From; Sophos Alert System: Name: W32/Netsky-V Type: Win32 worm Date: 15 April 2004 A virus identity (IDE) file which provides protection is available now from the Sophos website, and will be incorporated into the June 2004 (3.82) release of Sophos Anti-Virus. Enterprise Manager and PureMessage customers will be automatically protected at their next scheduled update. At the time of writing, Sophos has received no reports from users affected by this worm. However, we have issued this advisory following enquiries to our support department from customers. Information about W32/Netsky-V can be found at: http://www.sophos.com/virusinfo/analyses/w32netskyv.html Description W32/Netsky-V is a worm. When executed the worm will send emails containing an exploit which will attempt to download and execute a remote file. W32/Netsky-V copies itself to the Windows folder as KasperskyAVEng.exe and adds the following registry entry so that it gets started on user logon: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KasperskyAVEng = KasperskyAVEng.exe The worm will listen on TCP ports 5557 and 5558. Download the IDE file from: http://www.sophos.com/downloads/ide/netsky-v.ide Download all the IDE files available for the current version of Sophos Anti-Virus in a single compressed file. The file is available in two formats: Zip file: http://www.sophos.com/downloads/ide/ides.zip Self-extracting file: http://www.sophos.com/downloads/ide/ides.exe Read about how to use IDE files at http://www.sophos.com/downloads/ide/using.html --------------------------------------------------------------------- Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member