Page 1 of 4 123 ... LastLast
Results 1 to 15 of 48
  1. #1
    Bronze Lounger
    Join Date
    Sep 2002
    Location
    Naples, Florida, USA
    Posts
    1,231
    Thanks
    40
    Thanked 3 Times in 3 Posts

    Virus Query: Worm.NetSky.q

    Is this the correct forum for this question? If not, I'd be happy to post it in the correct place. Wasn't sure.

    OS Windows XP; Outlook Express 6

    The issue: for the past week, I've been receivIng mysterious email messages. Some are returned messages not delivered because they apparently had a virus (to addresses I've never sent anything to!) and some, like the most recent today. are from a program that says it discovered a virus (I-Worm.NetSky.q ) in a message from us (again, to an unknown recipient) and are letting us know as a courtesy.

    We have Norton AntiVirus installed and it updates our virus definitions regularly. I never open attachments without first scanning for viruses and I turn off the Preview pane, as per Woody, before opening messages in our inbox. Could we still be infected?

    I did go to the Norton site first, to learn more about this worm, but the directions were so technical and so confusing, I fled back here! Is there some simple (i.e., not too technical) way for me to check to see if we somehow have this virus or are all these messages some sort of spam? And, next, if we are infected, can you help me with how to remove it, again in a less technical way?

    This is making me very nervous. We have never been infected before!

    Hopefully,

    Linda

  2. #2
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Virus Query: Worm.NetSky.q

    Linda,

    Have you tried to go to the Symantec on line security check and run both Security and Virus Check from there? It's free and will check for trojans and other possible infections on your PC.

    Click on: SECURITY
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  3. #3
    Bronze Lounger
    Join Date
    Sep 2002
    Location
    Naples, Florida, USA
    Posts
    1,231
    Thanks
    40
    Thanked 3 Times in 3 Posts

    Re: Virus Query: Worm.NetSky.q

    Bob,

    I had done so in the past, but decided to go ahead and run them again (thanks for the link). Security was no problem (it said I had all the computer protection in place), but the Virus Scan can't seem to get past "downloading virus detection. Please wait." (that's only part of the message). I waited over half an hour and the actual scan never started. Can you suggest what I've done wrong?

    Linda

    PS Just received another returned email that I didn't ever send!

  4. #4
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Virus Query: Worm.NetSky.q

    Hi Linda,
    Don't know why the Virus check didn't DL in full, but sometimes it's just am overload on the Symantec site. Also disable any pop up stoppers you may have on and try again.

    Some decent info on that particular worm can be seen at: Netsky

    You can just google on that worm name and there is a ton of responses. There are also some worm killers listed there to try.
    It does look like a nasty one.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  5. #5
    Bronze Lounger
    Join Date
    Sep 2002
    Location
    Naples, Florida, USA
    Posts
    1,231
    Thanks
    40
    Thanked 3 Times in 3 Posts

    Re: Virus Query: Worm.NetSky.q

    Thanks, Bob. Never thought of overload. Will try once again and let you know.

    Here's something interesting now that I'm rechecking. Most of the weird or returned messages have Canadian addresses (i.e., end in .ca). I do communicate with people there. Is it possible one of them has a virus and it has picked up our address from the infected Canadian computer and is sending itself out using our address? And that we are fine (as I thought), but this other computer has caused the weird stuff to happen? I find it hard to believe that something is in this computer as all our protections are and have been up to date!

    Just a thought. I'm still going to run the Virus Check and see for sure.

    Linda

  6. #6
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Virus Query: Worm.NetSky.q

    Linda,
    -------------------------------------------
    Is it possible one of them has a virus and it has picked up our address from the infected Canadian computer and is sending itself out using our address? And that we are fine
    ------------------------------------------

    Yes, Very possible that's the case. There have been many cases of email addresses being hiJacked and used as improper return names. I'm not sure just what can be done about that. I know I have had incoming messages with MY address on them, coming from phoney locations. This was an attempt to bypass my Spam filter, but I was able to write a rule on my filter to block them also.
    What Spam filter are you using?
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  7. #7
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Virus Query: Worm.NetSky.q

    Linda,

    One more thing, if you want to try a decent TrojanWorm Remover, go to:Killer
    to download a <img src=/S/free.gif border=0 alt=free width=30 height=15> 30 day trial version. Easy to use and quick.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  8. #8
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Virus Query: Worm.NetSky.q

    This is a new form of spam! Antivirus gateways around the web politely inform you that you sent an infected message. But of course, YOU didn't send it, and you're not infected, but you have to deal with all these useless messages. Corporate IT types are increasing the pressure to disable this "feature," so this might all go away in the middle-term future. Until then, unless you recognize that you sent the message, treat it as spam.

  9. #9
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Virus Query: Worm.NetSky.q

    I agree with Jefferson here. I've gotten a couple of those same returned e-mails and at first suspected address harvesting by a worm (a Netsky variant to be precise). Checking the properties of the mail and the content of the text raised my suspicions. It's too sophisticated for a worm to do and too convoluted to be real. Then the concept became clear.......... it's second-hand SPAM !! They have found a way around the filters and are trying to use human nature and curiosity to get us to open their junk now !!! <img src=/S/hmmn.gif border=0 alt=hmmn width=15 height=15>
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  10. #10
    Bronze Lounger
    Join Date
    Sep 2002
    Location
    Naples, Florida, USA
    Posts
    1,231
    Thanks
    40
    Thanked 3 Times in 3 Posts

    Re: Virus Query: Worm.NetSky.q

    <P ID="edit" class=small>(Edited by IreneLinda on 31-Mar-04 16:54. PS re. anitspam software)</P>Thanks to all of you. Sounds as if my suspicions are correct. I will continue to be especially careful checking e-mail and just delete (after blocking sender) al those fake messages. Fun, eh?!

