Worm.NetSky.T

From Wiki-Security, the free encyclopedia of computer security

Worm.NetSky.T Information
Type: Spyware
Analysis: Installs & gathers info from a PC without user permission.
Infection: By downloading freeware & shareware.
Symptoms: Changes PC settings, excessive popups & slow PC performance.
Detection Tool: >>> Download SpyHunter's Spyware Scanner <<<
Notice:






SpyHunter's spyware scanner is intended to quickly scan and identify spyware on your PC. If you wish to eliminate spyware from your PC and prevent future spyware attacks, we recommend you buy SpyHunter's spyware removal tool, which includes full technical support and a Spyware HelpDesk to tackle spyware that is uniquely affecting your PC.
IE Alert:


If you are using Internet Explorer and can not download SpyHunter, please use a different browser like Firefox or Chrome.

Worm.NetSky.T is an email worm, and a very dangerous one. Infection rates of Worm.NetSky.T are low but persistent and have been for several years. These continuing infections are the strange relic of a huge war between virus creators, which wreaked havoc on PCs all over the world and had PC security companies scrambling to keep up. 

Worm.NetSky.T Indicators and Activity

Although the history of Worm.NetSky.T is fascinating, first let's look at what Worm.NetSky.T does and what it looks like on an infected computer. For anyone whose computer is infected, this is much more pressing. Worm.NetSky.T is a virus that propagates through spam email and affects Windows 2000, Windows 2003, and Windows XP. (Windows 2000 is for businesses, and Windows 2003 is for servers. So PCs are vulnerable if they run XP.) On an infected computer, Worm.NetSky.T will alter the registry to allow itself to run on startup. It has two processes that run in Windows for the sake of redundancy – if you kill one process, the other process picks up where the other one left off. This is done in order to make Worm.NetSky.T very hard to remove or stop.

Once Worm.NetSky.T starts running, it will scan every drive on the computer from C:/ onwards, with the exception of optical drives. This scan looks for a certain set of file extensions, which are potentially useful to Worm.NetSky.T because they are capable of containing email addresses. Worm.NetSky.T will then use its own email engine and those addresses to send spam, with an attachment containing an executable file that contains a copy of the worm. The emails that Worm.NetSky.T sends use subject lines and content that is pieced together at random, using a few string arrays and taking a string from each. In other words, it's sort of like email Mad Libs – there are a few categories with different prewritten options in them, and Worm.NetSky.T takes one thing from each category and sticks them together. The subject lines and the email text are very generic things about looking at documents, and sending documents, with a few “thank you” and "approved" and "hello" variations added to it. If the recipient of one of these emails opens the attachment, the recipient's computer will become infected with Worm.NetSky.T, which will then propagate from the recipient's computer as well.

The threat that Worm.NetSky.T poses to the infected computer is that, in addition to its spam operations, it opens a backdoor. Worm.NetSky.T is reported to listen in on port 6789, and, therefore, does present a risk to anyone with any private or personal information on the infected system. However, since the creator of the worm was caught and convicted years ago, it is unclear whether anyone is actually listening to what Worm.NetSky.T is accessing through backdoors. 

History of Worm.NetSky.T

Worm.NetSky.T has a very bizarre history, and has been a very high-profile virus for a while. In 2004, there was a huge, sudden proliferation of worm-type viruses, particularly in the first half of the year. The three worms that were very common and doing a lot of damage were variations on Bagle, Mydoom, and NetSky. The creators of these three worms got into a war for possession of the most computers, for the highest rate of infection. The creators of Bagle and NetSky, in particular, seemed to be at war with each other, releasing new versions so often that anti-virus software companies all over the world were panicking and sometimes unable to keep up. For a short period of time, NetSky was even creating a botnet that was launching denial of service attacks on certain websites. Huge numbers of computers were infected, and Microsoft announced that it was offering a $250,000 reward to anyone who provided details leading to the identification of the creator of NetSky.

NetSky's worms up through Worm.NetSky.S were programmed to remove Bagle WORM from any computer they found it on, and included a hidden message of a single line of text taunting the creator of Bagle. Worm.NetSky.T was the first version of Worm.NetSky that did not remove Bagle, and it includes a message that indicates that the war between the two worm creators is over. Although it was released in April 2004, Worm.NetSky.T continues to infect computers to this day, giving it an extraordinary lifespan among viruses.

