• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Virus: w32.netsky.p@mm

V

VicenteS

New Pleskian
Hi!

This is the first time i post something here, I do not know if this is the right place.

I have plesk for linux 9.2 with DrWeb activated, my emails has been cleaned from viruses until last week, i'm receiving a lot of times the same virus w32.netsky.p@mm (attached on a zip file) but DrWeb isn't capable of detecting this virus (my desktop antivirus sometimes can and others force me to restart to be sure).

Can you help me? Is there any way to update DrWeb? Why doesn't detecting this virus and there is no problem with others?

Thanks.
 
Hi IgorG, thanks for answer it.

I think cronjob is running, this is my drweb update directory:

/var/drweb/updates# ls -al
total 6,4M
-rw-r--r-- 1 drweb drweb 11K 2009-09-15 11:02 drw50000.txt
-rw-r--r-- 1 drweb drweb 6,9K 2009-09-15 11:02 drw50001.txt
-rw-r--r-- 1 drweb drweb 2,2K 2009-09-15 11:02 drw50002.txt
-rw-r--r-- 1 drweb drweb 19K 2009-09-15 11:02 drw50003.txt
-rw-r--r-- 1 drweb drweb 38K 2009-09-15 11:02 drw50004.txt
-rw-r--r-- 1 drweb drweb 44K 2009-09-15 11:02 drw50005.txt
-rw-r--r-- 1 drweb drweb 22K 2009-09-15 11:02 drw50006.txt
-rw-r--r-- 1 drweb drweb 28K 2009-09-15 11:02 drw50007.txt
-rw-r--r-- 1 drweb drweb 64K 2009-09-15 11:02 drw50008.txt
-rw-r--r-- 1 drweb drweb 51K 2009-09-15 11:02 drw50009.txt
-rw-r--r-- 1 drweb drweb 65K 2009-09-15 11:02 drw50010.txt
-rw-r--r-- 1 drweb drweb 22K 2009-09-15 11:02 drw50011.txt
-rw-r--r-- 1 drweb drweb 40K 2009-09-15 11:02 drw50012.txt
-rw-r--r-- 1 drweb drweb 51K 2009-09-15 11:02 drw50013.txt
-rw-r--r-- 1 drweb drweb 47K 2009-09-15 11:02 drw50014.txt
-rw-r--r-- 1 drweb drweb 61K 2009-09-15 11:02 drw50015.txt
-rw-r--r-- 1 drweb drweb 74K 2009-09-15 11:02 drw50016.txt
-rw-r--r-- 1 drweb drweb 69K 2009-09-15 11:02 drw50017.txt
-rw-r--r-- 1 drweb drweb 43K 2009-09-15 11:02 drw50018.txt
-rw-r--r-- 1 drweb drweb 33K 2009-09-15 11:02 drw50019.txt
-rw-r--r-- 1 drweb drweb 81K 2009-09-15 11:02 drw50020.txt
-rw-r--r-- 1 drweb drweb 57K 2009-09-15 11:02 drw50021.txt
-rw-r--r-- 1 drweb drweb 60K 2009-09-15 11:02 drw50022.txt
-rw-r--r-- 1 drweb drweb 44K 2009-09-15 11:02 drw50023.txt
-rw-r--r-- 1 drweb drweb 27K 2009-09-15 11:02 drw50024.txt
-rw-r--r-- 1 drweb drweb 74K 2009-09-15 11:02 drw50025.txt
-rw-r--r-- 1 drweb drweb 31K 2009-09-15 11:02 drw50026.txt
-rw-r--r-- 1 drweb drweb 73K 2009-09-15 11:02 drw50027.txt
-rw-r--r-- 1 drweb drweb 34K 2009-09-15 11:02 drw50028.txt
-rw-r--r-- 1 drweb drweb 26K 2009-09-15 11:02 drw50029.txt
-rw-r--r-- 1 drweb drweb 26K 2009-09-15 11:02 drw50030.txt
-rw-r--r-- 1 drweb drweb 85K 2009-09-15 11:02 drw50031.txt
