Solved

Can't completely kill Netsky, Sober, Kukudro on a few servers.

Posted on 2006-07-10
3
154 Views
Last Modified: 2013-12-04
A now departed engineer built three email boxes and failed to install any form of Anti-Virus on them. Now, I have things running through my network. We've managed, as far as I can tell, to whittle it down to three (oddly enough) different servers that all have any combination of Netsky, Sober and Kukudro on them. The problem is, they won't die. We think we kill them, we've run every tool we know of but they keep coming back. Symantec deletes them everytime they pop up, but there has to be a way to completely purge them. Any ideas? We've used our Symantec Enterprise, the individual Symantec removal tools, a deep information store cleaner, and various smaller AV products.
0
Comment
Question by:ImperialMe
3 Comments
 
LVL 88

Accepted Solution

by:
rindi earned 250 total points
ID: 17073128
Download the latest version of HijackThis

http://www.hijackthis.de

(Click on the „Directdownload“ link).

run it and save the log. Paste the log to the following website

http://www.hijackthis.de/en

Follow the following exactly:

At the bottom of the page you'll see a "ANALYZE" button. Click it and you will have an analysis of your log. Now a new button, "SAVE ANALYSIS" will show up at the bottom. Your analyzed log will be saved to a page on that homepage, of which you can post the URL here. I should then be able to see if there is any software causing problems.


Also be aware that symantec and other AV software moves infected files to a Quarantine folder, so even if the worms or virii aren't active anymore, they might still exist on the server, but that shouldn't worry you. Usually the AV software that made the quarantine won't report these anymore, but if you use another AV product it'll report them even if it isn't necessary.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question