worm.win32.netsky detected on your machine. This virus is distributed via the internet through email and active-x objects

My PC dislpays a security warning message worm.win32.netsky has been detected on your machine.  I have an up to date virus protection through norton, have gone to symantec.com for virus removal downloads
with no good results.  
tcox001Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gambit_642Commented:
What antivirus product are you using (might be a false positive)?

When you are using viral removal tools, always do from Safe Mode and disable System Restore.
0
IndiGenusCommented:
It may be Smitfraud, or one of the other "popular" malware variants around right now. Or like gambit 642 mentioned a FP.

It would help if we could see what was going on with your computer. I suggest that you download, run, and upload a HijackThis log from the link below.

http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php

Click on "Do a system scan and save a log file" button. Post the text from the log file. Do not have HJT fix anything at this point.

Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.
0
tcox001Author Commented:
additional symptoms are: homepage has been redirected to spyware type of sight,  spyware protection icons added to desktop,flashing red circle with white x in system tray.
hijackthis.log
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

IndiGenusCommented:
Pretty much definitely Smitfraud.

Download SmitfraudFix (by S!Ri) to your Desktop.

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

Double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

Post the Smitfraudfix log and a new HJT log.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gambit_642Commented:
LOL, its an FP to get you to buy anti-virus software.

I noticed "elfwgps.dll" in your posted log

Read here:
http://removal-tool.blogspot.com/2008/01/elfwgps-toolbar-removal-tool-remove.html
0
rpggamergirlCommented:
O21 - SSODL: bqxomdo - {46899515-201A-4B24-89F9-24A5A7B9FC12} - C:\WINDOWS\bqxomdo.dll
The above is an SDBot/IRCBot which SDFix should take care of.

Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.

*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
*  Finally open the SDFix folder on your desktop and copy and paste the contents of the results file "Report.txt" back
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.