how do i completely remove netsky C

[maddie]

Hi all!
I have an enduring problem with the worm netsky C.. some weeks ago i had about 4000 infected files which i deleted with a virus-scanner (antivir.de). i heard nothing for a few days and then 1 infected file which i deleted and now a few days later another infected file which i dont want to delete, because it is important!
How can i remove this worm from my computer and never get it back? does it sit somewhere and infects files from time to time??? this antivir-program is considered as one of the best freeware programs, i think.
Can anyone help me please??
maddie

[igor]

NetSky is a worm - it doesn't infect files. So, what is this important file you don't want to delete? What is its exact file name?

[maddie]

oh, okay...
the file is bibliothek.mdb and antivir says it were infected... i chose not to delete it but i didnt open it again.

[igor]

Oh, it sounds like a false alarm then... I really doubt a .mdb file could get infected.
What is this file? (what program does it belong to?)

[maddie]

it is a microsoft access file....

[igor]

Well, I know that
I mean, did you create it in Access directly, or is it a database of some application, or... ?
I'm just wondering how the worm code could get inside of the file.

What operating system do you use, by the way?

[maddie]

sorry!
yes, i directly created the file in access and i am using windows 98...

[igor]

Well, if it's Windows 98, then I think here is the explanation: Microsoft Office programs (Word, Excell, Access) are known not to initialize the memory they allocate. The Windows 9x operating system doesn't perform the initialization either. So, sometimes, the following happens: the physical memory where the virus/worm was loaded is swapped out (or deallocated) and this memory block is allocated in the Access process. The memory is not cleared - so the original virus code is still there. Access writes the important fields to the memory (fills the structure) - but some unimportant parts ("gaps") remain uninitialized (i.e. they still contain pieces of the virus code). Then, the file is saved and this memory block is written to the .mdb file. Pieces of the virus code are still inside... and avast! finds them.

You don't have to be worried about it - the virus is certainly not active (or complete) there and cannot be activated. Of course, it may be annoying that avast! detects the file as infected.
I would suggest to "compact" the database (there should be such command in Access) - I hope it will clear the unused parts of the MDB file.

[maddie]

 
thank you very much!! that sounds very good and i am really happy not to delete this file! thanks and i try the compact-the-database-thing!

[maddie]

hi again...
so - it sounded good. but my father accidentially deleted the file when starting the antivirus-program. ...!!
is there any chance to get it back ? do these programs have any quarantine place or something like that for "infected" files??
i am really p...
thanks again,
maddie

[igor]

Well, there is a Virus Chest in avast! (where you can recover the file from) - but that requires the user to instruct avast! to "Move the infected file to Chest". If the selected action was "Delete file", the file was simply deleted... (you may try some file-recovery tools in that case, but that's not 100% solution, of course )