NETSKY.H loose

Discussion in 'NOD32 version 2 Forum' started by tempnexus, Mar 5, 2004.

Thread Status:
Not open for further replies.
  1. tempnexus

    tempnexus Registered Member

    Apr 16, 2003
    NetSky.H worm doesn't copy its files to shared folders.

    Installation to system

    When run, the worm installs itself to system. It copies its file to Windows folder as MAJA.EXE and creates a startup key for this file in System Registry:

    "Antivirus" = "%windir%\maja.exe -antivirus service"

    where %windir% represents Windows directory.

    The worm creates a mutex named "MI[]SystemsMutex" to avoid running more than one instance of itself.

    Spreading in e-mails

    NetSky.H worm has its own SMTP engine that it uses to send emails with infected attachments to all found e-mail addresses. The worm uses different subjects, message body texts and attachment names in its e-mails.
  2. Stan999

    Stan999 Registered Member

    Sep 27, 2002
    Fort Worth, TX USA
    Good to see NOD has it covered.

    NOD32 - v.1.654 (20040305)

    Received here US CST (GMT -06:00).

    Time   Module   Event   User
    3/5/2004 11:36:16 AM   Kernel   The virus signature database has been updated successfully to version 1.654 (20040305).   
Thread Status:
Not open for further replies.