Guest Author - Rayna H. Battle
My first experience with the Win32 Netsky.Q worm was fairly straightforward. A client came to me complaining that her computer had begun acting sluggishly a few weeks prior to her visit. Suddenly, a few days before she contacted me, she started receiving unusual error messages. Finally, her computer would simply shutdown on its own, before she could do anything about the error messages. As she described her computer's symptoms to me, I started to suspect that the culprit was one of the most annoying types of malware - a worm.
I hate worms. I really find them more annoying than viruses because of their nature. Worms do not need your input to spread to other computers. While a virus will require you to take some sort of action - sending an attachment, file-sharing, forwarding emails - a worm needs none of that. It can simply seek out a means of travel on your PC without waiting for you to do anything. A worm is also self-replicating. That means it can multiply, copying itself hundreds or even thousands of times over. This is often what causes the most destruction to your system - the sheer amount of space it exploits.
The Win32 Netsky.Q worm has interesting origins. Encrypted in the worm's code was a message from the Russian hacker group, SkyNet. In the message, they claimed that they had not created and sent the worm maliciously, but hoped to better educate computer users. This group has also been accused of creating and distributing many other destructive worms and viruses, including the infamously vicious Sasser worm. The Netsky.Q is not a typical worm because it is smart enough to create a registry in your OS (operating system), and remove legitimate registry entries anytime your OS boots up. This means that once the worm has infected your PC, it stakes a claim there, pretending to be a legitimate part of your OS. Then it gradually kicks out the programs that really do belong there. Eventually you are left with an OS that cannot do anything, rendering your computer useless. It will also look through all of your documents for email addresses to send itself through - spreading even further.
Today, this worm may even hide behind a fake anti-virus or security program. You may receive a popup message warning you that "your computer has been infected with the Win32 Netsky.Q worm" or "threats have been detected." Because the worm is activated every time you log on to your computer, the "warnings" become more and more frequent. In reality, this is no helpful warning from any legitimate program. Instead it is a phony way of getting you to download a program that actually makes things worse! Do not be fooled into downloading any software that claims that it will remove the Netsky.Q worm for you. Instead, use the anti-virus program that you know and trust.
Although contracting this worm is now relatively rare, it is still possible. To avoid it: check your emails carefully. Originally, this was how the worm wormed its way past computer defenses. Today, it still often masks itself as an "undeliverable" email. If you suspect you have the worm on your PC, only use your own anti-virus program to remove it. Do not click any links or follow any "helpful" advice offered by random programs. Remember that will only make the problem worse. Finally, run a scan more than once. To remove this bothersome worm, you may need to scan repeatedly until it's completely removed.
Unfortunately for my client, she waited a little too long to reach out for help. By the time her PC reached my desk, the worm had taken over. Even a simple system restore would not have helped, since the worm had insinuated itself into those files too! I had to completely reinstall her OS. Fortunately, she was savvy enough to have backed up all of her data, so she lost very little. Remember, the sensible computer user follows my motto: back up your data! Then whether it's the Netsky.Q or any other worm, you won't be left in the lurch.