Plzzzzzzzzzzzzzz.Helpppppp

Discussion in 'malware problems & news' started by zantosx, Dec 13, 2008.

Thread Status:
Not open for further replies.
  1. zantosx

    zantosx Registered Member

    Joined:
    Jul 13, 2008
    Posts:
    34
    Last edited: Dec 13, 2008
  2. showtime33

    showtime33 Registered Member

    Joined:
    Jun 23, 2006
    Posts:
    26
    Did you try this..??...found on antivirus.about.com

    Netsky.Q copies itself to the Windows directory as SysMonXP.exe and modifies the HKLM...\run key in order to launch when Windows is restarted:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    SysMonXP = "C:\Windows\SysMonXP.exe"

    Netsky.Q email characteristics

    Subject:

    Deliver Mail
    Delivered Message
    Delivery
    Delivery Bot
    Delivery Error
    Delivery Failed
    Delivery Failure
    Error
    Failed
    Failure
    Mail Delivery failure
    Mail Delivery System
    Mail System
    Server Error
    Status
    Unknown Exception

    First part of body:

    Delivery Agent - Translation failed
    Delivery Failure - Invalid mail specification
    Mail Delivery - This mail couldn't be displayed
    Mail Delivery Error - This mail contains unicode characters
    Mail Delivery Failed - This mail couldn't be represented
    Mail Delivery Failure - This mail couldn't be shown.
    Mail Delivery System - This mail contains binary characters
    Mail Transaction Failed - This mail couldn't be converted

    Second part of body:

    Note: Received message has been sent as a binary file.
    Modified message has been sent as a binary attachment.
    Received message has been sent as an encoded attachment.
    Translated message has been attached.
    Message has been sent as a binary attachment.
    Received message has been attached.
    Partial message is available and has been sent as a binary attachment.
    The message has been sent as a binary attachment.

    Attachment name:

    data
    mail
    msg
    message

    The email attachment name will be followed by random numbers, and will have one of the following extensions: exe, pif, scr, or zip.

    Removing the worm As with any infection, the best removal can be accomplished using up-to-date antivirus software. To manually remove Netsky.Q, use the Windows Task Manager to stop the SysMonXP process, delete the value:

    SysMonXP = "C:\Windows\SysMonXP.exe"

    from the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    and delete SysMonXP.exe from the Windows directory
     
  3. zantosx

    zantosx Registered Member

    Joined:
    Jul 13, 2008
    Posts:
    34
    Okay i searched but i can;t find SysMonXP anyhwere
     
  4. Jaki

    Jaki Guest

    Look what anti-malware application are you running?

    My advice to you is to run both Malwarebytes anti-malware and SuperAnti-Spyware and perform a full scan. In addition to that, also run Avira free as well as PC tools free antivirus.

    Now if these actions fail try to download Avast free and perform a full "boot scan" after updating the program and its virus database. If by a very remote chance your problem is still not solved grab your rescue CD or DVD and re-install windows :D .

    After re-installing windows, if you choose to, try to run your browser inside a sandbox like sandboxie, please :mad: . By the way the website where you upload your image (Screenshot) was not a drive-by download right? :ouch:

    Peace.
     
  5. zantosx

    zantosx Registered Member

    Joined:
    Jul 13, 2008
    Posts:
    34

    wat do u mean drive-by dowlonad and i already did scan wid MBAm still no scuuess
     
  6. Jaki

    Jaki Guest

    One more thing

    All the apps that I told you to use can handle netsky with no problem. However based upon your screenshot I think that you are using NOD32, to me at least, NOD32 is a joke. A hard drive could scream bloody murder against a malware and NOD32 would not be able to do s**t :p. Get rid of NOD32 first and install a good software that can really protect you.

    Tell you what, get a good firewall like Outpost firewall or Comodo firewall with D+ and a good antivirus like the ones that mentioned in my previous post to you and have peace of mind with sandboxie.


    Peace.
     
  7. zantosx

    zantosx Registered Member

    Joined:
    Jul 13, 2008
    Posts:
    34
    WTh nod 32 ain't good...wow jus tell me the wuick solution to end this ...first:doubt:
     
  8. Jaki

    Jaki Guest

  9. zantosx

    zantosx Registered Member

    Joined:
    Jul 13, 2008
    Posts:
    34
  10. Jaki

    Jaki Guest

    I just did but I guess you won't listen. What about Avira, Avast, PCtolls free, by the way you could also install a free trial of f-secure or DrWeb Cure It you could download Drweb Cure It at: http://www.freedrweb.com/

    Try also Avira rescue CD that could be downloaded at:

    http://www.avira.com/en/company_news/rescue_cd_.html

    Try F-secure rescue CD at:

    http://www.f-secure.com/linux-weblog/2008/06/19/f-secure-rescue-cd-300-released/

    Man get busy action man, action. Stop arguing :mad: and start the war with Netsky and WIN.

    Peace.
     
  11. Jaki

    Jaki Guest

    Well then good luck to ya, see ya.

