|W32.Netsky.AD@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds on the infected computer.
The email subject, message body, and attachment are variable.
Name of attachment: Varies with .bat, .com, .pif, .scr, or .zip file extension.
Copies to shared file folders of various peer-to-peer filesharing applications and instant messaging programs.
Display a message box with the following text: "File Corrupted replace this!!"
Deletes the following values: "Taskmon"; "Explorer"; "KasperskyAv"; "system."
from the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Deletes the following value: "system."
from the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Deletes the following key:
Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value: "MsnMsgr" = "%Windir%\MsnMsgrs.exe"