Aliases
Win32/Netsky.P, WORM_NETSKY.GEN

Type
Win32 worm

Description
W32/Netsky-O is a worm that spreads via email.
In order to run automatically when Windors boots up the worm copies itself to the file AVBgle.exe in the Windows folder and sets the following registry entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MsInfo
= C:\Windows\AVBgle.exe.

The worm attempts to disable various anti-virus and security-related applications by deleting registry entries used by them.

In particular it attempts to delete entries below
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
for Taskmon, Explorer, KasperskyAv, system., msgsvr32, DELETE ME,
service, Sentry, Windows Service Host

and below HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
for Taskmon, Explorer, KasperskyAv, d3dupdate.exe, au.exe, OLE,
Windows Service Host, gouday.exe, rate.exe, sysmon.exe, srate.exe
and ssate.exe.


More: http://www.sophos.com/virusinfo/analyses/w32netskyo.html