Netsky.C (also known as Moodown.C) worm was found on 25th of February 2004. This variant has been improved comparing to previous variants of the worm. Netsky.C spreads itself in emails inside a ZIP archive or as an executable attachment. It also copies itself to shared folders of all available drives. This allows the worm to spread in P2P (peer-to-peer) and local networks.
Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.
A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:
Check for the latest database updates
First check if your F-Secure security program is using the latest updates, then try scanning the file again.
Submit a sample
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.
Exclude a file from further scanning
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
Note: You need administrative rights to change the settings.
Descriptions of previous NetSky variants can be found here:
The differences between Netsky.C variant and the previous variants of the worm are as follows:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ICQ Net" = "%windir%\winlogon.exe -stealth"where %windir% represents Windows directory.
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] msgsvr32 DELETE ME service Sentry Windows Services Host [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] d3dupdate.exe au.exe OLE Windows Services Host [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\PINF] [HKLM\System\CurrentControlSet\Services\WksPatch]
.eml .txt .php .pl .htm .html .vbs .rtf .uin .asp .wab .doc .adb .tbb .dbx .sht .oft .msg .shtm .cgi .dhtm
icrosoft antivi ymantec spam avp f-secur itdefender orman cafee aspersky f-pro orton fbi abuse
Microsoft WinXP Crack.exe Teen Porn 16.jpg.pif Adobe Premiere 9.exe Adobe Photoshop 9 full.exe Best Matrix Screensaver.scr Porno Screensaver.scr Dark Angels.pif XXX hardcore pic.jpg.exe Microsoft Office 2003 Crack.exe Serials.txt.exe Screensaver.scr Full album.mp3.pif Ahead Nero 7.exe Virii Sourcecode.scr E-Book Archive.rtf.exe Doom 3 Beta.exe How to hack.doc.exe Learn Programming.doc.exe WinXP eBook.doc.exe Win Longhorn Beta.exe Dictionary English - France.doc.exe RFC Basics Full Edition.doc.exe 1000 Sex and more.rtf.exe 3D Studio Max 3dsmax.exe Keygen 4 all appz.exe Windows Sourcecode.doc.exe Norton Antivirus 2004.exe Gimp 1.5 Full with Key.exe Partitionsmagic 9.0.exe Star Office 8.exe Magix Video Deluxe 4.exe Clone DVD 5.exe MS Service Pack 5.exe ACDSee 9.exe Visual Studio Net Crack.exe Cracks & Warez Archive.exe WinAmp 12 full.exe DivX 7.0 final.exe Opera.exe IE58.1 full setup.exe Smashing the stack.rtf.exe Ulead Keygen.exe Lightwave SE Update.exe The Sims 3 crack.exe
Delivery Failed Status report question trust me hey Re: excuse me read it immediatelly hi Re: does it? Yep important hello ear Re: unknown fake? warning moin what's up? info Re: information Here is it stolen private? good morning illegal... error take it re: Re: Re: Re: Re: you? something for you exception Re: hey excuse me Re: hi Re: does it? Re: important Re: hello believe me Question denied! notification Re: <5664ddff?$??§2> lol last chance! I'm back! its me notice! oh
what means that? help attached <...> ok... that is interesting... i wait for your comment about it. such as yours? read the details. gonna? here is the document. *lol* read it immediately! i found that about you! your hero in the picture? yours? here is it. illegal st. of you? is that true? account? is that your name? picture? message? is that your account? pwd? I wait for an answer! abuse? is that yours? you are a bad writer I don't know your document! I have your password! you won the rk! something about you! classroom test of you? kill the writer of this document! old photos about you? i hope thats not true! your name is wrong! does it match? i found this document about you. time to fear? really? do you know this???? i know your document! did you sent it to me? this file is bad! why should I? pages? her. another pic, have fun! ... :-> test it child porn? greetings xxx ? stuff about you? your document is not good something is going wrong! your photo is poor information about you? the information is wrong! doc about me? kill him on the picture! from the chatter (my photo!) from your lover ;-) love letter? here, the serials are you a teacherin the picture? here, the introduction is that criminal? here, the cheats i like your doc! what do you think about it? that's a funny text. that's not the truth? do you have? instruct me about this! i lost that i am speachless about your document! is that the reality? reply msg your design is not good! important? your TAN number? take it easy! why? you are naked in this document! thats wrong! your icq number? i am desperate modifications? your personal record? yes. misc. and so on. see you! your attachment? verify it. you earn money, see the attachment! is that your attachment? is that your website? you feel the same. meaning of that? possible? you have tried to steal! did you ask me for that? you are bad your job? (I found that!) is that possible? something is going ... something is not ok did you know from this document? wrong calculation! (see the attachment!) never! poor quality! good work! excellent! great! i don't think so. pretty pic about you? docs? schoolfriend? <09580985869gj> } i want more... here is the next one! attachi# did