Page 1 of 2 12 LastLast
Results 1 to 15 of 17

Thread: Netsky.C worm, from Cashsite

  1. #1
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941

    Netsky.C worm, from Cashsite

    C:\Documents and Settings\Big Booger\Local Settings\Temporary Internet Files\Content.IE5\GFMRQ30D\update.zip - Win32/Netsky.C worm


    Cash, I think you have the netsky.C worm, but I could be mistaken.

    It was sent to me from your hotmail.. could be you could be someone else (spoofed addy)

  2. #2
    all bets are off... TZ Veteran SupaStar's Avatar
    Join Date
    Jul 2002
    Location
    Australia
    Posts
    1,680
    I reckon it's spoofed, but cash you better check and make sure

  3. #3
    Techzonez Governor Super Moderator Conan's Avatar
    Join Date
    Apr 2002
    Location
    Philippines
    Posts
    4,343
    It's normally spoofed when the sender's name is not included in the e-mail.

  4. #4
    all bets are off... TZ Veteran SupaStar's Avatar
    Join Date
    Jul 2002
    Location
    Australia
    Posts
    1,680
    I've seen it included before...and the person never sent it!! That's been going around alot lately.

    This should help cash: Removal Tool

  5. #5
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,852
    Thx guys, I think it may have been spoofed, we all remember Phish's antics last week But just to be sure I will scan with removal tool and do full system scan

    --- 0wN3D by 3gG ---

  6. #6
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941
    I ran the scan too just to be safe, and when I ran it, NOD32 suddenly popped up, and said I had the Nadia.B worm...

    I thought that was strange. So I ran the Symantec removal tool again, and again when it scanned the svchost.exe file in windows/system32/drivers.... Nod popped up again... so I was thinking damn, surely I don't have this nadia virus.. so for a third time I ran the tool, which came up empty all three time (even after I disabled sys restore), and I have determined that when the tool scans the files, NOD32 detects viral activities... strange!

  7. #7
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,406
    NOD might be checking for certain files activity and the removal tool might be stearing those files
    Just my 2 cents (pure guess)

  8. #8
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,852
    Quote Originally Posted by Dehcbad25
    NOD might be checking for certain files activity and the removal tool might be stearing those files
    Just my 2 cents (pure guess)
    Good Point Dehc, perhaps we should disable AV while doing a Fix, then renable afterwards, to try and minimise False Positives. Which BB seems to be getting lately. Well at least NOD is very active

    --- 0wN3D by 3gG ---

  9. #9
    Fred2
    Guest
    Quote Originally Posted by cash_site
    Good Point Dehc, perhaps we should disable AV while doing a Fix, then renable afterwards, to try and minimise False Positives. Which BB seems to be getting lately. Well at least NOD is very active
    Having used some of the FREE CLEANERS from the NOD32 site I know they recommend you disable all av when running the fixes.

  10. #10
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,852
    Ok Guys, spent last nite searching my comp and running all of symantecs search&fix apps, and EVERYTHING returned clean So I think I have a clean bill of health, err well at my comp does This would lead us to believe that it was spoofed. thx.

    --- 0wN3D by 3gG ---

  11. #11
    all bets are off... TZ Veteran SupaStar's Avatar
    Join Date
    Jul 2002
    Location
    Australia
    Posts
    1,680
    Unless that is all part of your MASTER PLAN cash!!

    Remember?, the one you were telling me...about infecting all of the PC's in the world?? Remember??


    j/k LOL

  12. #12
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,852
    Quote Originally Posted by SupaStar
    Unless that is all part of your MASTER PLAN cash!!

    Remember?, the one you were telling me...about infecting all of the PC's in the world?? Remember??


    j/k LOL
    Oh yeah, that plan... sorry Pinky, got so many plans to take over the world muhaha

    --- 0wN3D by 3gG ---

  13. #13
    Techzonez Governor Super Moderator Conan's Avatar
    Join Date
    Apr 2002
    Location
    Philippines
    Posts
    4,343
    Quote Originally Posted by cash_site
    Oh yeah, that plan... sorry Pinky, got so many plans to take over the world muhaha
    Pinky? Is this an expression or is that Supa's real name?

  14. #14
    Friendly Neighborhood Super Moderator phishhead's Avatar
    Join Date
    Apr 2002
    Location
    San Diego, Ca.
    Posts
    3,732
    maybe it was spoofed from my address book.



  15. #15
    Friendly Neighborhood Super Moderator phishhead's Avatar
    Join Date
    Apr 2002
    Location
    San Diego, Ca.
    Posts
    3,732
    I remember when I got the anna k virus from a big ol' chunky lesbian at work and had to explain that one to the boss.



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •