Worm.Win32.Netsky Advanced Problems
Hi,
I have somehow managed to catch the "Worm.Win32.Netsky" virus/spyware on my computer. I have searched the internet and have found lots of forum enties about it but have had no luck.
PROBLEM:
When I first login to my user account on my computer I am shown the following error message:
Security alert
Security Warning!
Worm.Win32.Netsky detected on your machine.
This virus is distributed via the Internet through email and Active-x
objects.
The worm has its own smtp engine which means it gathers
emails from your local computer and re-distributes itself.
In worst cases this worm can allow attachers to access your
computer, stealing passwords and personal data.
Viruses can damage your confidential data and work on your
computer.
Continue working in unprotected mode is very dangerous.
Type: Virus
System affected: Windows 2000, NT, ME, XP, Vista, 7
Secutiry Risk (0-5): 5
Recommendation: It is necessary to perform a system scan.
What else?
My desktop background changes to a plan blue or green colour with a large message in the middle saying "WARNING! Your computer is infected! You must run a spyware scan immediately".
In the bottom right hand corner next to my clock, a red circle with a large X in the middle is displayed which regularly "pops-up" reminding me of the issue and that i need to run a spyware scan - if i "click here" on the bubble, it takes me to a dodgy website to pay a fortune for anti-spyware software.
Solutions that I have tried and their outcomes:
1. Run an Anti-Virus scan
- Following a complete virus and spyware scan on my computer (about three hours!) it found nothing at all.
2. Run your system in Safe Mode
- Tried that one but it won't let me. When I select Safe Mode it comes up with a blue message saying that the computer had been shut down due to an error and I needed to try again. If the problem persists, run computer in safe mode. It then restarts and gives me the menu "You have not shut down your computer properly....." and it gives the options for continuing: start windows normally, start in safe mode, load last good configuration.
3. Try a System Restore
- When I click on the System Restore icon I am given an error message saying "System Restore has been disabled by Group Policy. To enable System Restore, contact your system administrator." - I am the system administrator!!
4. Go into Group Policy (Run > GPEDIT.MSC)
- Comes up with error message saying that the requested file cannot be found.
5. Go into Registry Editor (Run > regedit.exe)
- Have deleted "DisableSR" and "DisableSystemRestore" in appropriate place but when I click on System Restore Icon again, same message appears. When I go back into Registry Editor they are back again ("DisableSR" and "DisableSystemRestore").
6. Delete Temporary Files
- Deleted all temporary files from C:\Windows\Temp & C:\Documents and Settings\(USERNAME)\Local Settings\Temp. Restarted and didn't work.
7. Download "Fix it" software from various forums
- None removed it, uninstalled when unsuccessful.
8. Create a new user account and delete the affected one.
- Didn't work, just happened on new account too.
ADDITIONAL NOTES
Whenever I try to select something in the Control Panel, Notepad opens with a load of "gobble-de-gook".
I can access Command Prompt but the things that have been suggested to type in haven't worked either.
I have also had error messages for the following (don't know if that has anything to do with it?): "lsass.exe", "servicelayer.exe", and "ctfmon.exe"
I'm at my wits end! Please help if you can suggest any other ideas!!
Thank you!
I have somehow managed to catch the "Worm.Win32.Netsky" virus/spyware on my computer. I have searched the internet and have found lots of forum enties about it but have had no luck.
PROBLEM:
When I first login to my user account on my computer I am shown the following error message:
Security alert
Security Warning!
Worm.Win32.Netsky detected on your machine.
This virus is distributed via the Internet through email and Active-x
objects.
The worm has its own smtp engine which means it gathers
emails from your local computer and re-distributes itself.
In worst cases this worm can allow attachers to access your
computer, stealing passwords and personal data.
Viruses can damage your confidential data and work on your
computer.
Continue working in unprotected mode is very dangerous.
Type: Virus
System affected: Windows 2000, NT, ME, XP, Vista, 7
Secutiry Risk (0-5): 5
Recommendation: It is necessary to perform a system scan.
What else?
My desktop background changes to a plan blue or green colour with a large message in the middle saying "WARNING! Your computer is infected! You must run a spyware scan immediately".
In the bottom right hand corner next to my clock, a red circle with a large X in the middle is displayed which regularly "pops-up" reminding me of the issue and that i need to run a spyware scan - if i "click here" on the bubble, it takes me to a dodgy website to pay a fortune for anti-spyware software.
Solutions that I have tried and their outcomes:
1. Run an Anti-Virus scan
- Following a complete virus and spyware scan on my computer (about three hours!) it found nothing at all.
2. Run your system in Safe Mode
- Tried that one but it won't let me. When I select Safe Mode it comes up with a blue message saying that the computer had been shut down due to an error and I needed to try again. If the problem persists, run computer in safe mode. It then restarts and gives me the menu "You have not shut down your computer properly....." and it gives the options for continuing: start windows normally, start in safe mode, load last good configuration.
3. Try a System Restore
- When I click on the System Restore icon I am given an error message saying "System Restore has been disabled by Group Policy. To enable System Restore, contact your system administrator." - I am the system administrator!!
4. Go into Group Policy (Run > GPEDIT.MSC)
- Comes up with error message saying that the requested file cannot be found.
5. Go into Registry Editor (Run > regedit.exe)
- Have deleted "DisableSR" and "DisableSystemRestore" in appropriate place but when I click on System Restore Icon again, same message appears. When I go back into Registry Editor they are back again ("DisableSR" and "DisableSystemRestore").
6. Delete Temporary Files
- Deleted all temporary files from C:\Windows\Temp & C:\Documents and Settings\(USERNAME)\Local Settings\Temp. Restarted and didn't work.
7. Download "Fix it" software from various forums
- None removed it, uninstalled when unsuccessful.
8. Create a new user account and delete the affected one.
- Didn't work, just happened on new account too.
ADDITIONAL NOTES
Whenever I try to select something in the Control Panel, Notepad opens with a load of "gobble-de-gook".
I can access Command Prompt but the things that have been suggested to type in haven't worked either.
I have also had error messages for the following (don't know if that has anything to do with it?): "lsass.exe", "servicelayer.exe", and "ctfmon.exe"
I'm at my wits end! Please help if you can suggest any other ideas!!Thank you!
0
This discussion has been closed.
Comments
My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.
Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
Somethings to remember while we are working together.
1.Please do not run any other tool untill instructed to do so!
2.Please reply to this thread, do not start another!
3.Please tell me about any problems that have occurred during the fix.
4.Please tell me of any other symptoms you may be having as these can help also.
5.Please try as much as possible not to run anything while executing a fix.
If you follow these instructions, everything should go smoothly.
I would like to get a better look at your system, please do the following so I can get some more detailed logs
Download DDS
Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop
Link1
Link2
Link3
Please disable any anti-malware program that will block scripts from running before running DDS.
GMER:
Download GMER Rootkit Scanner from here or here.
- In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
:information and logs:
In your next post I need the following
1.logs from DDS 2.log from GMER 3.let me know of any problems you may have had
Gringo
three day bump
It has been Three days since my last post.
Gringo
If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.
If you are not the user who started this thread, you must start your own Thread instead