W32/Netsky.p@MM - infectin like a mofo

Well, made a new record today! I was cleaning a clients machine with my standard use of a SuperDAT and it found and deleted 10,659 viruses! Yes, that’s TEN THOUSAND SIX HUNDRED AND FIFTY NINE viruses! Most were the Netsky.p@mm, but some were Sober and Spybot as well.

One interesting thing the viruses did was crash the dial-up internet connection. Services.exe was what one was named, and I’m guessing that the ISP was blocking its outbound requests (the computer had no firewall of its own). When this would happen, it’d bring up and error Network-Device failure, make sure services.exe can access the internet. The message was more involved than that, but you get the drift.

It also closed down Hijackthis with a fake antivirus-software message stating that the system was clean, and everything was OK.

Interesting approach, I guess. The network-driver/services.exe one had me fooled for a bit because the virus author took the time to make it look like a quasi-legit error message.