Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Can't completely kill Netsky, Sober, Kukudro on a few servers.

Posted on 2006-07-10
3
Medium Priority
?
162 Views
Last Modified: 2013-12-04
A now departed engineer built three email boxes and failed to install any form of Anti-Virus on them. Now, I have things running through my network. We've managed, as far as I can tell, to whittle it down to three (oddly enough) different servers that all have any combination of Netsky, Sober and Kukudro on them. The problem is, they won't die. We think we kill them, we've run every tool we know of but they keep coming back. Symantec deletes them everytime they pop up, but there has to be a way to completely purge them. Any ideas? We've used our Symantec Enterprise, the individual Symantec removal tools, a deep information store cleaner, and various smaller AV products.
0
Comment
Question by:ImperialMe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 88

Accepted Solution

by:
rindi earned 1000 total points
ID: 17073128
Download the latest version of HijackThis

http://www.hijackthis.de

(Click on the „Directdownload“ link).

run it and save the log. Paste the log to the following website

http://www.hijackthis.de/en

Follow the following exactly:

At the bottom of the page you'll see a "ANALYZE" button. Click it and you will have an analysis of your log. Now a new button, "SAVE ANALYSIS" will show up at the bottom. Your analyzed log will be saved to a page on that homepage, of which you can post the URL here. I should then be able to see if there is any software causing problems.


Also be aware that symantec and other AV software moves infected files to a Quarantine folder, so even if the worms or virii aren't active anymore, they might still exist on the server, but that shouldn't worry you. Usually the AV software that made the quarantine won't report these anymore, but if you use another AV product it'll report them even if it isn't necessary.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question