Help - Search - Members - Calendar
Full Version: Sober.R - MEDIUM RISK by McAfee
BleepingComputer.com > Security > Breaking Virus & Security News
   
harrywaldron
Oct 6 2005, 05:11 AM
The Sober virus family is always one to watch. This one is spreading rapidly and McAfee has declared Medium Risk. It is also very difficult to clean until enhanced cleaning capabilities are provided by AV companies.

Sober.R - MEDIUM RISK by McAfee
http://vil.nai.com/vil/content/v_136390.htm

Other AV companies
http://secunia.com/virus_information/22225/sober.s/

EMAIL TO AVOID - English & German variants

QUOTE
Subject:  Your new Password
Body:
Your password was successfully changed! Please see the attached file for detailed information.


QUOTE
Subject : Fwd: Klassentreffen
Body:

ich hoffe jetzt mal das ich endlich die richtige person erwischt habe! ich habe jedenfalls mal unser klassenfoto von damals mit angehngt. wenn du dich dort wiedererkennst, dann schreibe unbedingt zurck!!

wenn ich aber wieder mal die falsche person erwischt habe, dann sorry fr die belstigung ;)

liebe gr
Rita,



This mass-mailing email virus arrives in an email message with one of the following attachment names: KlassenFoto.zip, pword_change.zip

SPECIAL INSTRUCTIONS FOR INFECTED PCs

Cleaning this new variant is difficult as some new techniques used by the virus writer lock down security of infected files, (blocks access to files using special registry settings), so that you have to clean in SAFE MODE until McAfee releases it's next DAT file (which will reset file access permissions in the registry to allow direct cleaning).

QUOTE
Due to the nature in which this virus operates once a machine is successfully infected, read-access to its file may be denied. The AV scanner will not be able to detect the file in this case. Because of this, if a machine is suspected to be infected, users are recommended to follow the procedure below:

Reboot the system into Safe Mode (hit the F8 key as soon as the Starting Windows text is displayed, choose Safe Mode.
Run a system scan using the specified engine/DATs.
Delete files flagged as infected
Restart machine in default mode.
raspberry
Jan 2 2006, 09:47 PM
Hello,
I currectly have w32/sober & spyaxe - how do I get rid of these?? and how do I avoid getting them?
help! smile.gif
Scarlett
Jan 2 2006, 09:55 PM
Hello rasberry

Please start your own topic here: http://www.bleepingcomputer.com/forums/forum25.html

Be sure to include as much detail as you possibly can.

Up to and including your Operating System, and what steps you have taken so far.

OK smile.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2008 Invision Power Services, Inc.