Solved

How remove w32.netsky.p virus

Posted on 2004-08-30
12
1,464 Views
Last Modified: 2010-08-05
I have Win2k server infected with w32.netsky.p virus.Virus definitions for symantec gets updated daily .  
 I have already run Fixnetsky tool to remove this virus .It takes effect for certain moment but next day virus strikes again.
 please give some solutuion to remove this virus.
0
Comment
Question by:dnitin
12 Comments
 
LVL 44

Expert Comment

by:CrazyOne
Comment Utility
Use one of these and...

MSCONFIG for Win 2000
http://www.insideproject.com/showguide.cfm?guideid=31
http://www.insideproject.com/downloads/msconfig2k/msconfig.zip

StartupCop
http://www.pcmag.com/article2/0,4149,2173,00.asp

AutoRuns
http://www.sysinternals.com/ntw2k/source/misc.shtml#autoruns

Startup Control Panel
http://www.mlin.net/StartupCPL.shtml
and
StartupMonitor
http://www.mlin.net/StartupMonitor.shtml


Try this

Sart > Run msconfig
Click on the tab marked "Startup"
Click the Disable All button.

If the problem no longer persists then one of the items in the starup is the culprit you just need to track it down.
0
 
LVL 21

Accepted Solution

by:
jvuz earned 43 total points
Comment Utility
Do acheck with Stinger:

http://vil.nai.com/vil/stinger/
0
 
LVL 5

Expert Comment

by:webtrans
Comment Utility
well my 2 cents advice would be to do the following

PLEASE DISABLE THE SYSTEM restore first
empty recycle bin
check ur email DB with something like avp from www.avp.ch (symantec does not actually open the email DB file)
and download started from http://www.download.com/StartEd/3000-2094-10211870.html?tag=lst-0-1
i guess those combined should do more than solving ur problem
urs
0
 
LVL 44

Expert Comment

by:CrazyOne
Comment Utility
UMMM webtrans Syetem Restore does not exist on Win2000 and yes Norton does scan the DB Files.
0
 
LVL 5

Expert Comment

by:webtrans
Comment Utility
well
norton can not tell u which email have the virus as far as i know
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 44

Expert Comment

by:CrazyOne
Comment Utility
>>>norton can not tell u which email have the virus as far as i know

IT dependends on what version. 2003 and 2004 can.
0
 
LVL 5

Expert Comment

by:webtrans
Comment Utility
well i have 2003
it can tell for incoming emails
not the ones that was recieved before
i mean scan the pst file
or the dbx file
0
 
LVL 44

Expert Comment

by:CrazyOne
Comment Utility
Yeah if scanning from Norton on all files but it does offer the option to scan incoming mail and you can set priorties in Norton to tell if what type of files you want it to scan.
0
 
LVL 6

Assisted Solution

by:acmp
acmp earned 41 total points
Comment Utility
Hi,

Netsky.p spreads via email and P2P apps, I'd suggest you check the server for any 'unwanted' apps like Kazaa or BearShare.

If the server is not used for viewing emails then I don't think it is at risk from email infection as the server will not actually open any attachments.

The server may also be infected by another PC on your network.  I would suggest your run stinger on all your PC's.  you can add it to your login script if necessary. Get stinger from http://vil.nai.com/vil/stinger.


To run stinger use <code>\\server\share\stingerxxx /GO /Log /Silent</code>

best of luck

acmp<><
0
 
LVL 4

Assisted Solution

by:gemchest
gemchest earned 41 total points
Comment Utility
Hi dnitin,

Since you've removed and it keeps coming back, perhaps you've not patched your system properly.

http://www.microsoft.com/technet/security/bulletin/MS01-020.mspx

Anyway if you're enabling sharing of files, maybe you can disable with your network forawhile so you can find the source that keep attacking your network server. Also, off all P2P shares as this virus will propagate thru these networks.
Patch up all the computers within the network should be able to curb the spreading and it should be fine. Lastly, set your corp Norton AV to detect all probable emails with virus.

Cheers,
Luis
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

PREFACE The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has alrea…
For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now