Solved

Can't completely kill Netsky, Sober, Kukudro on a few servers.

Posted on 2006-07-10
3
150 Views
Last Modified: 2013-12-04
A now departed engineer built three email boxes and failed to install any form of Anti-Virus on them. Now, I have things running through my network. We've managed, as far as I can tell, to whittle it down to three (oddly enough) different servers that all have any combination of Netsky, Sober and Kukudro on them. The problem is, they won't die. We think we kill them, we've run every tool we know of but they keep coming back. Symantec deletes them everytime they pop up, but there has to be a way to completely purge them. Any ideas? We've used our Symantec Enterprise, the individual Symantec removal tools, a deep information store cleaner, and various smaller AV products.
0
Comment
Question by:ImperialMe
3 Comments
 
LVL 88

Accepted Solution

by:
rindi earned 250 total points
ID: 17073128
Download the latest version of HijackThis

http://www.hijackthis.de

(Click on the „Directdownload“ link).

run it and save the log. Paste the log to the following website

http://www.hijackthis.de/en

Follow the following exactly:

At the bottom of the page you'll see a "ANALYZE" button. Click it and you will have an analysis of your log. Now a new button, "SAVE ANALYSIS" will show up at the bottom. Your analyzed log will be saved to a page on that homepage, of which you can post the URL here. I should then be able to see if there is any software causing problems.


Also be aware that symantec and other AV software moves infected files to a Quarantine folder, so even if the worms or virii aren't active anymore, they might still exist on the server, but that shouldn't worry you. Usually the AV software that made the quarantine won't report these anymore, but if you use another AV product it'll report them even if it isn't necessary.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now