Solved

How remove w32.netsky.p virus

Posted on 2004-08-30
12
1,468 Views
Last Modified: 2010-08-05
I have Win2k server infected with w32.netsky.p virus.Virus definitions for symantec gets updated daily .  
 I have already run Fixnetsky tool to remove this virus .It takes effect for certain moment but next day virus strikes again.
 please give some solutuion to remove this virus.
0
Comment
Question by:dnitin
12 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939281
Use one of these and...

MSCONFIG for Win 2000
http://www.insideproject.com/showguide.cfm?guideid=31
http://www.insideproject.com/downloads/msconfig2k/msconfig.zip

StartupCop
http://www.pcmag.com/article2/0,4149,2173,00.asp

AutoRuns
http://www.sysinternals.com/ntw2k/source/misc.shtml#autoruns

Startup Control Panel
http://www.mlin.net/StartupCPL.shtml
and
StartupMonitor
http://www.mlin.net/StartupMonitor.shtml


Try this

Sart > Run msconfig
Click on the tab marked "Startup"
Click the Disable All button.

If the problem no longer persists then one of the items in the starup is the culprit you just need to track it down.
0
 
LVL 21

Accepted Solution

by:
jvuz earned 43 total points
ID: 11939365
Do acheck with Stinger:

http://vil.nai.com/vil/stinger/
0
 
LVL 5

Expert Comment

by:webtrans
ID: 11939375
well my 2 cents advice would be to do the following

PLEASE DISABLE THE SYSTEM restore first
empty recycle bin
check ur email DB with something like avp from www.avp.ch (symantec does not actually open the email DB file)
and download started from http://www.download.com/StartEd/3000-2094-10211870.html?tag=lst-0-1
i guess those combined should do more than solving ur problem
urs
0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939422
UMMM webtrans Syetem Restore does not exist on Win2000 and yes Norton does scan the DB Files.
0
 
LVL 5

Expert Comment

by:webtrans
ID: 11939460
well
norton can not tell u which email have the virus as far as i know
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939491
>>>norton can not tell u which email have the virus as far as i know

IT dependends on what version. 2003 and 2004 can.
0
 
LVL 5

Expert Comment

by:webtrans
ID: 11939507
well i have 2003
it can tell for incoming emails
not the ones that was recieved before
i mean scan the pst file
or the dbx file
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939545
Yeah if scanning from Norton on all files but it does offer the option to scan incoming mail and you can set priorties in Norton to tell if what type of files you want it to scan.
0
 
LVL 6

Assisted Solution

by:acmp
acmp earned 41 total points
ID: 11939729
Hi,

Netsky.p spreads via email and P2P apps, I'd suggest you check the server for any 'unwanted' apps like Kazaa or BearShare.

If the server is not used for viewing emails then I don't think it is at risk from email infection as the server will not actually open any attachments.

The server may also be infected by another PC on your network.  I would suggest your run stinger on all your PC's.  you can add it to your login script if necessary. Get stinger from http://vil.nai.com/vil/stinger.


To run stinger use <code>\\server\share\stingerxxx /GO /Log /Silent</code>

best of luck

acmp<><
0
 
LVL 4

Assisted Solution

by:gemchest
gemchest earned 41 total points
ID: 11940025
Hi dnitin,

Since you've removed and it keeps coming back, perhaps you've not patched your system properly.

http://www.microsoft.com/technet/security/bulletin/MS01-020.mspx

Anyway if you're enabling sharing of files, maybe you can disable with your network forawhile so you can find the source that keep attacking your network server. Also, off all P2P shares as this virus will propagate thru these networks.
Patch up all the computers within the network should be able to curb the spreading and it should be fine. Lastly, set your corp Norton AV to detect all probable emails with virus.

Cheers,
Luis
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to provide information to successfully add specific IIS 7.0 role services for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technol…
Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question