS_FROM_RFCI_DSN RBL: From: sender listed in dsn.rfc-ignorant.org][Date Fri, 2 Jul 2004 10:35:18 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UN ... /[From 2.5 RCVD_IN_DYNABLO ... /data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UN ... /[From 2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address][Date Thu, 22 Jul 2004 13:18:27 -0400]/data.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED/[From aut ... /[From 0 ... /[From Elisabeth Brown <[email protected]>][Date Sat, 10 Jul 2004 10:32:56 +0800]/html Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNN ... /[From 2.5 RCVD_IN_DYNABLOCK ... /details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNN ... /[From 2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address][Date Thu, 22 Jul 2004 1 ... /document_all.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNN ... /[From 2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address][Date Thu, 22 Jul 2004 13:18:34 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNN ... /[From 2.5 RCVD_IN_DYNABLOCK ... /document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNN ... /[From 2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address][Date Fri, 23 Jul 2004 11:2 ... /msg_kunal.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNN ... /[From 2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address][Date Fri, 23 Jul 2004 11:26:48 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED/[From aut ... /[From 0.3 NO_REAL_NAME From: does not include a real name][Date Thu, 1 Jul 2004 16:41:59 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED/[From autolearn=n ... /[From 0.9 FROM_ENDS_IN_NUMS From: ends in numbers][Date Thu, 1 Jul 2004 16:27:22 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED/[From autolearn=no version=2.63][Date Sun, 27 Jun 2004 14:24:39 -0500]/text Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar/./mail/spam Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/moo/backup-kunation.com-12-4-2004.tar Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\moo\backup-kunation.com-12-4-2004.tar.gz Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 18:31:39 +0800]/Informations.zip/Informations.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 18:31:39 +0800]/Informations.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/Part-2.zip/Part-2.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/Part-2.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/Textfile.zip/Textfile.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/Textfile.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sa ... /Part-2.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNN ... /[From 0.3 NO_REAL_NAME From: does not include a real name][Date Thu, 1 Jul 2004 16:27:20 -0400]/Part-2.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date S ... /Details.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED/[From ... /[From 0.9 FROM_ENDS_IN_NUMS From: ends in numbers][Date Thu, 1 Jul 2004 16:27: ... /Details.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAME ... /[From 0.3 ... /data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAME ... /[From 0.3 NO_REAL_NAME From: does not include a real name][Date Thu, 1 Jul 2004 16:41: ... /msg_kun.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAME ... /[From 0.3 NO_ ... /details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAME ... /[From 0.3 NO_REAL_NAME From: does not include a real name][Date Thu, 1 Jul 2004 16:42 ... /your_doc.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAME ... /[From 0.3 NO_REAL_NAME From: does not include a real name][Date Thu, 1 Jul 2004 16:42:01 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][D ... /Informations.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAME ... /[From 0.3 NO_REAL_NAME From: does not include a real name][Date Thu, 1 Jul 2004 2 ... /Informations.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAME ... /[F ... /[From ... /document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAME ... /[F ... /[From 0.9 FROM_ENDS_IN_NUMS From: ends in numbers][Date Thu, 1 Jul 2004 20:23: ... /msg_kun.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAME ... /[F ... /[From 0.9 FROM_ENDS_IN_NUMS From: ends in numbers][Date Thu, 1 Jul 2004 20:23:31 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAME ... /[From 0.3 NO_REAL_NAME From: does not include a real name][Date Thu, 1 Jul 2004 20:08:14 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAME ... /[From 0.3 NO_R ... /document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAME ... /[From 0.3 NO_REAL_NAME From: does not include a real name][Date Thu, 1 Jul 2004 20:23:39 ... /text.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAME ... /[From 0.3 NO_REAL_NAME From: does not include a real name][Date Thu, 1 Jul 2004 20:23:39 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date ... /Textfile.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 ... /[From 1.4 DNS_FROM_RFCI_DSN RBL: From: sender listed in dsn.rfc-ignorant.org][Date Fri, 2 Jul 2004 10:35 ... /Textfile.