English 
Worm.NetSky Worm.NetSky
By
GoldSparrow in 
Loading ...
Worm.NetSky Description
Worm.NetSky is a malicious worm that distributes itself as an email attachment. Once executed, Worm.NetSky will add itself to the Windows registry ensuring that it loads each time you turn on your computer. Worm.NetSky will scan your computer for email addresses and will email itself as an attachment to any email addresses found on your PC. Worm.NetSky will also create a backdoor on your PC, which will provide access of your system to remote attackers. Worm.NetSky shouldn’t remain on your system any longer.
Type: Spyware
Automatic Detection of Worm.NetSky
Worm.NetSky Technical Report
As new Worm.NetSky details are reported by our customers and findings from our Threat Research Center, we will update this section.
The following Worm.NetSky files with its MD5s were created in the system:
| File Name | File Size | MD5 |
|---|
| domnftwmnf.dll | 278528 | cb19bd7db3ab7aa4b5494956a2b0a041 |
| domnftwtwl.dll | 249856 | a46f40029bc82a717f9447a8e86a0019 |
| domnftwqlv.dll | 278528 | 214b3964f69564440711dd7922f53430 |
| domnftwwrn.dll | 253952 | 00998d1acd26f250d66dbdea5831e942 |
| alxvdvm.dll | 217088 | 4120bae3a595dd0d42ad24c770e66be3 |
| bmlvqkn.dll | 270336 | e5f40ba2c8fde0abf26d4c7540bf4a7a |
Worm.NetSky has typically the following processes in memory:
- domnftwqlv.dll
- domnftwtwl.dll
Worm.NetSky creates the following registry entries:
- SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\hjoqor
- 2CD50EED-0440-4D62-BAA2-03E8795A4BB9
- 8E7FF808-43C3-4D5F-AF01-29FD866BBA58
Important Article Disclaimer
This entry was posted
on 01/4/08 and is filed under Worms.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
