Inadvertently hit by the Netsky family, and been having troubles getting rid of it? Check this step by step removal procedure out.
Suddenly getting *.pif attachments in your emails or a bunch of very personal and realistic sounding mails from people you don't even know? That's because the Netsky family has gone primetime and spawned a million and one variants: I-Worm.Netsky.A, I-Worm.Netsky.B, I-Worm.Netsky.C, I-Worm.Netsky.D, and now even I-Worm.Netsky.E. Many people have tried updating their anti virus definitions for their respective tools, but Netsky is clever (it stores info in the Windows registry, and deletes some vital keys as well!)
Now that you know how to disable and enable System Restore, let's get cracking.
OPTION 1: THE MCAFEE WAY (STINGER)
McAfee has made a very nifty tool called Stinger available which automatically scans your computer for 39 viruses and deletes them. It's pretty simple to use, just download and execute.
- Download Stinger.
- Disable System Restore as described above. This will take your system into a reboot.
- When the computer is back again, wun Stinger from your desktop by double-clicking it. Wait, get some coffee, etc etc. This takes time.
- Optional but recommended if the first run above found some virii: Run Stinger again to make sure your PC is clean.
- Re-enable System Restore from the Control Panel > System > System Restore (checkbox).
On my machine with 120GB hard disk, 57% used, 1 GB RAM, this tool took about an hour to scan through all files. Which is probably a worthy price to pay
for the convenience of automation. Worth a shot for sure.
If and only if this doesn't work, try the next and somewhat more convoluted tool from Symantec.
OPTION 2: THE SYMANTEC WAY
Roll up your sleeves as this is can get a bit involving for people who don't know MS-DOS prompts or some Windows system functionality (although there are screenshots to boot below whenever possible)
- Download the FxNetsky.exe file. Save the file to a convenient location, e.g.,
- Download the file chktrust.exe. IMPORTANT: Save this file as the same location as above:
- Now close all programs, including the browser from which you downloaded the above applications. Then, START –> RUN, and type
This will start the MS DOS PROMPT. Here, type:
cd c:/netsky_remove chktrust -i FxNetsky.exe
Press Enter after typing each command. If the digital signature is valid, you will see the following:
"Do you want to install and run "FxNetsky.exe" signed on 3/1/2004 10:33 PM and distributed by: Symantec Corporation?"
- If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
- Disable System Restore.
- Double-click the
c:\netsky_removefolder to start the removal tool.
- Click Start to begin the process, and then allow the tool to run. Sit back and enjoy the ride. This takes time.
- When the tool has finished running, you will see a message indicating whether [email protected] infected the computer. In the case of a removal of the worm, the program displays the following results:
Total number of scanned files Number of deleted files Number of repaired files Number of terminated viral processes Number of fixed registry entries
- Reboot the computer.
- If virii were found, then run the removal tool again to ensure that the system is clean.
- If you had disabled System Restore, then re-enable it.
Let me know if this doesn't work as desired!Read More