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 ... /[From 1.4 DN ... /[From 0.3 ... /data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 ... /[From 1.4 DN ... /[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 2 Jul 2004 ... /part_01_kunal.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 ... /[From 1.4 DN ... /[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 2 Jul 2004 10:58:40 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 ... /[From 1.4 DNS_FROM_RFCI_DSN RBL: From: sender listed in dsn.rfc-ignorant.org][Date Fri, 2 Jul 2004 10:35:18 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -070 ... /[From 2.5 RCVD_IN_DYNABLO ... /data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -070 ... /[From 2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address][Date Thu, 22 Jul 2004 13:18:27 -0400]/data.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAME ... /[From 0 ... /[From Elisabeth Brown <[email protected]>][Date Sat, 10 Jul 2004 10:32:56 +0800]/html Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 ... /[From 2.5 RCVD_IN_DYNABLOCK ... /details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 ... /[From 2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address][Date Thu, 22 Jul 2004 1 ... /document_all.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 ... /[From 2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address][Date Thu, 22 Jul 2004 13:18:34 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 ... /[From 2.5 RCVD_IN_DYNABLOCK ... /document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 ... /[From 2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address][Date Fri, 23 Jul 2004 11:2 ... /msg_kunal.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 ... /[From 2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address][Date Fri, 23 Jul 2004 11:26:48 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAME ... /[From 0.3 NO_REAL_NAME From: does not include a real name][Date Thu, 1 Jul 2004 16:41:59 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED/[From ... /[From 0.9 FROM_ENDS_IN_NUMS From: ends in numbers][Date Thu, 1 Jul 2004 16:27:22 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED/[From autolearn=no version=2.63][Date Sun, 27 Jun 2004 14:24:39 -0500]/text Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED/[From autolearn=no][Date Sat, 26 Jun 2004 07:55:57 -0700 (PDT)]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:25 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar/./mail/spam Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-6-13-2005.tar Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-6-13-2005.tar Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-8-10-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-8-10-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 18:31:39 +0800]/Informations.zip/Informations.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-8-10-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-8-10-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 18:31:39 +0800]/Informations.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-8-10-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-8-10-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/Part-2.zip/Part-2.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-8-10-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-8-10-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:26 +0800]/UNNAMED/Part-2.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\Kunal\Desktop\New Folder (2)\backup-kunation.com-8-10-2004.tar.gz/C:/Documents and Settings/Kunal/Desktop/New Folder (2)/backup-kunation.com-8-10-2004.tar/./mail/spam/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Fri, 25 Jun 2004 22:19:2
  • 0

#4
Armodeluxe
Posted 22 October 2005 - 02:01 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
I've got bad news for you, your backup folders are infected with other worms, you will have to delete them. The originals on your site might be infected too, I can't know for sure.

Also empty the Norton quarantine folder, there's no reason to keep all those viruses.

Click Here[/url] to download Killbox by Option^Explicit.
*Double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\oo.exe
C:\Program Files\MsMovies\MsMovies.exe
C:\Program Files\MsMovies\p.zip/Video.exe
C:\Program Files\MsMovies\p.zip
C:\Program Files\MsMovies\v.tmp
C:\WINDOWS\system32\winlogi.exe
C:\WINDOWS\system32\ab.exe
C:\WINDOWS\system32\win.exe
C:\WINDOWS\system32\scvhost.exe
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\msconfig.com

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" at the Do you want to reboot prompt.

After the reboot run HijackThis again. Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O4 - HKLM\..\Run: [ms-update] scvhost.exe

Close HiJackThis. If you get any prompts from Microsoft Antispyware, allow the changes.

Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Then delete these folders:

C:\Program Files\MsMovies
C:\Documents and Settings\Kunal\Complete

Reboot once more and post the resulting HijackThis log.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP