Our home PC has 5 accounts, 4 of which seem to be able to access the internet ok. In the other one, soon after you log in a Windows Security Center Alert comes up saying Win32.Netsky.Q has been detected. It says it's a worm trojan that can record personal info. When you try to open Internet Explorer it either instantly crashes or the web page says "Insecure browsing activity. Threat of virus attack". You then have 2 options - Continue unprotected or get protection. If you continue unprotected it takes you to the home page then crashes soon after. If you go to "get protection" it takes you to a page where you can download Windows Perfect Defender 2009 (presumably for a fee). I already have McAfee virus protection and have done several virus scans but nothing has been found. Can anyone tell me what this is, what it does and help me get rid of it? I also have a couple of other questions -
As the other 4 accounts on the PC can access the internet, do you think it's still safe to check bank accounts, internet shop etc. from these accounts?
If I just deleted the affected account would this solve the problem or just hide it?
Any help would be gratefully received.
Best Answer - Chosen by Asker
I had the same problem, and by searching through some sites, I read and found out how to delete this "virus".
Supposedly, it's not even a virus, only malware that directs you to crap sites telling you to download stuff. You're not really infected with Netsky.q, it just creates a fake popup telling you you are. When it pops up, is the "block" and "unblock" option greyed out? Does your Firefox or Internet Explorer crash when you try to use it? If it is, then you probably are infected with this malware.
The file that's causing all this is "fhexj6825097.exe".nd Go to C: -> Documents and Settings -> "Your Name" -> Application Data -> Google on your computer. Make sure you can view hidden files (Control Panel -> Appearance and Themes -> Folder Controls -> Show hidden files). Delete the entire Google folder. Google doesn't even use this folder; the program/virus/malware/whatever creates it. I deleted the entire Google folder under another person's account, since I think if you try to do it under your own it may not let you. I think you can do it under safe mode as well...
After this, go to the account that was infected and go to Start -> Run -> and type in "msconfig". Under the "startup" tab, you should see something like "c:/document and settings/%username%/Application Data\Google\fhexj6825097.exe" This means that this malware is starting up everytime you boot your computer. Go to Start -> Run -> regedit, search "windpipe" and delete that file. Then search "fhexj" and delete that one as well. Now when you go to msconfig, the startup line should be gone. This means the program will not get started the next time you reboot.
I did all this, and my Firefox is working properly again.
Good luck!
Supposedly, it's not even a virus, only malware that directs you to crap sites telling you to download stuff. You're not really infected with Netsky.q, it just creates a fake popup telling you you are. When it pops up, is the "block" and "unblock" option greyed out? Does your Firefox or Internet Explorer crash when you try to use it? If it is, then you probably are infected with this malware.
The file that's causing all this is "fhexj6825097.exe".nd Go to C: -> Documents and Settings -> "Your Name" -> Application Data -> Google on your computer. Make sure you can view hidden files (Control Panel -> Appearance and Themes -> Folder Controls -> Show hidden files). Delete the entire Google folder. Google doesn't even use this folder; the program/virus/malware/whatever creates it. I deleted the entire Google folder under another person's account, since I think if you try to do it under your own it may not let you. I think you can do it under safe mode as well...
After this, go to the account that was infected and go to Start -> Run -> and type in "msconfig". Under the "startup" tab, you should see something like "c:/document and settings/%username%/Application Data\Google\fhexj6825097.exe" This means that this malware is starting up everytime you boot your computer. Go to Start -> Run -> regedit, search "windpipe" and delete that file. Then search "fhexj" and delete that one as well. Now when you go to msconfig, the startup line should be gone. This means the program will not get started the next time you reboot.
I did all this, and my Firefox is working properly again.
Good luck!
Source(s):
http://forums.techguy.org/general-securi…
(This is where I read about the program and how to delete it).
(This is where I read about the program and how to delete it).
- Asker's Rating:
- Asker's Comment:
- Thanks a million for your help, it worked a treat. I can now stop worrying about this and officially start the Christmas party season. Woo hoo.
There are currently no comments for this question.
* You must be logged into Answers to add comments. Sign in or Register.
Other Answers (4)
- download anti malware and ccleaner and run it
hope this helps.^_^
http://www.malwarebytes.org/
http://www.ccleaner.com/ - manual removal instructions are helpful
http://removal-tool.com/win32netskyq-net… -
by elven child
- Member since:
- December 16, 2008
- Total points:
- 5077 (Level 5)
- Badge Image:
-
- Contributing In:
- Security
here's a deal: netsky is not a real threat. it indicated that you have Perfect Defender 2009 and this fake antispyware is trying to push you into purchasing the program. you don't have to download perfect defender 2009 to have it on your pc because it is a computer parasite. it just sticks on a computer. here's explanation how to delete it: http://www.spywarevoid.com/perfect-defen…
mcafee hadn't deleted this infection because mcafee can only deal with viruses and you need antispyware to delete perfect defender. - Macabre Chaos' reply in this thread did the trick for me. Follow her instructions closely and you should be good to go. Thank you M.C.!
Open Questions in Security
Answers International
- Argentina
- Australia
- Brazil
- Canada
- China
- France
- Germany
- Hong Kong
- India
- Indonesia
- Italy
- Japan
- Malaysia
- Mexico
- New Zealand
- Philippines
- Quebec
- Singapore
- South Korea
- Spain
- Taiwan
- Thailand
- United Kingdom
- United States
- Vietnam
- en Español
Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. Click here for the Full Disclaimer.
Help us improve Yahoo! Answers. Send Feedback
Copyright © 2009 Yahoo! Inc. All Rights Reserved.