TechSpot

Swapped Netski for Trojan

By Maurice
Jun 8, 2004
Topic Status:
Not open for further replies.
  1. Yes, lucky me, [again!] I got the Netski Q, yesterday, it caught me unawares, I had been getting attachments from a friend, but not able to access, due to the fact that my loaned laptop, [yes, mine is still away for repair, 11 weeks now] is set up that way, by my [huh!] repairer so that I didn't get any viruses,...... was he ever wrong!, this email with attachment arrived, the address of the sender was one in my address book.
    So, thinking that they, [the sender] had found a way to get round my inability to open attachments, I clicked on the paperclip, & was confronted with a WinZip file to download, & bingo, I had a large blue & red window telling me that I had the Netski Q!
    My AVG anti virus was unable to delete it, so I went on Google & got Bit Defender to delete it, but the Trojan rode in on the download.
    So there it is, I swapped one evil for another, & again the AVG couldn't delete this one either, after the scan, it said "send to vault?" I clicked "yes", but it stated once again, that it couldn't be removed.

    Couldn't get much info about Trojans, what danger am I in with this particular one, & how the heck do I get rid of it, without getting another in it's place?

    Incidentally, glad the site was able to get back on line, well done! it just proves that we are all vulnerable, small & large.
    Maurice
  2. Nodsu

    Nodsu TS Rookie Posts: 9,431

    You didn't get anything. AVP blocked your access. The trojan is still sitting in the zip file waiting for you to execute it. As long as you don't tell your AV software to ignore the virus you will be unable to execute the file and get infected. Just delete the infected message.

    And for god's sake, didn't you read the thing? Or do your friends have a habit of writing generic messages that look like samples out of "Virus writing for Dummies".
  3. Maurice

    Maurice Banned Topic Starter Posts: 653

    Hey, hey, less of the "for god's sake", Nodsu, & the inference that I'm a dummy!!, I had a confrontation with someone else on the site a little while back for their almost brutal reaction, who monitors Chancellors for their abrasiveness??

    Let me explain again, normally I am on guard against attachments but the worm used an address from my address book. That person had been forwarding LOTS of jokes to me recently, & I explained to them that my PC had been set up not to access attachments, by the person loaning it to me.
    So when I got a a message apparently from them, saying "protected message attached" I thought, here we go again, & clicked the link, ["paperclip"] fully expecting it not to work, but it did, [why??] so when I saw the WinZip window, I thought that they had found a way round my PC block, so I continued, & you know the result.........why do I get the feeling that I am repeating myself here?

    As to the trojan, [named as "PSW KEYLOG J" incidentally] I did ask you to tell me please, what damage will it do??, how will it affect the running of my PC, & what do you mean by "just delete the infected message", remembering, as I've said in the past, that I'm of another generation, & need measured, patient answers, thank you.
    I will tell my AV to ignore the virus, is that what you're saying?, only it seems that some statements contradict others.

    Anyone else want to come in on this please?....be gentle with me!
    Maurice [the "old guy"]
  4. Nodsu

    Nodsu TS Rookie Posts: 9,431

    Your AV did not tell you that you have Netski Q. It told you that you were trying to open a file containing Netski Q. Unless you told in the AV window that you don't care and want to open the file anyway (do any AVs actually allow this nowadays) nothing happened. The Netski is sitting in the email you recieved. I'm sure that deleting an email from your inbox is not that difficult.

    As for the tojan, it can't be deleted because it's running. You should reboot into safe mode (tap F8 before Windows startup) and running AV scan again. The purpose of a keylogger is to log your keystrokes and steal passowords this way.
  5. Maurice

    Maurice Banned Topic Starter Posts: 653

    When I did a "deep scan" with my anti-virus [AVG], it took about 13 minutes, & searched 17,000 odd bytes, & detected the netski worm. I have the print-out of the test result in front of me at this moment, it reads;08/06/2004 07.32; "C\_RESTORE\TEMP\A0086191.CPY; Virus identified I-Worm/Netski Q" Status; still infected
    On the same sheet; "C;\HOLIST~1.DLL; Trojan horse PSW.Keylog J; healed OK" [yes, Icouldn't understand that either, see later]
    This is the exact wording on this one. After I got on to "Bit Defender", & d/loaded a file to delete the Netsky, re-booting, as they instructed, I then ran the AVG again, & it stated that the trojan was still there, but made no mention of the Netsky, as it would have if it it had still been there, so I can only assume that the file d/load wiped it.

    This SEEMS to make sense to me, but again I might be missing the point somewhere. Now when I run the deep scan again, it says "unable to remove file", referring to the Trojan.
    Why are these things so b++++y complicated??
  6. Godataloss

    Godataloss TS Rookie Posts: 501

    Try running AVG several times (after updating it of course)
    I believe this is a variant of the Mydoom virus that AVG renames automatically



    Who indeed? Wonks have no respect/patience for their elders these days- seems like a misplaced attitude in a help-forum- Give him hell Maurice:grinthumb
  7. Maurice

    Maurice Banned Topic Starter Posts: 653

    Thanks, Godataloss, I can always depend on a witty, helpful reply from you!