-rw-r--r-- 1 drweb drweb 103K 2009-09-15 11:02 drw50032.txt
-rw-r--r-- 1 drweb drweb 31K 2009-09-15 11:02 drw50033.txt
-rw-r--r-- 1 drweb drweb 32K 2009-09-15 11:02 drw50034.txt
-rw-r--r-- 1 drweb drweb 85K 2009-09-15 11:02 drw50035.txt
-rw-r--r-- 1 drweb drweb 66K 2009-09-15 11:02 drw50036.txt
-rw-r--r-- 1 drweb drweb 115K 2009-09-15 11:02 drw50037.txt
-rw-r--r-- 1 drweb drweb 135K 2009-09-15 11:02 drw50038.txt
-rw-r--r-- 1 drweb drweb 67K 2009-09-15 11:02 drw50039.txt
-rw-r--r-- 1 drweb drweb 106K 2009-10-06 14:33 drw50040.txt
-rw-r--r-- 1 drweb drweb 60K 2009-09-15 11:02 drw50041.txt
-rw-r--r-- 1 drweb drweb 60K 2009-09-15 11:02 drw50042.txt
-rw-r--r-- 1 drweb drweb 72K 2009-09-20 23:31 drw50043.txt
-rw-r--r-- 1 drweb drweb 93K 2009-09-27 22:01 drw50044.txt
-rw-r--r-- 1 drweb drweb 38K 2009-10-04 23:30 drw50045.txt
-rw-r--r-- 1 drweb drweb 68K 2009-10-16 10:30 drw50046.txt
-rw-r--r-- 1 drweb drweb 233K 2009-10-19 08:42 drw50047.txt
-rw-r--r-- 1 drweb drweb 532K 2009-11-09 18:00 drw50048.txt
-rw-r--r-- 1 drweb drweb 509K 2009-11-09 18:00 drw50049.txt
-rw-r--r-- 1 drweb drweb 523K 2009-11-09 09:01 drw50050.txt
-rw-r--r-- 1 drweb drweb 509K 2009-11-15 22:30 drw50051.txt
-rw-r--r-- 1 drweb drweb 654K 2009-11-23 14:31 drw50052.txt
-rw-r--r-- 1 drweb drweb 274K 2009-11-30 12:03 drw50053.txt
-rw-r--r-- 1 drweb drweb 190K 2009-12-04 00:01 drwdaily.txt
-rw-r--r-- 1 drweb drweb 11K 2007-10-21 20:55 drwnasty.txt
-rw-r--r-- 1 drweb drweb 9,7K 2007-10-21 20:55 drwrisky.txt
-rw-r--r-- 1 drweb drweb 14K 2009-12-04 02:30 drwtoday.txt
-rw-r--r-- 1 drweb drweb 11K 2009-09-15 11:02 dwn50001.txt
-rw-r--r-- 1 drweb drweb 18K 2009-09-15 11:02 dwn50002.txt
-rw-r--r-- 1 drweb drweb 9,5K 2009-09-15 11:02 dwn50003.txt
-rw-r--r-- 1 drweb drweb 11K 2009-09-15 11:02 dwn50004.txt
-rw-r--r-- 1 drweb drweb 8,7K 2009-10-11 23:30 dwn50005.txt
-rw-r--r-- 1 drweb drweb 11K 2009-10-19 08:42 dwn50006.txt
-rw-r--r-- 1 drweb drweb 15K 2009-10-25 22:30 dwn50007.txt
-rw-r--r-- 1 drweb drweb 28K 2009-11-01 22:00 dwn50008.txt
-rw-r--r-- 1 drweb drweb 17K 2009-11-09 09:01 dwn50009.txt
-rw-r--r-- 1 drweb drweb 18K 2009-11-15 22:30 dwn50010.txt
-rw-r--r-- 1 drweb drweb 18K 2009-12-04 02:30 dwntoday.txt
-rw-r--r-- 1 drweb drweb 8,4K 2009-09-15 11:02 dwr50001.txt
-rw-r--r-- 1 drweb drweb 5,2K 2009-09-15 11:02 dwr50002.txt
-rw-r--r-- 1 drweb drweb 6,3K 2009-10-19 08:42 dwr50003.txt
-rw-r--r-- 1 drweb drweb 10K 2009-11-01 22:00 dwr50004.txt
-rw-r--r-- 1 drweb drweb 12K 2009-11-15 22:30 dwr50005.txt
-rw-r--r-- 1 drweb drweb 6,4K 2009-12-04 02:30 dwrtoday.txt
-rw-r--r-- 1 drweb drweb 10 2009-12-04 02:30 timestamp
Click to expand...

