NetSky.X_3 is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. NetSky.X_3 is compressed using the executable packer and its file size is 24,064 bytes. NetSky.X_3 drops the following files on the hard drive: - C:\WINDOWS\VisualGuard.exe (24064 bytes)
- C:\WINDOWS\base64.tmp (32980 bytes)
- C:\WINDOWS\zipped.tmp (24308 bytes)
- C:\WINDOWS\zip1.tmp (33144 bytes)
- C:\WINDOWS\zip2.tmp (33158 bytes)
- C:\WINDOWS\zip3.tmp (33132 bytes)
It also changes Windows registry: - Creates value "NetDy"="C:\WINDOWS\VisualGuard.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
It creates the following mutex to ensure only one instance is running: NetDy_Mutex_Psycho. It also is executed every time Windows starts.
|
