W32/NetSky.b@mm

Discussion in 'malware problems & news' started by rudders, Mar 21, 2004.

Thread Status:
Not open for further replies.
  1. rudders

    rudders Registered Member

    Joined:
    Mar 1, 2004
    Posts:
    10
    oh Gawd , i don`t know where to start - "at the beginning you fool" , i hear you cry :p ok then <you sitting comfortably> then i shall begin

    Tried to set-up a web-site (a free one) McAfee comes up with warning W32/NetSky.b@mm - i click delete (like any normal person would) no problem for the rest of the time on my pc that night .... Next morning i think - i know , i`ll run my Trojan "hunt & destroy" thingy majig :p 93% of my PC Scanned , no problems found but it crashes (deep joy) so i reboot , gets to the final bit of loading-up - McAfee comes up with warning i had the previous night - so i finks "i`ve got nowt on for the next couple of hours , i`ll do a Full Scan" less than a minute in it`s finding this trojan ( NetSky) it sempt to be associated with every god`damn file - i`m clicking the delete button like a Good`un at this point .... it crashes "flippin eck" i say . I reboot AGAIN ! , same bloody Virus Warning keeps coming up ........" I Know" i sez to meslf, i`ll go on the web and come on here for help - i clicks on the Explorer short-cut button , nothing ... sweet F A ! :mad: ...... to cut a very long & boring story short , i get the W32/NetSky Problem sorted ( i think) PC is still playing up tho - various short-cut keys aint working , PC Crashes Again , i reboot AGAIN ! ...... new problem appears , once it`s fully rebooted and i`ve clicked out of Safe Mode , CorrectConnect has disappeared from Start-up, only to be replaced by Golden Palace.Com "what in the name of sweet jesus is THAT" i sez . so i trawls through my pc in the usual places. looking . Add/Remove Programmes being the first port of Call , two progs in their that i knew nothing about , Golden Casino & CasProg - the latter one of the two being the crux of my problems i`m thinking . Golden Casino .. Remove ... Gone (phew) CasProg ... Remove .. Dos Box appears for bout 1/2sec goes way ....... CasProg still their (bugger) . PC still running like a pig , still can`t get onto the net via usual methods , and everytime i either have to reboot or start my pc this Golden Palace .Com thing loads-up

    Rudders , in serious need of some help :'(
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    rudders,

    I'll take it you disabled System Restore before cleaning up?

    Anyway, please follow these instructions and post results in the same sub forum.

    regards.

    paul
     
  3. rudders

    rudders Registered Member

    Joined:
    Mar 1, 2004
    Posts:
    10
    I'll take it you disabled System Restore before cleaning up?

    i did indeed, sir

    i`m having trouble with links , everytime i click on them my pc freezes up :'(
     
  4. rudders

    rudders Registered Member

    Joined:
    Mar 1, 2004
    Posts:
    10
    Virtually all sorted now , just need to get-rid of CasProg from my add/remove Programmes bit now - Add-aware stopped enough from it loading-up on reboots , but as i said earlier , that CasProg thing still needs sorting .. think i have all the info on how do it (famous last bloody words :p )

    Cheers , Rudders
     
  5. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi rudders :)

    U could always follow the instructions here,

    http://www.wilderssecurity.com/showthread.php?t=15913

    then one of the HijackThis experts will advise u on removing any remaining malware from your system.


    snowbound
     
  6. rudders

    rudders Registered Member

    Joined:
    Mar 1, 2004
    Posts:
    10
    yeah , done all that matey , but CasProg still sits in my Add/Remove Programme thing :doubt:

    followed all the instructions from This Site but to no avail :'( still need to remove c:\windows\system32\uninst_cp.exe .. How would i go about that then :rolleyes:
     
  7. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    rudders,

    No such thread under your name shows up over there?

    regards.

    paul
     
  8. rudders

    rudders Registered Member

    Joined:
    Mar 1, 2004
    Posts:
    10
    over where , Paul . You`ve totally lost me bud :doubt:
     
  9. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Posting a HJT log, as recommended in my first reply above (click the link!) ;)

    regards.

    paul
     
  10. rudders

    rudders Registered Member

    Joined:
    Mar 1, 2004
    Posts:
    10
    ahhh , i`m with you chap :D

    thing is , got all bloody excited when Add-ware got rid of the bulk of the problem , i forgot :oops: .. d`you want me to post it here ? the Hijack thing i mean :rolleyes:
     
  11. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    rudders,

    In case you still encounter problems and want one of the specialists having a look at it, possibly helping you out: by all means. Please post over in the "Adware...etc" forum.

    regards.

    paul
     
  12. JCooke

    JCooke Guest

    I just went through my MSCONFIG and disabled a bunch of crap i didnt see before. After i rebooted, it popped up a CMD window running C:\WINDOWS\SYSTEM32\cp_uninstall.exe or something like that (im not certain on the exact filename). It then said "CasProg successfully removed". I had no clue what that was, so i searched on google and found this thread. I also had the same thing with that golden palace stuff but as you said, Add/Remove gets rid of it. Anyways, so far so good. That CasProg crap is gone as far as i know. Hopefully this helps :)

    Regards,
    Jon Cooke
     
Thread Status:
Not open for further replies.