[extropy-chat] Mail Delivery (failureextropy-chat at lists.extropy.org)
bill at wkidston.freeserve.co.uk
Thu Apr 8 15:22:14 UTC 2004
On Thu Apr 8 08:41:06 MDT 2004 Kevin Freels wrote:
> Is there anything I can be missing? Any suggestions? Nothing is
> showing up here, but your message has me all freaked out. I am on
> SBC Yahoo and my IP at this moment is 66.72.x.x but that 67.38.x.x
> looks familiar.
If a FULL Panda anti-virus scan says you are clean, then you probably
are, at present.
Netsky.P is difficult to recognize, as it does not show any messages or
warnings that indicate it has reached the computer.
To be completely sure you can look for the following files:
Netsky.P creates the following files in the Windows directory:
FVPROTECT.EXE. This file is a copy of the worm.
USERCONFIG9X.DLL. This file is a DLL (Dynamic Link Library),
which provides the functionalities of the worm.
ZIP1.TMP, ZIP2.TMP and ZIP3.TMP. These files in MIME format
contain a copy of the worm compressed in ZIP format.
ZIPPED.TMP. This file compressed in ZIP format contains a copy of
BASE64.TMP. This file in MIME format contains a copy of the worm.
Netsky.P creates the following entry in the Windows Registry:
* HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Run
Norton Antivirus AV = %windir%\ FVProtect.exe
where %windir% is the Windows directory.
By creating this entry, Netsky.P ensures that it is run whenever
Windows is started.
Do you have your antivirus scan setting to automatically delete any
virus found and carry scanning? If so, it is theoretically possible
that you were infected one day, sent out the virus worldwide, then Panda
deleted the virus that night automatically and you would never know
anything about it.
Best wishes, BillK
More information about the extropy-chat