Detection Published: March 21, 2004
Description Modified: March 25, 2004
Also known as: ZIP.Netsky.P, Win32/Netsky.P.Worm, W32/Netsky.P@mm (F-Secure), W32/Netsky.p@MM (McAfee), I-Worm.Netsky.q (Kaspersky)
Netsky.P is a worm that spreads through e-mail and file sharing. It is distributed as a 29,568 byte Win32 executable, compressed with FSG, which drops a 26,624 byte DLL file. It also distributes itself inside ZIP archives.
Netsky.P arrives in the form of a 29,568 byte "dropper", which creates and loads a DLL file containing the bulk of the worm code.
When run, the dropper creates a mutex called "'D'r'o'p'p'e'd'S'k'y'N'e't'", to avoid running multiple copies of itself.
It copies itself to
It also decrypts the DLL stored inside its own file, and writes the result to:
It then calls the first (and only) function in the DLL. The DLL then takes over.
The worm creates a registry value in order to run the dropper each time Windows starts:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Norton Antivirus AV = "%Windows%\FVProtect.exe"
Help, my PC with Windows 10 won't shut down properly
Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?