Hi, I don't really know how i got this virus but i think it started when i turned off ad block plus so i can download a movie from zshare. Then all of a sudden this Windows Security Alert pops up and asks me to "enable protection" for Win32.Netsky.Q. I usually just closed the box instead of clicking enable protection. Also, i scanned my entire computer with AVG 8.0 but the security alert still pops up and firefox closes unexpectedly from time to time. My AIM also closes too, without warning. I don't know what else would close. But this is really annoying. Can someone please help? Thank you.
Possible virus that is shutting down firefox
- Thread starter anonymeX
- Start date
- Status
Bobbye
Posts: 16,313 +36
Win32.Netsky.Q. is usually but not always email related. But it is possible that you do have malware that is causing the problem and it may be identifying Netsky to gt you to click on something that will give you malware.
It would be best if you followed the steps for running the cleaning programs here:
https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
You can skip Step 1, but do Steps 2,3,4,5 and 7. If Java needs to be updated, I'll catch it in the logs. When finished, attach all three logs for review.
It would be best if you followed the steps for running the cleaning programs here:
https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
You can skip Step 1, but do Steps 2,3,4,5 and 7. If Java needs to be updated, I'll catch it in the logs. When finished, attach all three logs for review.
My computer knowledge is about a 5 on a scale of 10, however i've been hounded by a problem with something called Win32.Netsky.Q all day. I've searched forums like this one and downloaded 2 removers or cleaners - one was from Symantec and i can't recall the other one ( i downloaded them onto another comp and saved them to a disk - then ran them on the infected comp). Both scans said that the comp was not infected.
I was about to run the steps above when the fake "warning" window popped up again. Out of curiosity, i opened my task manager (ctrl+alt+del) and ended the application. A moment later i got an error message that said a file named FHEXJ6825097.exe-1D1AB669.pf was not running properly and asked if i wanted to shut it down. I did a search for the file and it was found in C:\WINDOWS\Prefetch
I edited the file name by deleting the "exe" part of the name. Then i opened my browser and everything worked fine. I can surf again and it's been about 25 minutes and no pop-ups regarding the Netsky thing.
I don't know if i've affected anything important, but if not, i hope this can help someone.
I was about to run the steps above when the fake "warning" window popped up again. Out of curiosity, i opened my task manager (ctrl+alt+del) and ended the application. A moment later i got an error message that said a file named FHEXJ6825097.exe-1D1AB669.pf was not running properly and asked if i wanted to shut it down. I did a search for the file and it was found in C:\WINDOWS\Prefetch
I edited the file name by deleting the "exe" part of the name. Then i opened my browser and everything worked fine. I can surf again and it's been about 25 minutes and no pop-ups regarding the Netsky thing.
I don't know if i've affected anything important, but if not, i hope this can help someone.
Deleting the exe part of the Prefetch folder, file name: FHEXJ6825097.exe-1D1AB669.pf
Will do nothing!
Locating FHEXJ6825097.exe and then removing that file, will
Please note, that these files can have any filename, they are always different names. Following the guide is the best initial option.
Bobbye
Posts: 16,313 +36
Once you do what kimsland has instructed, consider this:
You have (Trojan.TDSS) in the system Restore points. These are protected files and the cleaning programs don't remove them. We will have to drop the old restore points when clean. In the meantime, do NOT use system Restore.
SAS is showing WinFixer, Vundo, Rootkit.TDSServ and Tracking Cookies. All those entries need to be removed. We can reset the Cookie later.
Bottom line: you have WAY too many programs and processes starting up! You're also running the File Sharing BitComet- this is like a magnet for malware!
I am also noticing that the Toshiba systems have an enormous number of processes set to start on boot. I have to wonder if users realize this, check them out and stop what they don't use or need to start on boot. One example is:
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
Product: RAMASST.exe or RAMAsst Application or CD Burning of Windows XP disabling tool for DVD MULTI Drive or RAMASST.exe ...
Do you use this? Do you really need it starting on boot and running in the background ALL the time?
We'll see what the new logs show. Be sure to run all three programs in the correct order and attach the new logs.
OK, kimsland?
You have (Trojan.TDSS) in the system Restore points. These are protected files and the cleaning programs don't remove them. We will have to drop the old restore points when clean. In the meantime, do NOT use system Restore.
SAS is showing WinFixer, Vundo, Rootkit.TDSServ and Tracking Cookies. All those entries need to be removed. We can reset the Cookie later.
Bottom line: you have WAY too many programs and processes starting up! You're also running the File Sharing BitComet- this is like a magnet for malware!
I am also noticing that the Toshiba systems have an enormous number of processes set to start on boot. I have to wonder if users realize this, check them out and stop what they don't use or need to start on boot. One example is:
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
Product: RAMASST.exe or RAMAsst Application or CD Burning of Windows XP disabling tool for DVD MULTI Drive or RAMASST.exe ...
Do you use this? Do you really need it starting on boot and running in the background ALL the time?
We'll see what the new logs show. Be sure to run all three programs in the correct order and attach the new logs.
OK, kimsland?
And another excellent post by Bobbye :grinthumb (sounds patronizing, but definitely not intended to be)
Reading that original log would have been extremely grueling to say the least.
Yes it would be nice to see a cleaner log
(hopefully Bobbye may view, no doubt, if posted)
Reading that original log would have been extremely grueling to say the least.
Yes it would be nice to see a cleaner log
(hopefully Bobbye may view, no doubt, if posted)- Status
Similar threads
- Locked
