Solved

Can't completely kill Netsky, Sober, Kukudro on a few servers.

Posted on 2006-07-10
3
152 Views
Last Modified: 2013-12-04
A now departed engineer built three email boxes and failed to install any form of Anti-Virus on them. Now, I have things running through my network. We've managed, as far as I can tell, to whittle it down to three (oddly enough) different servers that all have any combination of Netsky, Sober and Kukudro on them. The problem is, they won't die. We think we kill them, we've run every tool we know of but they keep coming back. Symantec deletes them everytime they pop up, but there has to be a way to completely purge them. Any ideas? We've used our Symantec Enterprise, the individual Symantec removal tools, a deep information store cleaner, and various smaller AV products.
0
Comment
Question by:ImperialMe
3 Comments
 
LVL 88

Accepted Solution

by:
rindi earned 250 total points
ID: 17073128
Download the latest version of HijackThis

http://www.hijackthis.de

(Click on the „Directdownload“ link).

run it and save the log. Paste the log to the following website

http://www.hijackthis.de/en

Follow the following exactly:

At the bottom of the page you'll see a "ANALYZE" button. Click it and you will have an analysis of your log. Now a new button, "SAVE ANALYSIS" will show up at the bottom. Your analyzed log will be saved to a page on that homepage, of which you can post the URL here. I should then be able to see if there is any software causing problems.


Also be aware that symantec and other AV software moves infected files to a Quarantine folder, so even if the worms or virii aren't active anymore, they might still exist on the server, but that shouldn't worry you. Usually the AV software that made the quarantine won't report these anymore, but if you use another AV product it'll report them even if it isn't necessary.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question