What is the Netsky.D worm?

Netsky.D is a mass-mailing worm that is a variant of Netsky.C. The worm scans drives C through Z for email addresses and sends itself to those that are found.

The Subject, Body, and Attachment names vary. The attachment will have a .pif file extension.

Also known as: WORM_NETSKY.D, W32/Netsky.d@MM, W32/Netsky.D.worm, W32/Netsky-D, Win32.Netsky.D, I-Worm.Netsky.d

How Does the Netsky.D Worm Infect My Computer?

When Netsky.D is executed, it performs the following actions:

1. Creates a mutex named "[SkyNet.cz]SystemsMutex." This mutex allows only one instance of the worm to execute.
   
2. Copies itself as %Windir%\winlogon.exe.
   
3. Also does the same actions to registry as Netsky.C Worm described in "How Does the Netsky.C Worm Infect My Computer?" from 3-10. Click here to see details.
   
4. If it is between 6:00am and 9:00am on a Tuesday, March 2, 2004, the PC speaker will beep in a continuous loop. Each beep will be for a random period of time, at a random frequency.
   
5. The email has the following characteristics:
   
             From: <spoofed>
   
             Subject: (One of the following)
   • Re: Your website
   • Re: Your product
   • Re: Your letter
   • ......
     
     Body: (One of the following)
   • Your file is attached.
   • Please read the attached file.
   • Please have a look at the attached file.
   • See the attached file for details.
   • Here is the file.
   • Your document is attached.
     
     Attachment: (One of the following)
   • your_website.pif
   • your_product.pif
   • your_letter.pif
   • ......
     
6. The worm avoids sending email to addresses containing the following strings:
   
   • skynet
   • messagelabs
   • abuse
   • fbi
   • orton
   • f-pro
   • aspersky
   • cafee
   • orman
   • itdefender
   • f-secur
   • avp
   • spam
   • ymantec
   • antivi
   • icrosoft

How to Remove the Netsky.D Worm?

Kaspersky Internet Security Can Prevent You From Virus and Intrusion. If Kaspersky detects Netsky.D during the scan, it will AUTOMATICALLY offer you the option of deleting it. Do this by following the program's instructions.

Means of removing Netsky.D worm is similar to that of Netsky.C, click here to see details.

How to Disinfect My Computer from Worms?

In order to keep your computer protected, bear the following tips in mind:

1. If you have filtering tools installed, configure them to reject messages with the characteristics described above. If, in spite of doing this, you receive the message that contains the virus: do not open it, do not run the attached file and delete it, making sure that you also delete it from the Deleted Items folder.
2. Install a good antivirus in your computer. Select Kaspersky Internet Security to get the Kaspersky antivirus solution that best suits your needs.
3. Keep your antivirus updated. If automatic updates are available, configure your antivirus to use them.
4. Keep your permanent antivirus protection enabled at all times.

Do you think this website is useful? Help us to keep the site growing.

Detect and Removal Instruction for Other Variants: