F - N E T S K Y --------------- The F-NetSky utility disinfects computers infected with the following Netsky worm variants: W32/NetSky.A@mm (also known as Moodown) W32/NetSky.B@mm W32/NetSky.C@mm W32/NetSky.D@mm W32/NetSky.E@mm W32/NetSky.F@mm W32/NetSky.G@mm W32/NetSky.H@mm W32/NetSky.I@mm W32/NetSky.J@mm W32/NetSky.K@mm W32/NetSky.L@mm W32/NetSky.M@mm W32/NetSky.N@mm W32/NetSky.O@mm W32/NetSky.P@mm W32/NetSky.Q@mm W32/NetSky.R@mm W32/NetSky.S@mm W32/NetSky.T@mm W32/NetSky.U@mm W32/NetSky.V@mm W32/NetSky.W@mm W32/NetSky.X@mm W32/NetSky.Y@mm W32/NetSky.Z@mm W32/NetSky.AA@mm W32/NetSky.AB@mm W32/NetSky.AC@mm W32/NetSky.AD@mm Disinfection procedure should be as follows: 1. Unpack the F-NetSky utility from the provided ZIP archive either with WinZip or PkUnzip utilities. A trial version of WinZip archiver can be downloaded from the following website: http://www.winzip.com/ddchomea.htm 2. Run the unpacked F-NetSky.exe file from a hard disk to eliminate the infection. You can run the utility by either doubleclicking on it from Windows Explorer or you can start it from a command interpreter (COMMAND.COM or CMD.EXE) by typing its name at command prompt and pressing 'Enter' (for advanced users). First the F-NetSky utility will kill NetSky worm's processes in memory. Then the utility will remove Registry entries created by the worm. Finally the utility will scan all hard drives for infected files and delete them. 3. Restart a computer. After restart your system should be clean. You can get a trial version of F-Secure Anti-Virus and the latest updates for it from our website: http://www.europe.f-secure.com/download-purchase/list.shtml http://www.europe.f-secure.com/download-purchase/updates.shtml IMPORTANT NOTES --------------- If NetSky infection is in a network environment, then the network should be temporarily taken down before all workstations and servers are disinfected. A single infected workstation can re-infect already cleaned computers. However if FSAV 5.40 or a later version is installed on computers connected to a network, it is recommended to set disinfection action of the On-Access Scanner (OAS) to 'Disinfect Automatically'. This will protect already cleaned workstations connected to an infected network from further re-infection by the worm. If a computer with Windows NT, 2000 or XP system is being disinfected, please log in as Administrator or as a user with local admin rights, otherwise the F-NetSky utility might not disinfect the system correctly. If you have Windows ME or XP, it is recommended to disable System Restore feature of these operating systems to prevent your computer from re-infection with NetSky worm. The fact is that System Restore feature of these operating systems might save the infected file into the special folder and copy it back to a hard drive it every time it's been deleted by F-NetSky utility. The instructions on how to disable System Restore feature are here: Windows ME: http://www.europe.f-secure.com/v-descs/sfc_dis.shtml Windows XP: http://www.europe.f-secure.com/v-descs/sfc_dis1.shtml If you have any problems using this utility please contact us on 'anti-virus-support@f-secure.com' address. Copyright (C) 2004 F-Secure Corporation. All rights reserved.