a-squared Anti-Malware and Mamutu behavior blocker - Malware scanner, remover and protection against new infections of Viruses, Spyware, Trojan Horses, Bots, Backdoors.
RECOMMENDATION!
A-SQUARED TESTED
BEST IN TEST:
October 2009:
1. place: a-squared Anti-Malware
99.8% at MRG scanner test #21
malwareresearchgroup.com
September 2009:
Best detection in all categories!
COM! Magazine test (German)
August 2009:
1. place: a-squared Anti-Malware
99.9% at static detection test of
PC Security Labs
June 2009:
1. place: a-squared Anti-Malware
99.7% at MRG scanner test #19
malwareresearchgroup.com
November 2008:
99.84% detection rate in
antivirus comparison test of
PC Security Labs!
August 2008:
"Of the scanners tested,
a-squared by Emsisoft performed
significantly better than
the others."
Dozleng.com Comparison Test
REVIEWS/AWARDS
a-squared Anti-Malware was
awarded for its outstanding
total performance.
Best static detection!
PC Magazine:
"Near-Perfect Protection:
It blocked every single one of the
samples the moment each one tried
to execute, scoring a perfect
10 of 10 points."
Best Free Trojan Scanner!
"Our favorite malware-masher:
a-squared Anti-Malware!"
SecuritySoftwareZone best rating
Tucows 5 cows!
"In terms of worms and spyware,
but also trojans, a-squared Anti-Malware can hardly be beaten."
ZDNet best rating
a-squared Anti-Malware with
best rating at Softpedia.com
MajorGeeks.com
Editor's Pick
FreeFunFiles.com
Editor's Pick in August 2006
Softpedia.com
Reviewer's pick
PRODUCTS
a-squared Malware-Info
Name: Worm.Win32.NetSky.D
Description:
Symptoms:
Presence of the following file in Windows directory (%WINDIR%)
"winlogon.exe"
Presence of the following entry in "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" registry key:
"ICQ Net" = "winlogon.exe -stealth"
Technical description:
This variant of the NetSky worm (.D) spreads only via e-mail (in contrast
with previous versions, which spread through some P2P applications as well),
sending itself to e-mail addresses found in the infected computer.
The worm arrives in the following e-mail format:
Subject - randomly chosen from the following strings:
"Re: Re: Document"
"Re: Re: Thanks!"
"Re: Thanks!"
"Re: Your document"
"Re: Here is the document"
"Re: Your picture"
"Re: Re: Message"
"Re: Hi"
"Re: Hello"
"Re: Re: Re: Your document"
"Re: Here"
"Re: Your music"
"Re: Your software"
"Re: Approved"
"Re: Details"
"Re: Excel file"
"Re: Word file"
"Re: My details"
"Re: Your details"
"Re: Your bill"
"Re: Your text"
"Re: Your archive"
"Re: Your letter"
"Re: Your product"
"Re: Your website"
Body - randomly chosen from the following strings:
"Your document is attached."
"Here is the file."
"See the attached file for details."
"Please have a look at the attached file."
"Please read the attached file."
"Your file is attached."
Attached filename (and extension) - randomly chosen from the following strings:
"your_document.pif"
"your_document.pif"
"document.pif"
"message_part2.pif"
"your_document.pif"
"document_full.pif"
"your_picture.pif"
"message_details.pif"
"your_file.pif"
"your_picture.pif"
"document_4351.pif"
"yours.pif"
"mp3music.pif"
"application.pif"
"all_document.pif"
"my_details.pif"
"document_excel.pif"
"document_word.pif"
"my_details.pif"
"your_details.pif"
"your_bill.pif"
"your_text.pif"
"your_archive.pif"
"your_letter.pif"
"your_product.pif"
"your_website.pif"
When the user double-clicks the e-mail attachment, the worm does the following:
- copies itself to Windows directory (%WINDIR%) as "winlogon.exe";
- adds the following entry to "HKLM\Software\Microsoft\Windows\CurrentVersion\Run"
registry key:
"ICQ net" = "winlogon.exe -stealth",
(so it will be executed each time Windows starts up);
- disables some antivirus software and other known worms (such as Mydoom.A
and Mydoom.B) by deleting relevant registry keys;
- scans the infected computers for e-mail addresses in files whose extension
is one of the following:
".eml"
".txt"
".php"
".pl"
".htm"
".html"
".vbs"
".rtf"
".uin"
".asp"
".wab"
".doc"
".adb"
".tbb"
".dbx"
".sht"
".oft"
".msg"
".shtm"
".cgi"
".dhtm"
- creates and sends e-mails to these addresses with the above described format:
- On 01 mar. 2004, between 6:00 and 9:00 am (local time, not GMT) the worm
generates in the computer's speaker sounds with random tones and durations.
This variant (.D) uses an improved routine for sending itself through
e-mail, allowing it to be sent several times faster than previous
variants (.A - .C).
The worm avoids sending itself to addresses containing at least one of
the following strings:
"icrosoft"
"antivi"
"ymantec"
"spam"
"avp"
"f-secur"
"itdefender"
"orman"
"cafee"
"aspersky"
"f-pro"
"orton"
"fbi"
"abuse"
"messagelabs"
"skynet"
Source: BitDefender Virus-Info
Removal instructions for Worm NetSky D:
To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.
More details about this danger:
Additional information might be found here:
Search
at Google for
Worm NetSky D
Search at Bing for
Worm NetSky D
Search
at Yahoo for
Worm NetSky D
How can I protect myself from Worm NetSky D?
Important!
You essentially need an antivirus product, that is not only able to clean infections, but also protect your PC permanently from new dangers.
This is the only way to prevent data loss and unnecessary hassle and costs of new installations of your operating system.
Take your chance and buy the multiple awarded protection software a-squared Anti-Malware today!
Only $40 for the security of your computer.
Buy a-squared Anti-Malware online:
Trust only on the best protection software!