    Bob - I'll also check out that site for the free trial remover software. Thanks for the link.

    PS Bob - I'm not sure what spam filter I have. I just have Norton Anti-Virus installed + the MS firewall that comes with Windows XP.

    Linda

  11. #11
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Virus Query: Worm.NetSky.q

    Linda,
    If that's all you have, then you don't have ANY Spam filter at all.
    I'm using "emousetrap" and have been getting 100% filtering of Spam. It sits in front of OE and intercepts all emails, sends a request for confirmation immediately back to the sender, ( if it's an address that's NOT on your authorized list ). Since almost all of the Spam junk is automated, there is no way for the spam machine to reply, so that messages gets blocked and deleted. When you first set it up, it will import the addresses from your address book and make them authorized at once. All authorized mail goes right to your inbox right away.
    It's a great relief to open the inbox and only see legit mail.

    You can get a 30 <img src=/S/free.gif border=0 alt=free width=30 height=15> trail or buy it for $19.95 US at EMOUSETRAP
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  12. #12
    Bronze Lounger
    Join Date
    Sep 2002
    Location
    Naples, Florida, USA
    Posts
    1,231
    Thanks
    40
    Thanked 3 Times in 3 Posts

    Re: Virus Query: Worm.NetSky.q

    First, thanks, Bob, for the link. I will check it out for trial and purchase.

    Next, another plea for guidance: finally set up our new (and first) laptop. It has Windows XP, but I downloaded NO patches, thinking I'd wait until Windows SP2 comes out to save time and frustration. I connected to the Internet to check email perhaps 3 times over the space of a month, disconnected each time, came back yesterday to find a big warning from Norton on the screen saying the machine was infected with Blaster !

    Help! Is this possible so quickly? I was feeling so smug about avoiding it on our desktop, but now realize that was probably true because I'd dutifully applied patches from the MS Update or Security sites!! Accordingly, I didn't keep all the emails we'd been sent about removing it.

    I followed the Norton link for instructions, but they are so complex. I wondered if anyone here could direct me to simpler (for a non-technical type) set of instructions. Or should I just print out all Norton's and try to work through them - very slowly?

    Guess my last quetion is: could the message be a mistake? (she inquired hopefully!)

  13. #13
    Gold Lounger Rebel's Avatar
    Join Date
    Jul 2001
    Location
    Canada
    Posts
    3,024
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Virus Query: Worm.NetSky.q

    If you're sure the message is in fact the result of a Norton scan, then you are probably infected. In that case, you can find the removal tool and instructions here . One of the effects of Blaster is the inability to maintain an internet connection - i.e. your browser shuts down. To keep a connection long enough to be able to download the tool, follow this procedure (quoted from Symantec):
    Click Start > Run. (The Run dialog box appears.)
    Type: SERVICES.MSC /S in the open line, and then click OK. (The Services window opens.)
    In the right pane, locate the Remote Procedure Call (RPC) service.
    [Another] service named Remote Procedure Call (RPC) Locator exists. Do not confuse the two.
    Right-click the Remote Procedure Call (RPC) service, and then click Properties.
    Click the Recovery tab.
    Using the drop-down lists, change First failure, Second failure, and Subsequent failures to "Restart the Service." [Normally, this is set to Restart the Computer]
    Click Apply, and then click OK.

    Now you should be able to maintain your connection. DON'T FORGET to reset the RPC service to "Restart the Computer" after you have completed all of the steps to remove the worm.
    It is also very important to disable System Restore before running the tool. After you are satisfied that you have removed Blaster, then turn on System Restore again.
    As a final step, update your system with at least the "Critical" patches offered on the Windows Update site.
    John
    A Child's Mind, Once Stretched by Imagination...
    Never Regains Its Original Dimensions

  14. #14
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Virus Query: Worm.NetSky.q

    Hi Linda,
    That Spam prog is a good one. Hope it goes OK for you. ( don't see why not )

    That POSSIBLE worm: I say that only because it only takes one shot to install the worm on a system. But my question to you is: How did you get that message from Norton? Was it after a virus scan or did you get some sort of email message stating that? If it was an email, I would tend to think it's a hoax, since Norton doesn't send alerts to individual users and it has no way to detect it that way at any rate.
    If it was after a virus scan, then I would think it was real.

    If you download the file that Rebel links you to, you can remove the Blaster with it. Just DL it and run it. It will scan your system and if it detects a worm it will isolate it or remove it for you.

    So far as the patches go, get them and install them ASAP. An UN patched system is wide open to many different security problems!!

    Guidelines for internet security are:
    A software ( or ) hardware firewall.
    An anti virus program installed AND kept up to date with the latest virus definitions.
    A good Spam blocker
    Anti Spyware programs like SpyBot S&R & AdAware, Both.

    I know it sounds like a lot of things to have on your system, but it seems to be a necessity these days.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  15. #15
    Bronze Lounger
    Join Date
    Sep 2002
    Location
    Naples, Florida, USA
    Posts
    1,231
    Thanks
    40
    Thanked 3 Times in 3 Posts

    Re: Virus Query: Worm.NetSky.q

    Bob and John,

    Thank you both very much. I did a virus scan to ensure the blaster Blaster was there - and it was. Thanks to John's additional instructions and the link to the removal tool, I have just cleansed the worm from the laptop! Phew. Also reset everything as John (and Symantec) recommended.

    Then, just when I wss going to come back here to report and ask if I have to get all those patches, I saw your message, Bob, and realize that should be my next step. Question: Should I just go to the Windows Update site and start patching or is there a better way?

    Oh, have loaded trial of MouseTrap and will see how it works over the next few days. Sure was easy to do. Thanks.

    Feeling much better and less wormy,

    Linda

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •