W32/Netsky-AA

Vea la información para eliminar gusanos.

W32/Netsky-AA es un gusano de email que se copia en la carpeta de Windows con el nombre winlogon.scr y crea las siguientes entradas en el registro para activarse en el inicio del sistema:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ SkynetsRevenge = <WINDOWS>\winlogon.scr

W32/Netsky-AA busca direcciones de email en los archivos EML TXT PHP CFG MBX MDX ASP WAB DOC VBS RTF UIN SHTM CGI DHTM ADB TBB DBX PL HTM HTML SHT OFT MSG ODS STM XLS JSP WSH XML MHT MMF NCH PPT

El gusano llega en un mensaje con las siguientes características:

Asunto: Re: Document Re: Approved Re: Text Re: Thank you! Re: Details Re: Photos Re: Private Re: Information Re: Hi Re: Hello Re: Summary Re: Step by Step Re: Music Re: Application Re: Tel. Numbers Re: List Re: Text file Re: Paint file Re: Contacts Re: e-Books Re: Bill Re: Error Re: Missed Re: Letter Re: Product Re: Website Re: Movie Re: Presentation Re: Advice Re: Fax number Re: Cheaper Re: War Re: Demo Re: Final Re: Poster Re: Patch Re: Pricelist Re: Job

Mensaje: For furher details see the attached file. Your file is attached. Please read the attached file. Please have a look at the attached file. Please take the attached file. See the attached file for details. Please view the attached file. Here is the file. Your document is attached.

Archivo adjunto: Your_Job.pif Your_Pricelist.pif Your_Patch.pif Your_Poster.pif Your_Final_Document.pif Your_Demo.pif Osam_Bin_Laden_Articel_42.pif Your_Product_List.pif My_Fax_Numbers.pif My_Advice.pif Your_Presentation.pif Your_Movie.pif Your_Website.pif Your_Product.pif Your_Letter.pif Your_Excel_Document.pif Your_Error.pif Your_Bill.pif Your_E-Books.pif Your_Contacts.pif Your_Paint_File.pif Your_Text_File.pif Your_List.pif My_Telephone_Numbers.pif Your_Software.pif Your_Music.pif Your_Description.pif Your_Summary.pif Your_Digicam_Pictures.pif Your_Information.pif Your_Private_Document.pif Your_Pics.pif Your_Details.pif Your_Document_Part3.pif Your_Text.pif Your_Document.pif