Solved

How remove w32.netsky.p virus

Posted on 2004-08-30
12
1,469 Views
Last Modified: 2010-08-05
I have Win2k server infected with w32.netsky.p virus.Virus definitions for symantec gets updated daily .  
 I have already run Fixnetsky tool to remove this virus .It takes effect for certain moment but next day virus strikes again.
 please give some solutuion to remove this virus.
0
Comment
Question by:dnitin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939281
Use one of these and...

MSCONFIG for Win 2000
http://www.insideproject.com/showguide.cfm?guideid=31
http://www.insideproject.com/downloads/msconfig2k/msconfig.zip

StartupCop
http://www.pcmag.com/article2/0,4149,2173,00.asp

AutoRuns
http://www.sysinternals.com/ntw2k/source/misc.shtml#autoruns

Startup Control Panel
http://www.mlin.net/StartupCPL.shtml
and
StartupMonitor
http://www.mlin.net/StartupMonitor.shtml


Try this

Sart > Run msconfig
Click on the tab marked "Startup"
Click the Disable All button.

If the problem no longer persists then one of the items in the starup is the culprit you just need to track it down.
0
 
LVL 21

Accepted Solution

by:
jvuz earned 43 total points
ID: 11939365
Do acheck with Stinger:

http://vil.nai.com/vil/stinger/
0
 
LVL 5

Expert Comment

by:webtrans
ID: 11939375
well my 2 cents advice would be to do the following

PLEASE DISABLE THE SYSTEM restore first
empty recycle bin
check ur email DB with something like avp from www.avp.ch (symantec does not actually open the email DB file)
and download started from http://www.download.com/StartEd/3000-2094-10211870.html?tag=lst-0-1
i guess those combined should do more than solving ur problem
urs
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939422
UMMM webtrans Syetem Restore does not exist on Win2000 and yes Norton does scan the DB Files.
0
 
LVL 5

Expert Comment

by:webtrans
ID: 11939460
well
norton can not tell u which email have the virus as far as i know
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939491
>>>norton can not tell u which email have the virus as far as i know

IT dependends on what version. 2003 and 2004 can.
0
 
LVL 5

Expert Comment

by:webtrans
ID: 11939507
well i have 2003
it can tell for incoming emails
not the ones that was recieved before
i mean scan the pst file
or the dbx file
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939545
Yeah if scanning from Norton on all files but it does offer the option to scan incoming mail and you can set priorties in Norton to tell if what type of files you want it to scan.
0
 
LVL 6

Assisted Solution

by:acmp
acmp earned 41 total points
ID: 11939729
Hi,

Netsky.p spreads via email and P2P apps, I'd suggest you check the server for any 'unwanted' apps like Kazaa or BearShare.

If the server is not used for viewing emails then I don't think it is at risk from email infection as the server will not actually open any attachments.

The server may also be infected by another PC on your network.  I would suggest your run stinger on all your PC's.  you can add it to your login script if necessary. Get stinger from http://vil.nai.com/vil/stinger.


To run stinger use <code>\\server\share\stingerxxx /GO /Log /Silent</code>

best of luck

acmp<><
0
 
LVL 4

Assisted Solution

by:gemchest
gemchest earned 41 total points
ID: 11940025
Hi dnitin,

Since you've removed and it keeps coming back, perhaps you've not patched your system properly.

http://www.microsoft.com/technet/security/bulletin/MS01-020.mspx

Anyway if you're enabling sharing of files, maybe you can disable with your network forawhile so you can find the source that keep attacking your network server. Also, off all P2P shares as this virus will propagate thru these networks.
Patch up all the computers within the network should be able to curb the spreading and it should be fine. Lastly, set your corp Norton AV to detect all probable emails with virus.

Cheers,
Luis
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
systemdown@india.com and McAfee 3 149
Yet another Ransome ware 13 201
How to handle Ransom ware 23 116
Spam mails from a compromised internal computer 5 141
OVERVIEW This guide provides information on the process performed when the Symantec Endpoint Protection (SEP) client checks in with the Symantec Endpoint Protection Manager (SEPM). AUDIENCE Information Technology personnel responsible for suppo…
Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

697 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question