you see her already? is that your wife? is that your creditcard? is that your photo? do you think so? do you have the bug also? already? forgotten? drugs? ... does it matter? i have received this. best? the truth? your body? your eyes? your face? File is self-decryting. File is damaged. File is bad. i saw you last week! xxx service your account is expired! you cannot hide yourself! (see photo) copyright? what still? who? how? only encrypted! personal message! my advice.... i've found it about you << >> great xxx! man or women? child or adult? here is yours! a crazy doc about you xxx about you? i don't want your xxx pics! doc? trial? what? ;-) i need you! correct it! see this! it's a secret! this is nothing for kids! it's so similar as yours! is that your car? do not give up! great job! here is the $%%454$ you are sexy in this doc! incest? let it! you look like an ape! you look like an rat? be mad? are you cranky? bob the builder did you know that? money? is that your car? is this information about you? is that your privacy? is that your TAN? is that your message? is that your cd? is that your finger? your are naked? is that your porn pic? is that your work? is that your family? is that your beast? is that your account? is that your slip? is that your domain? are you the naked one? are you the naked person! are you the one? does it belong to you? do you have sex in the picture? you have a sexy body in the pic! your lie is going around the world! lets talk about it! do you know the thief? are you a photographer? you have done a mistake in the document! its private from me do not show this anyone! new patch is available! this is an attachment message! in your mind? Microsoft fast food... Your bill. try this patch! do you have an orgasm in the picture? Transaction failed. Show the doc! I 've found your bill! see your name! You are infected. Read the details! here is my advice. here is my photo! here is the feel free to use it. does it belong to you? Login required! Read the attachment! your document is silly! is the pic a fake? Antispam is turned off. See file! Authentification required. Read the attachment solve the problem! do not use my document! do not open the attachment! do not visit the pages on the list I sent! explain! tell me more about your document! Your provider will be disabled! Instant patches.
what means that? help attached <...> ok... that is interesting... i wait for your comment about it. such as yours? read the details. gonna? here is the document. *lol* read it immediately! i found that about you! your hero in the picture? yours? here is it. illegal st. of you? is that true? account? is that your name? picture? message? is that your account? pwd? I wait for an answer! abuse? is that yours? you are a bad writer I don't know your document! I have your password! you won the rk! something about you! classroom test of you? kill the writer of this document! old photos about you? i hope thats not true! your name is wrong! does it match? i found this document about you. time to fear? really? do you know this???? i know your document! did you sent it to me? this file is bad! why should I? pages? her. another pic, have fun! ... :-> test it child porn? greetings xxx ? stuff about you? your document is not good something is going wrong! your photo is poor information about you? the information is wrong! doc about me? kill him on the picture! from the chatter (my photo!) from your lover ;-) love letter? here, the serials are you a teacherin the picture? here, the introduction is that criminal? here, the cheats i like your doc! what do you think about it? that's a funny text. that's not the truth? do you have? instruct me about this! i lost that i am speachless about your document! is that the reality? reply msg your design is not good! important? your TAN number? take it easy! why? you are naked in this document! thats wrong! your icq number? i am desperate modifications? your personal record? yes. misc. and so on. see you! your attachment? verify it. you earn money, see the attachment! is that your attachment? is that your website? you feel the same. meaning of that? possible? you have tried to steal! did you ask me for that? you are bad your job? (I found that!) is that possible? something is going ... something is not ok did you know from this document? wrong calculation! (see the attachment!) never! poor quality! good work! excellent! great! i don't think so. pretty pic about you? docs? schoolfriend? <09580985869gj> only encrypted! personal message! my advice.... i've found it about you <<>>great xxx! man or women? child or adult? here is yours! a crazy doc about you xxx about you? i don't want your xxx pics!doc? trial? what? ;-) i need you! correct it! see this! it's a secret! this is nothing for kids! it's so similar as yours! is that your car? do not give up! great job! here is the $%%454$ you are sexy in this doc! incest? let it! you look like an ape! you look like an rat? be mad? are you cranky? bob the builder did you know that? money? is that your car? is this information about you? is that your privacy? is that your TAN? is that your message? is that your cd? is that your finger? your are naked? is that your porn pic? is that your work? is that your family? is that your beast? is that your account? is that your slip? is that your domain? are