netsky.p

Discussion in 'WormGuard' started by jimsbairn, May 24, 2004.

Thread Status:
Not open for further replies.
  1. jimsbairn

    jimsbairn Registered Member

    Joined:
    May 24, 2004
    Posts:
    3
    Was just referred to yoru forum from TechGuy. For the first time I find there is the above worm in my computer. Problem is I dont know what that means or how to rectify it. Antivir states that the infected files ( in archives) will not be either deleted or repaired.
    How do I find out what files are infected?
    My computer has repeatedly blacked out today or given that "fatal error" page. Need help! NOt very savvy on these things.
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hello Jim and welcome!
    As Antivir says they are in archives, chances the nasty is not alive and running yet but more or less "safe" for the moment.
    Did Antivir also tell you in which files they are? The stuff can come in many ways on your system, even embedded in emails without attachments, and Netsky can come in other ways too.
    Hence the need of a good firewall.
    But now there are a few things to do and to know:

    Which windows version do you run? XP?
    And besides Antivir, which other security do you have, which firewall, do you have WormGuard and / or TDS installed?
    I need a few things at the same time in fact
    Need to know about the Antivir alarms, which files and exactly where they are on your system.

    I don't want you to reboot as little as possible till we're sure it's ok.
    If you have TDS installed already you could do a full system scan with that with the latest updates.
    But if you don't have TDS installed yet, wait a moment with that, as you would have to reboot after installing before you can use it properly.
    Same with WormGuard. WormGuard will block lots of nasties and scripts to avoid them executing, TDS in the full registered version has a same kind of blocking, be it on other files.
    So if you can tell about these finds and your system, we go from there.
    Further to be sure if no other damage has been done and nothing illegally has installed on your system, i would like you to make a HijackThis log.
    https://www.wilderssecurity.com/showthread.php?t=15913
    It's explained in Step 2 in this posting.

    If we're sure there is nothing hiding in the startup and if necessary you're cleansed, you could get the free evaluation version of TDS from the site www.diamondcs.com.au - install it, get back to the site to get the latest update for the radius (definitions) and just drop that file in the TDS directory, reboot if you didn't do already after installing TDS, start TDS, and let it do a complete full system scan with all scan options checked, while you close as many other unnecessary programs at the time and find yourself something to do off the PC for a while as it takes some time.
    Very important is during such a scan all other anti-virus/anti-trojan programs are closed (WormGuard is not necessary, but your Antivir and others yes please) so TDS can get to every file there is.
    At the end, in the bottom console you might get alarms. with the mouse rightclick on one of the alarma, choose "save to text" after which you'll get the scandump.txt opening for you, which text you can add to your next posting.
    Even if all the other things from where Antivir found them and a clean HijackThis log i still would like you to take all these steps to be absolutely sure you're as clean as brand new!
    There might be nothing wrong yet, and that's how it should stay!

    Looking forward to your next postings!
     
  3. jimsbairn

    jimsbairn Registered Member

    Joined:
    May 24, 2004
    Posts:
    3
    Ah, Jooske: If you only knew how many times I have had to reboot already, you would weep! :)
    I do know my computer was clean yesterday because I ran antivir, the cleaner and skybot and all came out ok.
    I have windows 98se and my son has windows xp. We have it on an inhome network and we also have an exterior firewall Linksys 2.4 GHz. I do not know what TDS is, please enlighten me.
    My husband joined a neighbourhood group in the last week and I have received a lot of emails from them. Dont know for sure but I think they may be the culprit.
     
  4. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, jimsbairn

    TDS is an Anti-Trojan hunter and Stopper made by DiamondCS [and will also stop some specific worms, trojan dialers and lots more]

    You can go to their home page Here:- DiamondCS Products Home Page

    Mass of Infomation on TDS Fourum.
    DiamondCS TDS Forum Here:- DiamondCS TDS Forum


    Hope this is of some help.
    TheQuest :cool:
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSKY.P
    A good description and removal instruction here.
    The thing can come in via email, among others or maybe with downloaded files. Is the other system clean, so is it only taking place on your own system?

    I'd suggest you download TDS (Trojan Defence Suite) as described above. Since you rebooted so many times already no problem anymore, after installing back to the page to get the latest radius update which file you just download and drop into the TDS directory, reboot if you hadn't done so after the install and start TDS.
    Let it do it's initial tests.
    Now see System Test > Scan Control, check there all the scan options (NTFS will not be possible for your W98 system, but it might accept it for other drives in the network, not sure); leave that control open for a moment and in the upper left TDS > Edit Files > Scans > Fulls System Scan.txt you might like something like this
    System Files CRC32
    Live Process Files
    Live Process Memory Space
    Memory Objects
    Memory Mutexes
    Registry & File Traces
    Services & Drivers (NT\2K)
    Scan All Logical Drives

    (look in the list in the scan control for the exact names, this is why i had you keeping it open for a moment :) ) This list above works for me, so you can add the lines you miss in your file.
    This will scan the whole network if possible including the drives on your son's system if you can get access to that, not his system's memory though: for that he needs it installed on his own system too.
    You've 30 days to test it out if you like it and to protect you (if you go back daily to the site for a new radius update, drop it in, restart TDS)

    Now before you press the menu option for the Full system Scan i really must ask you to close your other anti-virus scanners completely, also their resident protection etc., so TDS has full access to all files.
    Also other unnecessary programs and browsers just close them to give TDS all bandwidth to speed up the scanning process. Now step away from your computer to do something nice, walk the dog, go to sleep, cook a dinner, whatever as it can take a while.
    When it's ready in the bottom console you might get alerts for infections, suspicious files, double extensions, positive alerts, etc.
    Now please keep that window up, with your mouse rightclick on one of the finds, a little menu pops up where you choose for "save to text file" which is named Scandump.txt in your TDS directory.
    You will get this on screen, a normal notepad text it is; i would like you to copy all that text and paste it in your next posting for us to look with you and advice you further.

    The black screens -- is that because of errors, or maybe the system could need more memory? Doesn't the screen come back after waiting a few seconds?
     
Thread Status:
Not open for further replies.