Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32.Netsky.Q popup with enable protection prompt

Started by VSharma , Dec 14 2008 05:49 AM

  • Please log in to reply

#1
VSharma
Posted 14 December 2008 - 05:49 AM

VSharma

    New Member

  • Member
  • Pip
  • 2 posts
Hi

I am new to this forum and website too. I am getting the similar popup mentioned in the forum below except the virus name is Win32.Netsky.Q

http://www.geekstogo...-Q-t220644.html.

I am copying the description from that forum link and modifying the name

-------------------------
There is a pop up message saying "Security Center Alert"
To help protect your computer , Windows Firewall has blocked activity of harmful software.
Then there is a line seperation_______________
Then it says:Do You want to block this suspicious Software?
Name: Win32.Netsky.Q
Risk Level: High
Description: Win32.Netsky.Q is a Trojan program that records keystrokes and takes screen shots of the computer. Stealing personal financial Information.
Then it gives you three buttons to click on:
"Keep Blocking"(which is grayed out and you can't click on it anyway)
"Unblock" (which is also grayed out and you can't click on it)
"Enable Protection"()
Now back to the pop up...underneath the "buttons" it says the following:
Windows Firewall has detected unauthorized activity, but unfortunately it can not help you remove viruses. Keyloggers and other spyware threats that steal your personal information from your computer.
Next is an underlined link, it says:

--------------------

I was trying to download some free ebook in pdf format and it rebooted my machine. I have disabled the internet connection (through wireless switch ) on that machine.

I have not clicked on that enable protection button yet. If i right click on the running application in task manager while that popup is showing up and choose go to process it goes to 'RealMon.exe'.

Can somebody provide me some manual removal instructions ? I am scared to start internet connection on that computer or run virus removal tools as that is my office computer.

Thanks,
Vikas
  • 0

Advertisements

#2
VSharma
Posted 14 December 2008 - 08:32 AM

VSharma

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Somehow the previous post got truncated. Now editing the same post.
Here are the steps i did to remove the Win32.nesky.Q

Did a search for all the files created on the day the machine got infected including search in system and hidden folders.

1.
Deleted following files under various

C:\Documents and Settings\YOURUSERNAME\Application Data
folders

rasim.exe ,sinashi.exe,xerks.exe,manol.exe,netsk.exe,kernell32.dll,
gdi32.dll, mjkdpl.dll,

fhexj68259.exe.

2.
Deleted syshost.exe from
C:\Windows\System32\drivers
and removed the
registry key for it
under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

I had to reboot my computer in SAFE MODE as otherwsie I was not able to delete some of the files.


Please advice if i am still missing something.

That dialog box is NOT showing up now but I haven't started internet access on that machine yet. I will wait for some response before start using that computer in case i am still missing something.

Thanks,
Vikas

Edited by VSharma, 14 December 2008 - 05:00 PM.
removed malware advice

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP