Solved

Can't completely kill Netsky, Sober, Kukudro on a few servers.

Posted on 2006-07-10
3
160 Views
Last Modified: 2013-12-04
A now departed engineer built three email boxes and failed to install any form of Anti-Virus on them. Now, I have things running through my network. We've managed, as far as I can tell, to whittle it down to three (oddly enough) different servers that all have any combination of Netsky, Sober and Kukudro on them. The problem is, they won't die. We think we kill them, we've run every tool we know of but they keep coming back. Symantec deletes them everytime they pop up, but there has to be a way to completely purge them. Any ideas? We've used our Symantec Enterprise, the individual Symantec removal tools, a deep information store cleaner, and various smaller AV products.
0
Comment
Question by:ImperialMe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 88

Accepted Solution

by:
rindi earned 250 total points
ID: 17073128
Download the latest version of HijackThis

http://www.hijackthis.de

(Click on the „Directdownload“ link).

run it and save the log. Paste the log to the following website

http://www.hijackthis.de/en

Follow the following exactly:

At the bottom of the page you'll see a "ANALYZE" button. Click it and you will have an analysis of your log. Now a new button, "SAVE ANALYSIS" will show up at the bottom. Your analyzed log will be saved to a page on that homepage, of which you can post the URL here. I should then be able to see if there is any software causing problems.


Also be aware that symantec and other AV software moves infected files to a Quarantine folder, so even if the worms or virii aren't active anymore, they might still exist on the server, but that shouldn't worry you. Usually the AV software that made the quarantine won't report these anymore, but if you use another AV product it'll report them even if it isn't necessary.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question