NETSKY.H loose

Discussion in 'NOD32 version 2 Forum' started by tempnexus, Mar 5, 2004.

Thread Status:
Not open for further replies.
  1. tempnexus

    tempnexus Registered Member

    Joined:
    Apr 16, 2003
    Posts:
    280
    NetSky.H worm doesn't copy its files to shared folders.


    Installation to system

    When run, the worm installs itself to system. It copies its file to Windows folder as MAJA.EXE and creates a startup key for this file in System Registry:


    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus" = "%windir%\maja.exe -antivirus service"

    where %windir% represents Windows directory.

    The worm creates a mutex named "MI[SkyNet.cz]SystemsMutex" to avoid running more than one instance of itself.


    Spreading in e-mails

    NetSky.H worm has its own SMTP engine that it uses to send emails with infected attachments to all found e-mail addresses. The worm uses different subjects, message body texts and attachment names in its e-mails.
     
    tempnexus, Mar 5, 2004
    #1
  2. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    Good to see NOD has it covered.

    http://www.nod32.com/scriptless/support/info.htm

    NOD32 - v.1.654 (20040305)
    Win32/Netsky.H

    Received here US CST (GMT -06:00).

    Time   Module   Event   User
    3/5/2004 11:36:16 AM   Kernel   The virus signature database has been updated successfully to version 1.654 (20040305).   
     
    Stan999, Mar 5, 2004
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...