If keep your antivirus up to date, and avoid opening attachments and running suspicious files, you will be relatively safe. Clearing infected machines is easiest with your updated antivirus tool. If you don't have one, you can use Symantec's Netsky removal tool www. B or Netsky. You can also use TrendMicro's Housecall housecall. If it does this while the system is infected, it may come back to re-infect later. Restart the computer in Safe Mode. C creates running processes, and Windows doesn't allow you to delete files connected with running processes, restarting is necessary.
Using Safe mode prevents Windows from loading drivers and auto run entries so your system boots relatively clean. Run a full system scan with an updated antivirus scanner or one of the online scanners mentioned above.
A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:. First check if your F-Secure security program is using the latest detection database updates , then try scanning the file again. After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
NOTE If the file was moved to quarantine , you need to collect the file from quarantine before you can submit it. If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product. Note You need administrative rights to change the settings. Find the latest advice in our Community. See the user guide for your product on the Help Center. Chat with or call an expert for help. X sends messages in several different languages: English, Swedish, Finnish, Polish, Norwegian, Portuguese, Italian, French, German and possibly the language of some small island called Turks and Caicos, located in the Atlantic ocean.
In many cases the messages are composed incorrectly suggesting that the worm's author did not ask native speakers for translation or used an on-line translation service like Babel Fish. It looks like the Netsky's author mistyped the domain suffix for Turkey - he put '. We came to that conclusion after verifying that the text that is sent to addresses in. Some of the worm's text strings are scrambled using the same algorithm as all the other variants. Upon execution NetSky.
X copies itself as FirewalSrv. Before spreading in email the worm collects email addresses. If any file with the following extensions is found, the worm opens it and searches for email addresses there:.
EXE and. SCR files, hence actions such as copying or viewing files with Explorer , including on shares with write access will result in files being infected, and the virus spreading from PC to PC. The virus injects its own code into a system process such as " explorer.
DLL :. Thus, every time an infected process runs, so does the virus. When you open an HTML file, the browser connects to this server without you knowing. The HTML page hosted at this location attempts to exploit a number of different vulnerabilities browser-based and program-specific vulnerabilities in order to run a copy of the virus.
The virus also modifies the local machine's Hosts file, redirecting the domain " zief. Allows backdoor access and control. Should this fail, it instead attempts to connect to " proxim.
It contains functionality to download and run files on your PC. This may include additional malware. The backdoor can also be used to change the host that it connects to for control. Analysis by Dan Kurc.
0コメント