you the naked one? are you the naked person! are you the one? does it belong to you? do you have sex in the picture? you have a sexy body in the pic! your lie is going around the world!lets talk about it! do you know the thief? are you a photographer? you have done a mistake in the document! its private from me do not show this anyone! new patch is available! this is an attachment message! in your mind? Microsoft fast food... Your bill. try this patch! do you have an orgasm in the picture?Transaction failed. Show the doc! I 've found your bill! see your name! You are infected. Read the details! here is my advice. here is my photo! here is the feel free to use it. does it belong to you? Login required! Read the attachment! your document is silly! is the pic a fake? Antispam is turned off. See file! Authentification required. Read the attachment solve the problem! do not use my document! do not open the attachment! do not visit the pages on the list I sent! explain! tell me more about your document! Your provider will be disabled! Instant patches.
The worm can compose the attachment name from several parts listed above.
Like in the previous variants, the worm can use one or two extensions for its attachments. For the first extension the worm uses the following:
what means that? help attached <...> ok... that is interesting... i wait for your comment about it. such as yours? read the details. gonna? here is the document. *lol* read it immediately! i found that about you! your hero in the picture? yours? here is it. illegal st. of you? is that true? account? is that your name? picture? message? is that your account? pwd? I wait for an answer! abuse? is that yours? you are a bad writer I don't know your document! I have your password! you won the rk! something about you! classroom test of you? kill the writer of this document! old photos about you? i hope thats not true! your name is wrong! does it match? i found this document about you. time to fear? really? do you know this???? i know your document! did you sent it to me? this file is bad! why should I? pages? her. another pic, have fun! ... :-> test it child porn? greetings xxx ? stuff about you? your document is not good something is going wrong! your photo is poor information about you? the information is wrong! doc about me? kill him on the picture! from the chatter (my photo!) from your lover ;-) love letter? here, the serials are you a teacherin the picture? here, the introduction is that criminal? here, the cheats i like your doc! what do you think about it? that's a funny text. that's not the truth? do you have? instruct me about this! i lost that i am speachless about your document! is that the reality? reply msg your design is not good! important? your TAN number? take it easy! why? you are naked in this document! thats wrong! your icq number? i am desperate modifications? your personal record? yes. misc. and so on. see you! your attachment? verify it. you earn money, see the attachment! is that your attachment? is that your website? you feel the same. meaning of that? possible? you have tried to steal! did you ask me for that? you are bad your job? (I found that!) is that possible? something is going ... something is not ok did you know from this document? wrong calculation! (see the attachment!) never! poor quality! good work! excellent! great! i don't think so. pretty pic about you? docs? schoolfriend? <09580985869gj> only encrypted! personal message! my advice.... i've found it about you <<>>great xxx! man or women? child or adult? here is yours! a crazy doc about you xxx about you? i don't want your xxx pics!doc? trial? what? ;-) i need you! correct it! see this! it's a secret! this is nothing for kids! it's so similar as yours! is that your car? do not give up! great job! here is the $%%454$ you are sexy in this doc! incest? let it! you look like an ape! you look like an rat? be mad? are you cranky? bob the builder did you know that? money? is that your car? is this information about you? is that your privacy? is that your TAN? is that your message? is that your cd? is that your finger? your are naked? is that your porn pic? is that your work? is that your family? is that your beast? is that your account? is that your slip? is that your domain? are you the naked one? are you the naked person! are you the one? does it belong to you? do you have sex in the picture? you have a sexy body in the pic! your lie is going around the world!lets talk about it! do you know the thief? are you a photographer? you have done a mistake in the document! its private from me do not show this anyone! new patch is available! this is an attachment message! in your mind? Microsoft fast food... Your bill. try this patch! do you have an orgasm in the picture?Transaction failed. Show the doc! I 've found your bill! see your name! You are infected. Read the details! here is my advice. here is my photo! here is the feel free to use it. does it belong to you? Login required! Read the attachment! your document is silly! is the pic a fake? Antispam is turned off. See file! Authentification required. Read the attachment solve the problem! do not use my document! do not open the attachment! do not visit the pages on the list I sent! explain! tell me more about your document! Your provider will be disabled! Instant patches.