Last update is today at 2.30.

I've just received another 4 message with virus (the same virus) and drweb couldn't detected them.

Thanks for your help.
 
You can verify if drweb or other AV scanners can still detect this at: http://www.virustotal.com

It is not uncommon for updates to either expire older AV signatures, or to break them under certain conditions. Thats why we always recommend running at least 3 scanners.
 
I've just checked on that page and this is the result:

http://www.virustotal.com/analisis/...459564b059cab1a35a3cec4b3c270d4525-1260800475

DrWeb is not detecting the virus yet.

I do not know if link with analysis will be permanent or not, there is a summary of the result:

Antivirus Version Last Update Result
a-squared 4.5.0.43 2009.12.14 Email-Worm.Win32.NetSky!IK
AhnLab-V3 5.0.0.2 2009.12.14 Win32/Netsky.worm.29568
AntiVir 7.9.1.108 2009.12.14 Worm/Netsky.AP
Antiy-AVL 2.0.3.7 2009.12.14 Worm/Win32.NetSky
Authentium 5.2.0.5 2009.12.02 W32/Netsky.P@mm
Avast 4.8.1351.0 2009.12.14 Win32:Netsky-AF
AVG 8.5.0.427 2009.12.14 I-Worm/Netsky
BitDefender 7.2 2009.12.14 Win32.Netsky.P@mm
CAT-QuickHeal 10.00 2009.12.14 W32.NetSky.P
ClamAV 0.94.1 2009.12.14 Worm.NetSky-14
Comodo 3241 2009.12.14 Worm.Win32.Netsky.Q
DrWeb 5.0.0.12182 2009.12.14 Win32.HLLM.Netsky.18401
eSafe 7.0.17.0 2009.12.13 Win32_Netsky_Q
eTrust-Vet 35.1.7174 2009.12.14 Win32/Netsky.P
F-Prot 4.5.1.85 2009.12.14 W32/Netsky.P@mm
F-Secure 9.0.15370.0 2009.12.14 Win32.Netsky.P@mm
Fortinet 4.0.14.0 2009.12.14 W32/Netsky.P!dam
GData 19 2009.12.14 Win32.Netsky.P@mm
Ikarus T3.1.1.74.0 2009.12.14 Email-Worm.Win32.NetSky
Jiangmin 13.0.900 2009.12.14 I-Worm/NetSky.q
K7AntiVirus 7.10.920 2009.12.14 Email-Worm.Win32.NetSky.q
Kaspersky 7.0.0.125 2009.12.14 Email-Worm.Win32.NetSky.q
McAfee 5831 2009.12.13 W32/Netsky.p@MM
McAfee+Artemis 5831 2009.12.13 W32/Netsky.p@MM
McAfee-GW-Edition 6.8.5 2009.12.14 Heuristic.LooksLike.Win32.Packed.A
Microsoft 1.5302 2009.12.14 Worm:Win32/Netsky.P@mm
NOD32 4686 2009.12.14 Win32/Netsky.Q
Norman 6.04.03 2009.12.14 Netsky.P@mm
nProtect 2009.1.8.0 2009.12.14 Worm/W32.NetSky.29568
Panda 10.0.2.2 2009.12.13 W32/Netsky.P.worm
PCTools 7.0.3.5 2009.12.14 Email-Worm.NetSky
Rising 22.26.00.04 2009.12.14 Worm.Mail.NetSky.la
Sophos 4.48.0 2009.12.14 W32/Netsky-P
Sunbelt 3.2.1858.2 2009.12.14 Email-Worm.Win32.NetSky.q
Symantec 1.4.4.12 2009.12.14 W32.Netsky.P@mm
TheHacker 6.5.0.2.092 2009.12.12 W32/Netsky(2).gen@MM
TrendMicro 9.100.0.1001 2009.12.14 WORM_NETSKY.P
VBA32 3.12.12.0 2009.12.13 Email-Worm.Win32.NetSky.q
ViRobot 2009.12.14.2087 2009.12.14 I-Worm.Win32.Netsky.29568
VirusBuster 5.0.21.0 2009.12.13 I-Worm.Netsky.Q1

