worm.win32.netsky detected on your machine. This virus is distributed via the internet through email and active-x objects

Posted on 2008-01-30
Medium Priority
Last Modified: 2013-12-09
My PC dislpays a security warning message worm.win32.netsky has been detected on your machine.  I have an up to date virus protection through norton, have gone to symantec.com for virus removal downloads
with no good results.  
Question by:tcox001

Expert Comment

ID: 20781773
What antivirus product are you using (might be a false positive)?

When you are using viral removal tools, always do from Safe Mode and disable System Restore.
LVL 20

Expert Comment

ID: 20781841
It may be Smitfraud, or one of the other "popular" malware variants around right now. Or like gambit 642 mentioned a FP.

It would help if we could see what was going on with your computer. I suggest that you download, run, and upload a HijackThis log from the link below.


Click on "Do a system scan and save a log file" button. Post the text from the log file. Do not have HJT fix anything at this point.

Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.

Author Comment

ID: 20782218
additional symptoms are: homepage has been redirected to spyware type of sight,  spyware protection icons added to desktop,flashing red circle with white x in system tray.
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

LVL 20

Accepted Solution

IndiGenus earned 252 total points
ID: 20782424
Pretty much definitely Smitfraud.

Download SmitfraudFix (by S!Ri) to your Desktop.


Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

Double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

Post the Smitfraudfix log and a new HJT log.

Expert Comment

ID: 20782487
LOL, its an FP to get you to buy anti-virus software.

I noticed "elfwgps.dll" in your posted log

Read here:
LVL 47

Assisted Solution

rpggamergirl earned 248 total points
ID: 20783979
O21 - SSODL: bqxomdo - {46899515-201A-4B24-89F9-24A5A7B9FC12} - C:\WINDOWS\bqxomdo.dll
The above is an SDBot/IRCBot which SDFix should take care of.

Download SDFix and save it to your desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.

*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
*  Finally open the SDFix folder on your desktop and copy and paste the contents of the results file "Report.txt" back

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
If you are like me and like multiple layers of protection, read on!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question