Favorite Set as home Contact Us
Google
Home | More Virus Remove Process...
Free antivirus software,Free antivirus,Trojan Removal Instructions,Spyware remove Instructions
      How to remove W32/Netsky.ad@MM,Email-Worm.Win32.NetSky.q
How to remove W32/Netsky.ad@MM,Email-Worm.Win32.NetSky.q
Author:W32/Netsky.ad@MM,Email-Worm.Win32.NetSky.q Hits: UpdateTime:2008-5-3 9:39:30

How to remove W32/Netsky.ad@MM,Email-Worm.Win32.NetSky.q

W32/Netsky.ad@MM,Email-Worm.Win32.NetSky.q remover

W32/Netsky.ad@MM,Email-Worm.Win32.NetSky.q removal process


For remove W32/Netsky.ad@MM,Email-Worm.Win32.NetSky.q virus,please clean/delete all W32/Netsky.ad@MM,Email-Worm.Win32.NetSky.q infected files and Delete/Modify any values W32/Netsky.ad@MM,Email-Worm.Win32.NetSky.q added to the registry as following:

W32/Netsky.ad@MM

Email-Worm.Win32.NetSky.q

W32.Netsky.P@mm 

I-Worm.NetSky.q

Del the register key as following

HKLM\SYSTEM\CurrentControlSet\Services\WksPatch
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\PINF
 HKCR\CLSID\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32
[ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "Norton Antivirus AV" = %windir\fvprotect.exe
 
The worm also creates a file named userconfig9x.dll in the Windows directory, and files with the following names:
zipped.tmp 
base64.tmp
 zip1.tmp
 zip2.tmp
 zip3.tmp
These files are copies of the worm in UEE format and ZIP archives containing copies of the worm. Files within the archive will have names chosen from the following list:
document.txt.exe
 data.rtf.scr
 details.txt.pif
The worm creates a mutex, ""_-oO]xX|-S-k-y-N-e-t-|Xx[Oo-_", to flag its presence in the system.

Email-Worm.Win32.NetSky.q (Kaspersky Lab) is also known as: I-Worm.NetSky.q (Kaspersky Lab), W32/Netsky.ad@MM (McAfee),   W32.Netsky.P@mm (Symantec),   Win32.HLLM.Netsky.based (Doctor Web),   W32/Netsky-P (Sophos),   Win32/Netsky.P@mm (RAV),   WORM_NETSKY.P (Trend Micro),   Worm/NetSky.P.2 (H+BEDV),   W32/Netsky.P@mm (FRISK),   Win32:Netsky-P (ALWIL),   I-Worm/Netsky.Q (Grisoft),   Win32.Netsky.P@mm (SOFTWIN),   Worm.SomeFool.P-dll (ClamAV),   W32/Netsky.P.worm (Panda),   Win32/Netsky.Q (Eset) 

This worm spreads via the Internet as an attachment to infected messages. It is also able to propagate via P2P networks and accessible http and ftp directories.

The worm's main component is a PE EXE file of approximately 29KB. The worm is packed using FSG; the unpacked file is approximately 40KB in size.



For successful remove W32/Netsky.ad@MM,Email-Worm.Win32.NetSky.q virus,you may also need do as following:
1. Temporarily Disable System Restore .

2. Update the virus definitions. Reboot computer in SafeMode;

3. Delete the IE temp files,some W32/Netsky.ad@MM,Email-Worm.Win32.NetSky.q temp file exisit there.

4.If you failed to remove W32/Netsky.ad@MM,Email-Worm.Win32.NetSky.q,please go to our remove help forum:http://help.antiviruses123.com

End Of The Article How to remove W32/Netsky.ad@MM,Email-Worm.Win32.NetSky.q remove process
No correlative howtoremove
Sponsors
Hot Antivirus Article
Elite Antivirus Article
Contact Us
Copyright 2006-2007 Free Antivirus Program