For the second extension the worm uses the following:
what means that? help attached <...> ok... that is interesting... i wait for your comment about it. such as yours? read the details. gonna? here is the document. *lol* read it immediately! i found that about you! your hero in the picture? yours? here is it. illegal st. of you? is that true? account? is that your name? picture? message? is that your account? pwd? I wait for an answer! abuse? is that yours? you are a bad writer I don't know your document! I have your password! you won the rk! something about you! classroom test of you? kill the writer of this document! old photos about you? i hope thats not true! your name is wrong! does it match? i found this document about you. time to fear? really? do you know this???? i know your document! did you sent it to me? this file is bad! why should I? pages? her. another pic, have fun! ... :-> test it child porn? greetings xxx ? stuff about you? your document is not good something is going wrong! your photo is poor information about you? the information is wrong! doc about me? kill him on the picture! from the chatter (my photo!) from your lover ;-) love letter? here, the serials are you a teacherin the picture? here, the introduction is that criminal? here, the cheats i like your doc! what do you think about it? that's a funny text. that's not the truth? do you have? instruct me about this! i lost that i am speachless about your document! is that the reality? reply msg your design is not good! important? your TAN number? take it easy! why? you are naked in this document! thats wrong! your icq number? i am desperate modifications? your personal record? yes. misc. and so on. see you! your attachment? verify it. you earn money, see the attachment! is that your attachment? is that your website? you feel the same. meaning of that? possible? you have tried to steal! did you ask me for that? you are bad your job? (I found that!) is that possible? something is going ... something is not ok did you know from this document? wrong calculation! (see the attachment!) never! poor quality! good work! excellent! great! i don't think so. pretty pic about you? docs? schoolfriend? <09580985869gj> only encrypted! personal message! my advice.... i've found it about you <<>>great xxx! man or women? child or adult? here is yours! a crazy doc about you xxx about you? i don't want your xxx pics!doc? trial? what? ;-) i need you! correct it! see this! it's a secret! this is nothing for kids! it's so similar as yours! is that your car? do not give up! great job! here is the $%%454$ you are sexy in this doc! incest? let it! you look like an ape! you look like an rat? be mad? are you cranky? bob the builder did you know that? money? is that your car? is this information about you? is that your privacy? is that your TAN? is that your message? is that your cd? is that your finger? your are naked? is that your porn pic? is that your work? is that your family? is that your beast? is that your account? is that your slip? is that your domain? are you the naked one? are you the naked person! are you the one? does it belong to you? do you have sex in the picture? you have a sexy body in the pic! your lie is going around the world!lets talk about it! do you know the thief? are you a photographer? you have done a mistake in the document! its private from me do not show this anyone! new patch is available! this is an attachment message! in your mind? Microsoft fast food... Your bill. try this patch! do you have an orgasm in the picture?Transaction failed. Show the doc! I 've found your bill! see your name! You are infected. Read the details! here is my advice. here is my photo! here is the feel free to use it. does it belong to you? Login required! Read the attachment! your document is silly! is the pic a fake? Antispam is turned off. See file! Authentification required. Read the attachment solve the problem! do not use my document! do not open the attachment! do not visit the pages on the list I sent! explain! tell me more about your document! Your provider will be disabled! Instant patches.
The worm spreads itself in emails as a ZIP attachment or as an attachment with one of the above shown names.
The worm's file is attached to the infected email inside a ZIP archive or as an normal binary file. A recipient has to unpack the worm's attachment from a ZIP archive and to run it or to run an executable attachment to get infected.