News  
   Documentation  
  Help   		Training 
Labs
Contacts 		 Connecting
About   
Purchases		 Policies
TTU Home  
ITS Home


NetSky Worm

About Netsky           Removal Tool          Disable System Restore in XP

ABOUT NETSKY

This virus/worm picks up email addresses for both the "To" and "From"  portion of email messages from anywhere on the internet that there is an infection. Messages and subject lines are somewhat randomly generated. You can't tell based on the "To" and "From" where the message originated.  If you receive a suspicious message, just delete and purge the message.  If someone tells you they received an infected message from you, please realize that somewhere in the world, your email address was found and used to generate an infected message.  At many locations, a server  first screens all emails and rejects those with viruses and/or with certain kinds of attachments.   If the virus generated a message with your email address as the sender and it contains the virus and/or a prohibited type of attachment, such as .exe, then you will receive a message back from the server that your email was rejected. However, this is an automated response and the original message did not likely start at your machine.

The best defense is vigilance and keeping your virus definitions up to date. Each time a new virus appears, there will be a few hours of susceptibility before the new virus definitions can be developed and then downloaded from Norton or other antivirus providers. Remember that these messages can be generated from anywhere in the world and your email address may be in many people's address books or in other locations on the internet where the virus/worm picks them up.

REMOVAL

From Symantec's Web Site:

  1. Download the program to your computer and save it to a location you can find:  Fix NetSky Worm
  2. Close all programs before running the tool.
  3. If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
  4. If you are running Windows Me or XP, disable System Restore (see instructions below).
    Caution: If you are running Windows Me/XP, do not skip this step.
  5. Double-click the FxNetsky.exe file to start the removal tool.
  6. Click Start to begin the process, and then allow the tool to run.
  7. Restart the computer.
  8. Run the removal tool again to ensure that the system is clean.
  9. If you are running Windows Me/XP, next re-enable System Restore (see instructions below).
  10. Reconnect to the network.

Remember to keep all virus definitions up to date and download all Critical Updates from Microsoft for your operating system.

Disabling System Restore in Windows XP

  • Click Start.
  • Right-click My Computer
  • Select  Properties from the floating menu.
  • Click the System Restore tab.
  • Select Turn off System Restore check box.
  • Click Apply.
  • Click Yes in message box.
  • Click OK.

After the worm is removed, restart your computer and follow the steps above to deselect "Turn off System Restore".

If you need additional assistance, please contact MicroSupport@tntech.edu (372-6315)
or your College MicroSupport contact

 

Maintained by:  Academic Computing Support Last updated: April 29, 2004
TTU Home     ITS Home     Contacts     News
Copyright © Tennessee Technological University. All rights reserved.
Information Technology Services, Box 5071— Clement Hall 220, Cookeville, Tennessee 38505   Phone: 931.372.3387