Inad­ver­tently hit by the Net­sky fam­ily, and been hav­ing trou­bles get­ting rid of it? Check this step by step removal pro­ce­dure out.

Sud­denly get­ting *.pif attach­ments in your emails or a bunch of very per­sonal and real­is­tic sound­ing mails from peo­ple you don't even know? That's because the Net­sky fam­ily has gone prime­time and spawned a mil­lion and one vari­ants: I-Worm.Netsky.A, I-Worm.Netsky.B, I-Worm.Netsky.C, I-Worm.Netsky.D, and now even I-Worm.Netsky.E. Many peo­ple have tried updat­ing their anti virus def­i­n­i­tions for their respec­tive tools, but Net­sky is clever (it stores info in the Win­dows reg­istry, and deletes some vital keys as well!)

I use Grisoft's won­der­ful AVG tool, which is great if you had it BEFORE the Net­sky virus (but then I also use a com­bi­na­tion of Spam Assas­sin and Cla­mav)

Now that you know how to dis­able and enable Sys­tem Restore, let's get cracking.

OPTION 1: THE MCAFEE WAY (STINGER)

McAfee has made a very nifty tool called Stinger avail­able which auto­mat­i­cally scans your com­puter for 39 viruses and deletes them. It's pretty sim­ple to use, just down­load and execute.

• Down­load Stinger.
• Dis­able Sys­tem Restore as described above. This will take your sys­tem into a reboot.
• When the com­puter is back again, wun Stinger from your desk­top by double-clicking it. Wait, get some cof­fee, etc etc. This takes time.
• Reboot.
• Optional but rec­om­mended if the first run above found some virii: Run Stinger again to make sure your PC is clean.
• Reboot.
• Re-enable Sys­tem Restore from the Con­trol Panel > Sys­tem > Sys­tem Restore (checkbox).

On my machine with 120GB hard disk, 57% used, 1 GB RAM, this tool took about an hour to scan through all files. Which is prob­a­bly a wor­thy price to pay
for the con­ve­nience of automa­tion. Worth a shot for sure.

If and only if this doesn't work, try the next and some­what more con­vo­luted tool from Symantec.

OPTION 2: THE SYMANTEC WAY

Roll up your sleeves as this is can get a bit involv­ing for peo­ple who don't know MS-DOS prompts or some Win­dows sys­tem func­tion­al­ity (although there are screen­shots to boot below when­ever possible)

• Down­load the FxNetsky.exe file. Save the file to a con­ve­nient loca­tion, e.g.,

  c:\netsky_remove

• Down­load the file chktrust.exe. IMPORTANT: Save this file as the same loca­tion as above:

  c:\netsky_remove

• Now close all pro­grams, includ­ing the browser from which you down­loaded the above appli­ca­tions. Then, START –> RUN, and type

  cmd

  This will start the MS DOS PROMPT. Here, type:

  cd c:/netsky_remove
  chktrust -i FxNetsky.exe

  Press Enter after typ­ing each com­mand. If the dig­i­tal sig­na­ture is valid, you will see the following:

  "Do you want to install and run "FxNetsky.exe"
  signed on 3/1/2004 10:33 PM and distributed by:
  Symantec Corporation?"

• If you are on a net­work or if you have a full-time con­nec­tion to the Inter­net, dis­con­nect the com­puter from the net­work and the Internet.
• Dis­able Sys­tem Restore.
• Double-click the FxNetsky.exe in your c:\netsky_remove folder to start the removal tool.
• Click Start to begin the process, and then allow the tool to run. Sit back and enjoy the ride. This takes time.
• When the tool has fin­ished run­ning, you will see a mes­sage indi­cat­ing whether [email protected] infected the com­puter. In the case of a removal of the worm, the pro­gram dis­plays the fol­low­ing results:

  Total number of scanned files
  Number of deleted files
  Number of repaired files
  Number of terminated viral processes
  Number of fixed registry entries

• Reboot the computer.
• If virii were found, then run the removal tool again to ensure that the sys­tem is clean.
• If you had dis­abled Sys­tem Restore, then re-enable it.

Let me know if this doesn't work as desired!