    Peace. :cool:
     
  12. zantosx

    zantosx Registered Member

    Joined:
    Jul 13, 2008
    Posts:
    34

    i will try that man..hope it will work::ouch: .............
     
  13. Jaki

    Jaki Guest

    What you could do also is to run your scans in safe mode. Also try kaspersky rescue Disk at:

    http://www.raymond.cc/blog/archives...sk-to-clean-virus-without-booting-in-windows/

    Another strategy is to locate the malware file and load it in virustotal for a scan. The result of such a scan will show all the available anti-virus programs that can detect the file and clean it hopefully. Who knows NOD32 could be one of them :argh: , but I doubt it, of course. I hate NOD32, I used it before thinking it was good. And all the vundo family as well as their friends were laughing at me. :D

    Peace.
     
  14. zantosx

    zantosx Registered Member

    Joined:
    Jul 13, 2008
    Posts:
    34
    okay will try that but wats vundo familyyyy:blink:
     
  15. Jaki

    Jaki Guest

  16. Jaki

    Jaki Guest

    Hi Zantosx

    Based upon your screenshot I think you are infected by the win32.netsky.q. It is an e-mail worm that has been around since 2004. You probably got a tough variant. If not most anti-virus programs will be able to handle it. Please check this out:

    From Computer Associates (CA)
    1) http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=38727

    From Kaspersky
    2) http://www.viruslist.com/en/viruses/encyclopedia?virusid=22760

    From Microsoft
    3) All the netsky's family variants
    http://www.microsoft.com/security/portal/SearchResults.aspx?query=win32.netsky.q

    Microsoft also provides a detailed manual step by step instruction with respect to how to remove the worm.
    http://www.microsoft.com/security/portal/Entry.aspx?Name=Worm:Win32/Netsky.Q@mm

    Look further NOD32 claims they can handle your worm :argh:
    Behold: http://www.virus-radar.com/stat_01_current/virus_0002_enu.html


    Beside even clam av can handle it. There is a portable version of ClamAV located at:
    http://portableapps.com/apps/utilities/clamwin_portable

    Spyware Terminator also can handle it since it has the ClamAV engine:
    http://www.spywareterminator.com/item/18067/Email--WormNetSkyq.html


    Peace and my job is done. I have helped you as far as I possibly can.
     
    Last edited by a moderator: Dec 13, 2008
  17. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,912
    Location:
    U.S.A.
    zantosx, looks like you are a similar situation as in your previous post Serious Virus problem and snowbound already gave you this link to seek further help there. I advise you to follow snowbound's suggestion.
     
  18. zantosx

    zantosx Registered Member

    Joined:
    Jul 13, 2008
    Posts:
    34

    um no this is differen problem.. i already tired that but its not working.....i did scan but can't anything...............o_O
     
  19. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    From the picture you showed, it is not Netsky.
    Looks like a Trojan Antivirus.
    Firewalls do not alert on specific infection types.
    From what I am reading at this forum, it is becoming more difficult to remove.

    Remove-Malware.com is a poster here. He uses many of the programs recomended to you in safe mode to clean peoples computers.

    If the safe mode method isn't working try a live rescue cd, Avira, Dr. Web, Bitdefender to name a few.

    If this doesn't work, then it may be a new strain with no signiture or an anoyance program which is not a virus/trojan.

    If after regular mode scan, safe mode scan, alternate OS/live cd scan and still having issues; You will have to seek help at a forum that allows log posting for malware issues. Wilders does not allow HJT logs. If you post a log the Mods/admins will remove it or post why and where to get help and close the thread.

    You can post HiJackThis logs at this forum for help-->http://www.castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html
    While waiting for help you can follow their Malware Removal and Prevention

    Their are other forums helping in malware issues, Geeks to go, Bleeping Computer, Gladiator Security Forum
    Many times the prevention is much easier than the cure. (stolen from somebody's sig)

    In the future, you should have a disaster recovery software like Paragon Drive Backup Express(free), Rollback RX, EAZFix, preferably from a clean uninfected install.
    Maybe try surfing in a virtual environment when connected like Returnil, SandboxIE, DeepFreeze, VMWare Player+VMWare Converter, or Virtualbox.
    This allows you to revert to a previous uninfected state if you get into trouble.

    Good luck and I hope you get this resolved.
     
  20. zantosx

    zantosx Registered Member

    Joined:
    Jul 13, 2008
    Posts:
    34
    Thanks a lot..i will do it as u say when i wake up mornin tomrrow u people are best 2 reply fast and help me

    karama for u all :)
     
  21. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Did this happen directly after the clean up of last infection over at Gladiators or have u gone and got your system infected once again? I hope it's not the latter.

    http://gladiator-antivirus.com/forum/index.php?showtopic=80945

    My advice would be to continue over there in the above thread(yours) for further help.



    snowbound
     
  22. raakii

    raakii Registered Member

    Joined:
    Sep 1, 2008
    Posts:
    593
    I doubt that u are using the infection prone internet explorer ?are u using ie?

    And the major problem with computer users is that they dont use softwares to revert to a clean state.
     
Thread Status:
Not open for further replies.