Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32.Netsky.P@mm worm blocking my OE


  • Please log in to reply
8 replies to this topic

#1 Hopeful

Hopeful

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 22 July 2004 - 04:30 PM

Gentlemen, I have a Dell 4500 PC with Windows XP Home and SP-1, floppy disk,
CD-RW & DVD drives and 80GB hard drive. (70GB free). I have Norton Antivirus 2003 and Norton Ghost Image for backup.

My problem started about a week ago when I opened OE to read my mail. NAV flashed a window saying they had deleted the first mail which was called a worm &
listed as : id04009.zip W32.Netsky.P@mm. Auto. Deleted
No. 2 : about you (my address).zip W32.Netsky.P@mm Auto. Deleted
No. 3 : CC981.tmp W32.Netsky.P@mm Repair failed
Quarantined the third one.

When my inbox finally opened there were three other messages with attachments listed as: k.messner@intier.com 0i09u5rug08r895gjrg The next one was a duplicate. The third was 41200411192340306 Private document.

I did not open any but deleted them from the screen. I did a PrintScreen copy and printed them out for myself.

After four of these NAV windows warnings, my ISP shuts down the mail program with an 00800 error warning and no more mail gets through.

I ran Ad-Aware and Spybot S&D with clean results.

I contacted Symantec service on the web and downloaded their W32.Netsky Fixtool. They recommended disabling System Restore which I did following a copy of your tutorial on the same.

They also recommended using Safe Mode to run the program which I did following a copy of another of your tutorials on the subject. My first time using Safe Mode.

I also ran a Symantec Virus check while in safe mode. Clean!

The results of the Fixtool were also clean.

I have all the latest downloads from MS according to Windows Update.

I enabled System Restore again.

When I opened my inbox again, the same warning came up about infection from W32.Netsky.P@mm. At the moment I'm leaving OE alone and using my ISP to communicate when I have to.

I would appreciate any suggestions you might have from this point on.


Hopeful

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,660 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:33 AM

Posted 22 July 2004 - 08:55 PM

It is possible that you are receiving emails that contain these viruses. Norton scans the emails as they come in and if they detect some viruses in them will alert you. That does not mean you are infected, just that it is detecting it from the emails

#3 Hopeful

Hopeful
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 22 July 2004 - 10:03 PM

Thank you Grinier for the quick reply.

I thought that would be your response and guess I was looking for approval for the way I went about troubleshooting the problem.

I'm glad that my AV is catching this worm, but it's annoying having to wait for the OE to open to my Inbox each time.

Since my e-mail is downloaded from my ISP, shouldn't their program filter out this virus activity before it reaches my inbox? I should probably contact them with that question? What do you think?

Their system is much slower than OE and not as handy to use.

Thanks again.

Hopeful

#4 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:03:33 AM

Posted 23 July 2004 - 08:22 AM

Since my e-mail is downloaded from my ISP, shouldn't their program filter out this virus activity before it reaches my inbox?

Believe it or not most ISP's do NOT run AV on their servers. If they have a huge mail load they don't want to slow it down by scanning every email. So they leave the protection up to you. I just had an exchange about this subject with www.myway.com where I have been receiving the Netsky virus in a zipped email everyday now for a week. I offered a solution...they replied "we're looking into it". So don't expect your ISP to run out and protect you.

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,660 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:33 AM

Posted 23 July 2004 - 03:18 PM

Well, maybe I can offer a different perspective on this as I work for any ISP.

Most ISP do not offer it because as raw said it would be a huge draw on resources to scan every email coming in. Second most ISP's sell the antivirus as an extra feature where they can make more money. Third, when an ISP starts filtering viruses you now have much greater liability if one sneaks through and causes havok. Fourth, false positives happen and legitimate mail gets quarantined. Now it becomes a administrative overhead to resolve that.

#6 Hopeful

Hopeful
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 23 July 2004 - 04:51 PM

Thank you all,

I can understand why ISP's will not or cannot check each e-mail now. You saved me from a few more days of communication with my ISP.

I would appreciate your thoughts on an alternative system to OE since it is the target of malware developers. I think I read something about Mozilla mentioned in one of your forums, but don't remember where.

Many thanks for your expert reports so far.

Hopeful

#7 Hopeful

Hopeful
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 27 July 2004 - 06:20 PM

Gentlemen, I think you can consider this topic now. My OE program hasn't received any more worm infected mail for four days now. What a relief!

Thanks for your kind help and expertise.

Hopeful

#8 Hopeful

Hopeful
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 27 July 2004 - 06:27 PM

Hi guys, I should have previewed my reply. I think you can consider this topic closed now. My OE hasn't had a worm infected mail in four days now.

Thanks for your responses and expertise. I'm a happy guy!

Hopeful

#9 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:03:33 AM

Posted 27 July 2004 - 08:06 PM

Hopeful,
That's great news glad it worked out. I'd like to leave you with this suggestion.
A truly wonderful email client from the Mozilla folks.Replaces OE has spam filters and much more (and no security holes like OE) Check it out Mozilla Thunderbird

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users