How remove w32.netsky.p virus

I have Win2k server infected with w32.netsky.p virus.Virus definitions for symantec gets updated daily .  
 I have already run Fixnetsky tool to remove this virus .It takes effect for certain moment but next day virus strikes again.
 please give some solutuion to remove this virus.
dnitinAsked:
Who is Participating?
 
jvuzCommented:
Do acheck with Stinger:

http://vil.nai.com/vil/stinger/
0
 
CrazyOneCommented:
Use one of these and...

MSCONFIG for Win 2000
http://www.insideproject.com/showguide.cfm?guideid=31
http://www.insideproject.com/downloads/msconfig2k/msconfig.zip

StartupCop
http://www.pcmag.com/article2/0,4149,2173,00.asp

AutoRuns
http://www.sysinternals.com/ntw2k/source/misc.shtml#autoruns

Startup Control Panel
http://www.mlin.net/StartupCPL.shtml
and
StartupMonitor
http://www.mlin.net/StartupMonitor.shtml


Try this

Sart > Run msconfig
Click on the tab marked "Startup"
Click the Disable All button.

If the problem no longer persists then one of the items in the starup is the culprit you just need to track it down.
0
 
webtransCommented:
well my 2 cents advice would be to do the following

PLEASE DISABLE THE SYSTEM restore first
empty recycle bin
check ur email DB with something like avp from www.avp.ch (symantec does not actually open the email DB file)
and download started from http://www.download.com/StartEd/3000-2094-10211870.html?tag=lst-0-1
i guess those combined should do more than solving ur problem
urs
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
CrazyOneCommented:
UMMM webtrans Syetem Restore does not exist on Win2000 and yes Norton does scan the DB Files.
0
 
webtransCommented:
well
norton can not tell u which email have the virus as far as i know
0
 
CrazyOneCommented:
>>>norton can not tell u which email have the virus as far as i know

IT dependends on what version. 2003 and 2004 can.
0
 
webtransCommented:
well i have 2003
it can tell for incoming emails
not the ones that was recieved before
i mean scan the pst file
or the dbx file
0
 
CrazyOneCommented:
Yeah if scanning from Norton on all files but it does offer the option to scan incoming mail and you can set priorties in Norton to tell if what type of files you want it to scan.
0
 
acmpCommented:
Hi,

Netsky.p spreads via email and P2P apps, I'd suggest you check the server for any 'unwanted' apps like Kazaa or BearShare.

If the server is not used for viewing emails then I don't think it is at risk from email infection as the server will not actually open any attachments.

The server may also be infected by another PC on your network.  I would suggest your run stinger on all your PC's.  you can add it to your login script if necessary. Get stinger from http://vil.nai.com/vil/stinger.


To run stinger use <code>\\server\share\stingerxxx /GO /Log /Silent</code>

best of luck

acmp<><
0
 
gemchestCommented:
Hi dnitin,

Since you've removed and it keeps coming back, perhaps you've not patched your system properly.

http://www.microsoft.com/technet/security/bulletin/MS01-020.mspx

Anyway if you're enabling sharing of files, maybe you can disable with your network forawhile so you can find the source that keep attacking your network server. Also, off all P2P shares as this virus will propagate thru these networks.
Patch up all the computers within the network should be able to curb the spreading and it should be fine. Lastly, set your corp Norton AV to detect all probable emails with virus.

Cheers,
Luis
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.