NetSky.Q_3 is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. NetSky.Q_3 is compressed using the Embedded_I#07e00 executable packer and its file size is 121,344 bytes. NetSky.Q_3 drops the following files on the hard drive: - C:\WINDOWS\userconfig9x.dll (26624 bytes)
- C:\WINDOWS\FVProtect.exe (121344 bytes)
It also changes Windows registry: - Creates value "Norton Antivirus AV"="C:\WINDOWS\FVProtect.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
It creates the following mutex to ensure only one instance is running: DroppedSkyNet. _-oO]xX|-S-k-y-N-e-t-|Xx[Oo-_. It also is executed every time Windows starts.
|
