high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Protection available since | 27 April 2004 05:53:01 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
Windows NT/2000/XP/2003
In Windows NT/2000/XP/2003 you will also need to edit the following registry entry. The removal of this entry is optional in Windows 95/98/Me. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
SkynetsRevenge = <WINDOWS>\winlogon.scr
and delete it if it exists.
Close the registry editor.
More Information
W32/Netsky-AA is a mass mailing worm.
W32/Netsky-AA will harvest email addresses from files on any fixed drives with the following extensions:
EML TXT PHP CFG MBX MDX ASP WAB DOC VBS RTF UIN SHTM CGI DHTM ADB TBB DBX PL HTM HTML SHT OFT MSG ODS STM XLS JSP WSH XML MHT MMF NCH PPT
The subject lines and message texts are constructed randomly from the following building blocks:
Subject Lines:
Re: Document
Re: Approved
Re: Text
Re: Thank you!
Re: Details
Re: Photos
Re: Private
Re: Information
Re: Hi
Re: Hello
Re: Summary
Re: Step by Step
Re: Music
Re: Application
Re: Tel. Numbers
Re: List
Re: Text file
Re: Paint file
Re: Contacts
Re: e-Books
Re: Bill
Re: Error
Re: Missed
Re: Letter
Re: Product
Re: Website
Re: Movie
Re: Presentation
Re: Advice
Re: Fax number
Re: Cheaper
Re: War
Re: Demo
Re: Final
Re: Poster
Re: Patch
Re: Pricelist
Re: Job
Message Texts:
For furher details see the attached file.
Your file is attached.
Please read the attached file.
Please have a look at the attached file.
Please take the attached file.
See the attached file for details.
Please view the attached file.
Here is the file.
Your document is attached.
Attachment names:
Your_Job.pif
Your_Pricelist.pif
Your_Patch.pif
Your_Poster.pif
Your_Final_Document.pif
Your_Demo.pif
Osam_Bin_Laden_Articel_42.pif
Your_Product_List.pif
My_Fax_Numbers.pif
My_Advice.pif
Your_Presentation.pif
Your_Movie.pif
Your_Website.pif
Your_Product.pif
Your_Letter.pif
Your_Excel_Document.pif
Your_Error.pif
Your_Bill.pif
Your_E-Books.pif
Your_Contacts.pif
Your_Paint_File.pif
Your_Text_File.pif
Your_List.pif
My_Telephone_Numbers.pif
Your_Software.pif
Your_Music.pif
Your_Description.pif
Your_Summary.pif
Your_Digicam_Pictures.pif
Your_Information.pif
Your_Private_Document.pif
Your_Pics.pif
Your_Details.pif
Your_Document_Part3.pif
Your_Text.pif
Your_Document.pif
W32/Netsky-AA is a mass mailing worm. When started the worm copies itself to the Windows folder using the name winlogon.scr and sets the following registry entry to auto start on user logon:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
SkynetsRevenge = <WINDOWS>\winlogon.scr
W32/Netsky-AA will harvest email addresses from files on any fixed drives with the following extensions:
EML TXT PHP CFG MBX MDX ASP WAB DOC VBS RTF UIN SHTM CGI DHTM ADB TBB DBX PL HTM HTML SHT OFT MSG ODS STM XLS JSP WSH XML MHT MMF NCH PPT
The subject lines and message texts are constructed randomly from the following building blocks:
Subject Lines:
Re: Document
Re: Approved
Re: Text
Re: Thank you!
Re: Details
Re: Photos
Re: Private
Re: Information
Re: Hi
Re: Hello
Re: Summary
Re: Step by Step
Re: Music
Re: Application
Re: Tel. Numbers
Re: List
Re: Text file
Re: Paint file
Re: Contacts
Re: e-Books
Re: Bill
Re: Error
Re: Missed
Re: Letter
Re: Product
Re: Website
Re: Movie
Re: Presentation
Re: Advice
Re: Fax number
Re: Cheaper
Re: War
Re: Demo
Re: Final
Re: Poster
Re: Patch
Re: Pricelist
Re: Job
Message Texts:
For furher details see the attached file.
Your file is attached.
Please read the attached file.
Please have a look at the attached file.
Please take the attached file.
See the attached file for details.
Please view the attached file.
Here is the file.
Your document is attached.
Attachment names:
Your_Job.pif
Your_Pricelist.pif
Your_Patch.pif
Your_Poster.pif
Your_Final_Document.pif
Your_Demo.pif
Osam_Bin_Laden_Articel_42.pif
Your_Product_List.pif
My_Fax_Numbers.pif
My_Advice.pif
Your_Presentation.pif
Your_Movie.pif
Your_Website.pif
Your_Product.pif
Your_Letter.pif
Your_Excel_Document.pif
Your_Error.pif
Your_Bill.pif
Your_E-Books.pif
Your_Contacts.pif
Your_Paint_File.pif
Your_Text_File.pif
Your_List.pif
My_Telephone_Numbers.pif
Your_Software.pif
Your_Music.pif
Your_Description.pif
Your_Summary.pif
Your_Digicam_Pictures.pif
Your_Information.pif
Your_Private_Document.pif
Your_Pics.pif
Your_Details.pif
Your_Document_Part3.pif
Your_Text.pif
Your_Document.pif
|
