My sister called me today saying her computer has been affected with something. Whenever she tries to go to a web site it redirects her everywhere else but. When she shuts down and reboots, a warning pops up saying something like your computer has been infected with worm.win32.netsky and that it has its own smtph engine. Other than taking it to a computer repair place, is there anything she can do to find this worm and get rid of it or does she need to get the whole hard drive wiped??

_________________

DL and run this:

http://www.symantec.com/security_respon ... 16-1759-99

Netsky is pretty old, that should be enough. If it backdoored more stuff along with it, your safest best is a format/reinstall.

What Squanto said.
If it's already opened itself up to other things you may not have a better option than a reformat but there are well known ways to dump netsky.

_________________
Hold my beer and watch this...

come to find out it's a bogus alert. Somehow a bullshit program called internet security 2010 has taken over her computer. Any info on this???? A google search shows that it will pop up all these bogus warnings until you buy their software. Anyway to get rid of it????

_________________

Well, you could always go to the Program Files folder to delete it, or go to Add/Remove Programs in the Control Panel and remove it there.

_________________
mechaphil

It's inbedded into the registry and the program will not let me run regiedit to try and manually remove the registry files.

A friend was able to log into her computer through webex and download a program to clean it

_________________

OK, that's good.

_________________
mechaphil

Be very careful.

Every time I've encountered one of the 'Internet Security 20XX' variants it's lead to a format. That thing is a bear, even with the removal utilities.

Yep, I've run across that once while being nice and fixing a computer for my wife's friend.
It ended in a format as well.

Get it off of your home network ASAP.

_________________
Hold my beer and watch this...

I've actually never had a problem removing them.... go to an uninfected computer, and download Malwarebytes to a flash drive. Rename the install program to something you will know. When you install it, do it in safe mode, and rename the install folder. Run the full scan.

Download avast antivirus, again, renaming install program. Save it to a flash drive. Boot the infected computer into safe mode (with networking), and then run avast's setup and scan.

Or slave the HD of the infected PC to a clean PC running up to date antivirus. scan the slaved drive and then reinstall.

The only time I've had a virus removal/recovery end up in reformat was 1) at the customer's request, or 2) when the PC wouldn't boot to begin with, due to MBR corruption.

_________________

Depends on how long it's been running. The longer it runs, the more shit it backdoors in. Every tiem I've encountered it, it's been on a machine that's a cesspool of internet herpes.

I'm a little more pragmatic with this stuff. If it's going to take me 5 hours to clean up the mess, or 2 to format/reinstall/restore data, I'm not going to clean it.

Oh, I'm the same way...my default is usually to take an image of the HD, then wipe it, and scan data directories before transferring back pertinent user data (you know, pictures, music, pr0n, etc)

_________________