How to Remove the NetSky Virus

March 4 -- Unlike other recent computer e-mail bugs, Netsky.C does not exploit any holes in Microsoft's Internet Explorer or Outlook programs and infects only by running an executable file.

All antivirus vendors we've seen have updates that detect the virus, though some have been able to detect Netsky heuristically. If keep your antivirus up to date, and avoid opening attachments and running suspicious files, you will be relatively safe.

Clearing infected machines is easiest with your updated antivirus tool. If you don't have one, you can use Symantec's Netsky removal tool (www.sarc.com/avcenter/venc/data/w32.netsky@mm.removal.tool.html), which works for either Netsky.B or Netsky.C.

You can also use TrendMicro's Housecall (housecall.trendmicro.com), McAfee Stinger (vil.nai.com/vil/stinger/), or Panda Software's activescan (www.pandasoftware.com/activescan/com/activescan_principal.htm).

How To Remove Netsky Manually

Disable System Restore if you're using Windows ME or XP. (More information here:http://support.microsoft.com/default.aspx?kbid=283073) When you make changes to your system, Windows does a restoration checkpoint. If it does this while the system is infected, it may come back to re-infect later.

Trending Reader Picks

Boat seized in fatal hit-and-run: FWC

• May 15, 7:23 PM

New portrait of King Charles draws mixed reactions

• May 16, 1:44 PM

Teen graduates with doctoral degree

• May 14, 12:07 PM

Restart the computer in Safe Mode. Since W32/Netsky.C creates running processes, and Windows doesn't allow you to delete files connected with running processes, restarting is necessary. Using Safe mode prevents Windows from loading drivers and auto run entries so your system boots relatively clean.

Run a full system scan with an updated antivirus scanner (or one of the online scanners mentioned above). If your scanner gives you the option, also scan mapped drives to find any copies left in Shared folders. If your scanner does not remove everything, follow the next few steps.

Your antivirus software should, during detection, produce a list of files associated with the Netsky.C or Moodoom.c virus (depends on scanner). Delete all these files. The files will typically be in the Windows system folder, the location of which depends on which version of Windows you're running. You will also have to delete any files in the Shared folders on mapped drives.