As it turns out, the reason that the war between NetSky and Bagle ended is that NetSky's creator went on to create an even worse and more destructive virus, the Sasser worm. Very shortly after the release of the Sasser worm, in May of 2004, the programmer of NetSky and Sasser was identified and caught.  He was Sven Jaschan, an eighteen-year-old German boy who was attending computer science school. He had bragged to his friends about having created the viruses, and ultimately confessed to the authorities that he had programmed NetSky and Sasser. He had to be tried as a minor, since he had created the viruses before he turned eighteen. Jaschan, as a teenager, had single-handedly created the viruses that caused 70% of all infections in the first half of 2004. He said he wished to drum up business for his parents' PC support and repair business.
 
Worm.NetSky.T is the vestige of this bizarre saga. While NetSky variants no longer present the urgent, panic-inducing threat that they once did, Worm.NetSky.T is still a virus, still causing infections, and still something that needs to be treated with caution and removed quickly.

To check your computer for Worm.NetSky.T, download SpyHunter Spyware Detection Tool.

SpyHunter spyware detection tool is only a scanner meant to assist you in detecting Worm.NetSky.T and other threats. If you detect the presence of Worm.NetSky.T on your PC, you have the opportunity to purchase the SpyHunter removal tool to remove any traces of Worm.NetSky.T.

Contents

Detection of Worm.NetSky.T (Recommended)

Worm.NetSky.T is difficult to detect and remove. Worm.NetSky.T is not likely to be removed through a convenient "uninstall" feature. Worm.NetSky.T, as well as other spyware, can re-install itself even after it appears to have been removed.

You also run the risk of damaging your computer since you're required to find and delete sensitive files in your system such as DLL files and registry keys. It is recommended you use a good spyware remover to remove Worm.NetSky.T and other spyware, adware, trojans and viruses on your computer.

Run a Worm.NetSky.T scan/check to successfully detect all Worm.NetSky.T files with the SpyHunter Spyware Detection Tool. If you wish to remove Worm.NetSky.T, you can either purchase the SpyHunter spyware removal tool to remove Worm.NetSky.T or follow the Worm.NetSky.T manual removal method provided in the "Remedies and Prevention" section.

Method of Infection

There are many ways your computer could get infected with Worm.NetSky.T. Worm.NetSky.T can come bundled with shareware or other downloadable software.

Another method of distributing Worm.NetSky.T involves tricking you by displaying deceptive pop-up ads that may appear as regular Windows notifications with links which look like buttons reading Yes and No. No matter which "button" that you click on, a download starts, installing Worm.NetSky.T on your system. Worm.NetSky.T installs on your computer through a trojan and may infect your system without your knowledge or consent.

If you think you may already be infected with Worm.NetSky.T, use this SpyHunter Spyware dectection tool to detect Worm.NetSky.T and other common Spyware infections. After detection of Worm.NetSky.T, the next advised step is to remove Worm.NetSky.T with the purchase of the SpyHunter Spyware removal tool.

Symptoms

Worm.NetSky.T may attempt to change your computer's desktop, hijack your browser, monitor your Internet browsing activities, change system files, and can do this without your knowledge or permission. Therefore, it is strongly recommended to remove all traces of Worm.NetSky.T from your computer.

Remedies and Prevention

Worm.NetSky.T, as well as other Spyware, are constantly evolving and becoming more advanced to avoid detection. Worm.NetSky.T along with its variants can install in different locations and even when you try to uninstall it you find they reappear when you reboot your computer.

Install a good anti-spyware software

When there's a large number of traces of Spyware, for example Worm.NetSky.T, that have infected a computer, the only remedy may be to automatically run a Spyware scan from a good anti-spyware software designed to detect Worm.NetSky.T and other types of spyware.

Remove Worm.NetSky.T manually

Another method to remove Worm.NetSky.T is to manually delete Worm.NetSky.T files in your system. Detect and remove the following Worm.NetSky.T files:

Processes

  • EasyAV.exe

Other Files

  • EasyAV
  • approved_file7.pif
  • e-mail3.pif
  • secound_document4.pif

External links

PC Infected

If your computer is running slow, or making excessive popups, you may be infected with Spyware. Wiki-Security recommends,

Start SpyHunter's Spyware Scan.Click here



Disclaimer Information
This website, its content or any portion of this website is NOT affiliated with, connected to, or sponsored by Worm.NetSky.T or its creators in any way. This website does not advocate the actions or behavior of Worm.NetSky.T and its creators. Our objective is to provide Internet users with the know-how to detect and remove Worm.NetSky.T and other Internet threats.

The readers of this article should not mistake, confuse or associate this article to be an advertisement or a promotion of Worm.NetSky.T in any way. The content provided on this website is intended for educational or informational purposes and is provided "AS IS" with no warranties, and confers no rights.
Views
Navigation