Additional information
File size: 29568 bytes
MD5   : 3018e99857f31a59e0777396ae634a8f
SHA1  : 7031cfe76ee7b2c925f2c00372fb9ef7f983f60c
SHA256: c8fffb2e737514c551b2d7bcaf8baa459564b059cab1a35a3cec4b3c270d4525
PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0x12000<br> timedatestamp.....: 0x0 (Thu Jan 1 01:00:00 1970)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 3 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> t 0x1000 0xA000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>ta 0xB000 0x7000 0x6F74 7.97 57fa7446ba511553d1cf2b2fbb1939e6<br>a 0x12000 0x1000 0x200 4.61 405140935b14cd4c833fc9c8f4fae9ee<br> <br> ( 1 imports )<br> <br>&gt; kernel32.dll: LoadLibraryA, GetProcAddress<br> <br> ( 0 exports )<br>
TrID&nbsp;&nbsp;: File type identification<br>Generic Win/DOS Executable (49.5%)<br>DOS Executable Generic (49.5%)<br>VXD Driver (0.7%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
ThreatExpert: <a href="http://www.threatexpert.com/report.aspx?md5=3018e99857f31a59e0777396ae634a8f" target="_blank">http://www.threatexpert.com/report.aspx?md5=3018e99857f31a59e0777396ae634a8f</a>
ssdeep: 768:vWkliAnUQYkYKzqbjC5RqHjrYReyZx+l0oKriCPRDL:+ySsz6jGeyZx+l0TR
Prevx&nbsp;Info: <a href="http://info.prevx.com/aboutprogramtext.asp?PX5=CB5026F880673C2773380051CE4DB6004FFAFEE9" target="_blank">http://info.prevx.com/aboutprogramtext.asp?PX5=CB5026F880673C2773380051CE4DB6004FFAFEE9</a>
PEiD&nbsp;&nbsp;: FSG v1.00 (Eng) -&gt; dulek/xt
CWSandbox: <a href="http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=3018e99857f31a59e0777396ae634a8f" target="_blank">http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=3018e99857f31a59e0777396ae634a8f</a>
RDS&nbsp;&nbsp;&nbsp;: NSRL Reference Data Set<br>-
Click to expand...
 
Seems it is much more DrWeb related problem than Plesk. Did you tried contact DrWeb guys regarding this virus?
 
You must log in or register to reply here.

Similar threads

G
Issue Database Malware or False Positive?
Replies
2
Views
361
Gene Steinberg
G
A
Resolved Unwanted redirects to gmail, when receiving emails
Replies
5
Views
933
arunda2
A
danami
Input Sentinel Anti-malware Extension for Plesk
Replies
6
Views
3K
danami
danami
danami
Input Warden Antispam & Virus Protection Extension for Plesk
6 7 8
Replies
149
Views
30K
danami
danami
P
Resolved set handler for .php in symlinked directory
Replies
2
Views
1K
Juul
J
Back
Top