W32/Netsky.d.eml!exe virus keeps attempting to attack inetinfo.exe within IIS

Hi Guys,

I have problem where the above virus keeps trying to attack inetinfo.exe. Its not being successful as IIS still works ok. However the virus scanner i am using which is MCAfee VirusScan Enterprise 8.0! keeps reporting that it finds the virus, but failed to move or delete it.

I have to manually browser to the folder and delete the relevant file.

Is there anything i can do from an IIS point of view to prevent this occuring?

The package that is being used on the Windows 2000 IIS Server is GFI MailSecurity that uses IIS. The pachage is an email content checking package that scans all inbound/outbound emails for viruses using Norman Anti-Virus and a few others. The MCAfee virus scanner, protects the Windows 2000 OS.


Who is Participating?
try at http://vil.nai.com/vil/stinger

It will be there.
WadskiIT DirectorCommented:
Hi there biggiesmallzz,

Have the server been infected with the virus?  W32/Netsky.d removal tool: http://www.symantec.com/avcenter/venc/data/w32.netsky@mm.removal.tool.html

Are your virus definitions for GFI MailSecurity upto date?  As this should be preventing it affecting your Server and your clients.  

Please visit www.vil.nai.com/vil/stinger to download the stinger tool. Once done run it with the repair option.
Mcafee may not be able to remove it normally. You may need to boot in safe mode and run the virus guard.
Always run the first scan as repair. It will give you an idea of whats infected and safeguard against accidentally deleting required files.
biggiesmallzzAuthor Commented:
I ran the Symantec netsky removal tool and it did not find any variants of the virus.

The Mcafee tool i could not find.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.