What is the Netsky.K worm?

Netsky.K is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning hard drives and mapped drives.

Also known as: WORM_Netsky.K, W32/Netsky.K@MM, W32/Netsky.K.worm, Win32.Netsky.K

How Does the Netsky.K Worm Infect My Computer?

When Netsky.K runs, it does the following:

1. Creates a mutex named "LK[SkyNet.cz]SystemsMutex." This mutex allows only one instance of the worm to execute.
   
   
2. Copies itself %Windir%\winlogon.exe.
   
   
3. Adds the value:
   
   "ICQ Net"="%Windir%\winlogon.exe -stealth"
   
   to the registry key:
   
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   
   so that the worm runs when you start Windows.
   
   
4. Deletes the values:
   
   "Taskmon"
   "Explorer"
   "KasperskyAv"
   "system."
   "msgsvr32"
   "DELETE ME"
   "service"
   "Sentry"
   "Windows Services Host"
   
   from the registry key:
   
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   
   
5. Deletes the value:
   
   system.
   
   from the registry key:
   
   HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\
   RunServices
   
   
6. Deletes the values:
   
   "Taskmon"
   "Explorer"
   "KasperskyAv"
   "d3dupdate.exe"
   "au.exe"
   "OLE"
   "Windows Services Host"
   
   from the registry key:
   
   HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   
   
7. Also does the same actions to registry as Netsky.C Worm described in "How Does the Netsky.C Worm Infect My Computer?" from 7-10. Click here to see details.
   
   
8. If the system time is between 6:00 A.M. and 9:00 A.M. on Tuesday, March 2, 2004, the PC speaker will beep in a continuous loop. Each beep will be for a random period of time, at a random frequency.

How to Remove the Netsky.K Worm?

Kaspersky Internet Security Can Prevent You From Virus and Intrusion. If Kaspersky detects Netsky.K during the scan, it will AUTOMATICALLY offer you the option of deleting it. Do this by following the program's instructions.

Means of removing Netsky.K worm is similar to that of Netsky.C, click here to see details.

How to Disinfect My Computer from Worms?

In order to keep your computer protected, bear the following tips in mind:

1. If you have filtering tools installed, configure them to reject messages with the characteristics described above. If, in spite of doing this, you receive the message that contains the virus: do not open it, do not run the attached file and delete it, making sure that you also delete it from the Deleted Items folder.
2. Install a good antivirus in your computer. Select Kaspersky Internet Security to get the Kaspersky antivirus solution that best suits your needs.
3. Keep your antivirus updated. If automatic updates are available, configure your antivirus to use them.
4. Keep your permanent antivirus protection enabled at all times.

Detect and Removal Instruction for Other Variants: