Sonicwall Signatures


Go to All Categories list.

Netsky.Q is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Netsky.Q has a file size of 28,008 bytes. Netsky.Q drops the following files on the hard drive:
  • C:\WINDOWS\firewalllogger.txt (23040 bytes)
  • C:\windows\sysmonxp.exe (28008 bytes)
It also changes Windows registry:
  • Creates value "SysMonXP"="C:\WINDOWS\SysMonXP.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
It creates the following mutex to ensure only one instance is running: _-oOaxX|- S - k - y - N - e - t -|XxKOo-_. It also is executed every time Windows starts.

Relevant Information