Worm.NetSky info needed. How do I recover?

I've got this worm. What to do?

I'm now at a new computer...it took a few days of additional worms and trojans before it finally crashed last night.
I have too much stuff saved on the old one, and email was infected...
My emails must be all over cyberland....
Virus...the end to it all.

Thanks for saving someone else:hug:
peace~

Specially the ones that download other viruses.
That sucks about your computer. :( :hug:
I hope this fix helps the OP.

W32.Netsky@mm Removal Tool could not detect this. Likewise for McAfee's tools.

Malwarebytes' Anti-Malware tool worked in safe mode start-up using Administrator. It takes a while to find all the files thereafter, by using date-sorted searches of My Computer.


Worm.Win32.NetSky is what the warning prompt said. The enemy is a set of files

..\Windows\system\smss32.exe. Identify when that was written and
..\system32\41exe The user of moment may have a file
..\LocalSettings\Temp\dqtphx.exe. I would also search for and delete other files with the same time stamp, like
..\IS15.exe and
..18467.exe

This thing turns off the Windows Firewall. McAfee had to "block future changes." Stay offline and in Safe Mode until you recover.

Finally, to make it work after restart out of Safe Mode, I had to delete prefetch files written by the above .exe files. They have the same names as prefixes and matching time stamps. Sort My Documents by date and find any other changes that match the date.

Finally, empty the trash and restart in Safe Mode. Watch the tray to see if the worm loads before your security program.

So now FireFox says Facebook is a restricted site by my security settings.

first thing to do. I got AVG antivirus and Comodo Firewall (both free versions) and I may just go all the way Comodo in the future but the AVG Free seems to do the trick pretty good. People tend to go with the free-trial time on McAfee or Norton when they get a new computer and I don't know about McAfee but Norton was a major pain in the @$$ and not completely reliable when I last had it.

Somehow, this got past the protection, but it was stopped from using its own STMP engine to propagate.

I went back into my system as Administrator and seriously clamped down on Internet Explorer Options there, basically not letting that browser do anything unless required to open.

If anyone has advice on this thing, add it here to be found by anyone who has the same thing hit them.

use avast!, malware bytes, and install the hosts file from http://hostsfile.mine.nu/