    As a postscript to my last message, I have just run my AVG again, & the test result stated "no virus infection was detected during this test", but when I clicked on another area of the same banner, it said that I was still infected with the netsky virus, what the heck is goin' on, Ohio man?, is the virus playing peek-a-boo with my AV, what do I do now?
    As for Nodsu, I seem to remember crossing swords with him before, perhaps it would be better if he didn't reply to my posts [are you reading this Chancellor Nodsu?]
    I have updated AVG, & now it tells me that it is fully up to date.
    Maurice
  8. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Hi Maurice,
    don't let anybody crawl under your skin. Some of the moderators have an enormous amount of experience, and are more than willing to part with their wisdom. However, they get their own feathers ruffled sometimes (as do I) if someone with less knowledge than themselves, does not immediately understand their answers. Just grin and bear it.....

    As to your virus-problem: go to this website and install McAfee's Stinger. It should be able to rid your PC of the evil lurkers
    http://vil.nai.com/vil/stinger/
    Instructions can be found there as well.

    PS: what is the status of your old laptop/new desktop?
  9. Maurice

    Maurice Banned Topic Starter Posts: 653

    Ah great! another familiar name, missed [some of] you guys whilst the site was off-line, welcome back!

    I would install stinger, only this laptop is not mine, & I don't want to give my so-called repairer any excuse to renage on any possible compensatory deal.

    As to my present situation, my laptop is still away, [11 weeks now] he thinks he has found somebody to put it right, & to be fair, this other person has removed the BIOS chip, re-programmed it, & replaced it, but, [there HAD to be a "but"] he still can't load Windows.
    He is now coming to the end of his rope, as far as I'm concerned, as I haven't heard anything in the last few days, I'm assuming THAT path failed. I have verbal assurance that my techie will pay for this attempt, [how kind, I wouldn't have paid anyway] so at present it seems I'm looking at £600 - £700 compensation, backed up by a Solicitor's letter if needs be.

    New desktop?, it's still well on the cards, I've even built an extended [30% extra] workstation top for the alcove, having carefully made sure that the tower etc will fit, [nothing on the floor] & the printer will no longer spill paper on the floor, + the scanner will stand alone, leaving the drawer for the keyboard!
    So, to sum up, I'm 90% certain of getting the desktop as quoted, with an upgrade to a 15" TFT, I still think that a 17" would make the whole system look & feel top-heavy, what do you think?
    Anyway, thanks for asking.
    Maurice
  10. Godataloss

    Godataloss TS Rookie Posts: 501

    Go for the 17 incher Maurice, I really wouldn't consider a monitor any smaller than that these days and after all, I'm sure you deserve it!
  11. Maurice

    Maurice Banned Topic Starter Posts: 653

    Thanks, Ohio, I think I might just do that, we Brits tend to go for the 15", I don't know any of my friends that have a 17" monitor, OR a TFT, are there more of these than the old conventional ones over there?, here, TFT's start at £250 for the 14", up to £500 for the 17", bet that works out a lot more than in the States? & that's in the so-called cheaper chain stores such as Curry's , Dixon's etc., you could add a further £80 to £100 to these prices in smaller specialist shops, & no, I don't use the internet for purchases, after service seems to be better if you buy items from an actual shop, or perhaps I'm being too careful [it comes with age!]
     
  12. olefarte

    olefarte TechSpot Ambassador Posts: 1,427

    Maurice, as old as our eyes are getting, a bigger monitor is better for sure. I'd even get a 19" TFT, if you can afford it. That's what I've got, and I've never been sorry.
  13. Godataloss

    Godataloss TS Rookie Posts: 501

    Monitor purchases are fine over the net. I think that most problems you are to encounter will either be right out of the box or within the first year's warranty. I have an 18'' Sony that I adore (it is all about size in the US), and its getting harder to find stores that carry the larger crt's (20 inchers and up)- I guess the folks that were willing to spend the big bucks on monitors no longer fork it out on tubes.

    So go for it Maurice- get the 17incher and then you will have bragging rights over your friends.

    As a side note, its interesting to note that monitors are still measured in inches- I really wish the rest of the world would become more insistant on the metric thing.
  14. Maurice

    Maurice Banned Topic Starter Posts: 653

    Olefarte, from an honorary old fart, you're probably right, now where did I put my white stick.............??
  15. Maurice

    Maurice Banned Topic Starter Posts: 653

    Sorry, Godataloss, must have just missed your last post, you're right, it is all about size over there, I didn't like to say that in case I offended somebody, it's a Brit joke about the Americans, wanting everything larger, but we here applaud the fact that it is still imperial there, I wish that we had stayed out, they are arresting traders here for not using metric scales!, what a country, they seem to think it is a good idea for England to join the European Union, then we'd be ruled from Brussels, & have worst things than metric thrust upon us!
  16. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Remember your other post "Computer Glitches"?
    In there I posted:
  17. Maurice

    Maurice Banned Topic Starter Posts: 653

    Yes, thanks, RBS, duly noted!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.