Page 3 of 8

PostPosted: Tue Jan 27, 2004 6:28 am
by Toby B.
Just a friendly reminder..............

Update your Anti-virus program ASAP

I got socked with at least one trojan and at least one worm. ... .a@mm.html

That is what I have tracked down thus far on my PC...........

PostPosted: Tue Jan 27, 2004 3:58 pm
thanks just got it one hour ago . luckily i had updated norton this morning , so no harm done . but i would like to know how the sender has my email address . i know that its a mass mailer , so i could be on someone's address book , i never got to open the attachment as norton deleted it before hand

PostPosted: Sat Jan 31, 2004 8:51 pm
just some small tips on detection and removal of the mydoom A and B variants ... p#whattodo

PostPosted: Sat Feb 07, 2004 4:06 pm
by Tau

PostPosted: Fri Feb 13, 2004 2:41 am
by Big Jake
I'm using SpyBot, Ad-Aware and F-PROT and Zone Alarm.

Seer the current issue opf PC MAG for a decent discussion of the issue.



PostPosted: Sat Feb 14, 2004 11:45 pm
by poundu1
Pent 1 100mgz 1 gig hd NEC laptop.
Using Norton SysWorks 2002 It detected and Removed NYB. However I cant tell that its gone, as using msd showing strange things still like progs named pyright, ??? and other named with ascii text.
Also there is a folder (system) wih no name in explorer that i can not move delete etc.


PostPosted: Wed Feb 18, 2004 5:49 pm
by peta_byte
oops double post.. would a mod please delete ?

Re: NetSky.B

PostPosted: Wed Feb 18, 2004 6:19 pm
by peta_byte
poundu1, we discussed in length about your NYB.. for the most part you seemed to ignore our suggestions.. I mentioned a few ideas in that thread about backing up some of the data.. but in the end, you have to bite the bullet and kill the partition and fdisk /mbr it..

now there's a new virus on the loose.. the AV definitions are only just coming out. I'll post 3 of the major AV vendors links.. but note that AVG also has recognised the exsistence.. I'm not sure if they've released definitions.

NetSky.B (Mass mailing worm..) ... tskyb.html ... ky@mm.html

removal tool : ... .tool.html

Norton beta definition : ... nload.html

some quoted info from Symantec :

"Creates a mutex named "AdmSkynetJKIS003." This mutex allows only one instance of the worm to execute in memory."

Deletes the values:


from the registry keys:


Deletes the values:


from the registry key:


Deletes the registry key:


one guy infected himself and reported this : (pm me for source if needed)

After you start the file that's inside the zip file you will get a popup

The file could not be opened!

It will copy itself to %systemroot% (usually c:\winnt or c:\windows) as services.exe.
The Run registrykey is used to make it startup after a reboot.

The key added will be:
service: REG_SZ: C:\WINNT\services.exe -serv

It will also drop about 40 zip files with varying names (listed below) and a sizes between 22130 and 22150 bytes. These are probably copies of itself.

I'm not sure but it also looks like it opens 2 tcp ports (2701 & 2702). I could not verify if these actually belonged to the virus as fport.exe doesn't seem to work on this machine.

zip files:

yet's symantec's list of attachments are different, so there might be a family of them..

Attachment: The attachment is one of the following,

Help with virus

PostPosted: Tue Apr 20, 2004 2:24 pm
by dougall
Trying to help a friend who has a PC with no anti-virus software. About 10 days ago he began to have problems where his internet connection was being dropped a few minutes after logging on, typically between 5 and 15 mins.

I have managed to run Spybot with latest defs, but after installing Norton Antivirus I could not keep the connection up long enough for the latest updates to download. The stuff I removed with Spybot didn't help the problem, and Norton could only scan with out-of-date virus definitions and found nothing.

Is this problem likely to be a virus? If so, how can I get the latest Norton Antivirus definition files from my laptop to their PC (ie. what to copy and where?) if that is an option.

Any ideas, or am I barking up the wrong tree? Is it perhaps, just a noisy phone line on their 56k modem connection?

Appreciate any input

PostPosted: Tue Apr 20, 2004 3:22 pm
by Denniss
Just look at the links on the first post in this thread !

Directs you to a manual definitions update at Symantec - use the 7MB download and burn it onto CD and execute it on the other PC - another good free Virus-Scanner/Killer