Home Forums Windows 7 Security Tips

Windows 7
Windows Vista
Windows XP

Security Tips
Keyboard Shortcuts


Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Hot Downloads

Privacy Policy
Contact Us


Name FirewallSvr.exe


W32.Netsky.Y@mm is a variant of W32.Netsky.X@mm that scans for the email addresses on all non-CD-ROM drives on an infected computer.
Also Known As: W32/Netsky.y@MM [McAfee], WORM_NETSKY.Y [Trend], Win32.Netsky.Y [Computer Associates], W32/Netsky-X [Sophos]

Copies itself as %Windir%\FirewallSvr.exe.
Adds the value: "FirewallSvr"="%Windir%\FirewallSvr.exe"
to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Listens on TCP port 82 for an attacker to send an executable file, and then run it.
If the system date is between April 28, 2004 and April 30, 2004,
the worm will attempt to perform Denial of Service (DoS) attack against the following Web sites:;;

Then, the worm uses its own SMTP engine to send itself to the email addresses that it finds.
The email has the following characteristics:
From: (spoofed)

Subject: Delivery failure notice (ID-)

--- Mail Part Delivered ---
220 Welcome to
Mail type: multipart/related
--- text/html RFC 2504
MX [Mail Exchanger] mx.mt2.kl.
Exim Status OK.
message is available.

where may be one of:


Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value: "FirewallSvr"="%Windir%\FirewallSvr.exe"

Still have a problem? Ask for help at our discussion forum.

Search Dangerous Files :

: : Recent posts at Forums : :

Fatal error: Incompatible file format: The encoded file has format major ID 1, whereas the Loader expects 7 in /home/software/public_html/forum/includes/functions_vbseo.php on line 0