W32/Netsky.b.eml!zip removal with McAfee

Posted on 2004-08-15
Last Modified: 2010-08-05
McAfee antivirus discovered & removed "W32/Netsky.b.eml!zip" tonight from my computer.
The problem is, every time I open my email program (Outlook Express & I have Windows XP with service pack 1) a McAfee virus alert window pops up saying its found "W32/Netsky.b.eml!zip" and removed it...but then my email program disconnects from the server (Verizon) and will not receive all my email messages.  
I deleted all history, cookies, temp. files and ran the disk cleanup program too.  I also tried searching for the file to delete it manually but it could not be found....
Yet every time I open my email program the same thing receives the same 8 messages out of 23 and then disconnects from server after McAfee pops up the window stating that "W32/Netsky.b.eml!zip" was found and deleted.
Also, here is the location it gave for that file: C:\Docume~1\Owner\Locals~1\Temp\McV10D.tmp
I can't seem to find any information on how to remove it either...I've used Google search and found a descriptive entry at McAfee site but nothing on how to remove it.  
Can anyone please help me?  Thank you,
Question by:Karenina
  • 3
  • 2
  • 2

Accepted Solution

pulupul earned 500 total points
ID: 11803644
If I understood correctly, the problem is that, every time you launch Outlook, it tries to download all the messages in the server, but when downlads the one with the virus, it disconnects. This means Outlook is leaving the e-mail with virus in the server, so it is never deleted (in the server).
Try configuring Outlook for not leaving the messages in the server once it has downloaded them to your computer. To do so go to: Tools->Accounts->Mail tab, select your account, click properties, go to Advanced properties tab, uncheck "keep a copy of the messages on the server", accept and close (exact menu and buttons text might not be accurate, as I have translated them from my spanish version of Outlook).
If that doesn't work, you can try with another antivirus. A good choice (which I use myselft) can be Panda Activescan, which is online, free, and well updated, and has the option to clean e-mail messages.

Expert Comment

ID: 11803676

Author Comment

ID: 11804917
Thank you for your fast response pulupul.  The messages were not being left on the server though because that box was unchecked when I looked at it.
But while ago it finally finshed receiving all my email and did NOT get stuck and disconnect on message number 8.  The very last email I got was from McAfee Virus Scan Email Scanner saying this:
 McAfee VirusScan ActiveShield has detected and cleaned a
virus-infected email.
To complete the cleaning process, ActiveShield has deleted the email.
And so I rebooted my computer and now when I open Outlook Express no strange thing happens.  And I can get all my email!  So I guess I just had to wait for McAfee to send me the email to confirm they got rid of the virus mail.  Thank you for your suggestion & quick responding anyway though.
And also I ran the McAfee scan again and it has tested clean and virus-free.
take care, Karenina
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.


Expert Comment

ID: 11805242
McAfee sent you an email saying they got rid of the virus? wow how considerate :), never seen that. I'm glad it works ok now.

Expert Comment

ID: 11815034
Yes, that is odd of McAfee, I didn't know they did that!

I just wanted to comment on something though.  Karenina, when you posted "The messages were not being left on the server though because that box was unchecked when I looked at it."

What happens with outlook and outlook express is this:  When you are downloading a number of email messages from your ISP, if somehow the connection gets interrupted (maybe by your anti-virus client detecting a virus) in some way, all the messages that were in that group stay on the server.  I beleive that outlook sends back some sort of signal to the mail server when it's done downloading messages that tells it that it got all the messages and that the server can delete them.  When your connection gets cut off, your computer does not get a chance to do that.

Just thought I'd explain that so you understood what was happening.  :-)

Glad you got your issue solved anyhow!

Author Comment

ID: 11815214
Yes, the email was from McAfee Antivirus ActiveShield.  Its never sent an email to me before either.  But it was the very last email that loaded and after that every time I opened Outlook it was okay.  I'm just glad I don't have a virus.
Thank you for all your time and response though.  I don't really know who to give the points to??  Can I give each of you half of them or what should I do?  Take care, Karenina

Expert Comment

ID: 11815528
No, don't give me any points!  I didn't solve your problem at all, you had already had it resolved when I piped in here!

Give them all to Pulupul!


Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Kaspersky remote uninstall failing 3 97
Different types of mobile security tests 3 92
antispam / virus gateway 5 47
Virus Kronos 4 69
PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now