BleepingComputer.com: Sober.R - MEDIUM RISK by McAfee

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Sober.R - MEDIUM RISK by McAfee difficult to remove infections

#1 User is offline   harrywaldron 

  • Security Reporter
  • PipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 509
  • Joined: 10-April 04
  • Gender:Male
  • Location:Roanoke, Virginia

  Posted 06 October 2005 - 05:11 AM

The Sober virus family is always one to watch. This one is spreading rapidly and McAfee has declared Medium Risk. It is also very difficult to clean until enhanced cleaning capabilities are provided by AV companies.

Sober.R - MEDIUM RISK by McAfee
http://vil.nai.com/vil/content/v_136390.htm

Other AV companies
http://secunia.com/virus_information/22225/sober.s/

EMAIL TO AVOID - English & German variants

Quote

Subject:  Your new Password
Body:
Your password was successfully changed! Please see the attached file for detailed information.


Quote

Subject : Fwd: Klassentreffen
Body:

ich hoffe jetzt mal das ich endlich die richtige person erwischt habe! ich habe jedenfalls mal unser klassenfoto von damals mit angehngt. wenn du dich dort wiedererkennst, dann schreibe unbedingt zurck!!

wenn ich aber wieder mal die falsche person erwischt habe, dann sorry fr die belstigung ;)

liebe gr
Rita,



This mass-mailing email virus arrives in an email message with one of the following attachment names: KlassenFoto.zip, pword_change.zip

SPECIAL INSTRUCTIONS FOR INFECTED PCs

Cleaning this new variant is difficult as some new techniques used by the virus writer lock down security of infected files, (blocks access to files using special registry settings), so that you have to clean in SAFE MODE until McAfee releases it's next DAT file (which will reset file access permissions in the registry to allow direct cleaning).

Quote

Due to the nature in which this virus operates once a machine is successfully infected, read-access to its file may be denied. The AV scanner will not be able to detect the file in this case. Because of this, if a machine is suspected to be infected, users are recommended to follow the procedure below:

Reboot the system into Safe Mode (hit the F8 key as soon as the Starting Windows text is displayed, choose Safe Mode.
Run a system scan using the specified engine/DATs.
Delete files flagged as infected
Restart machine in default mode.

Microsoft Security Journal

#2 User is offline   raspberry 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 02-January 06

Posted 02 January 2006 - 09:47 PM

Hello,
I currectly have w32/sober & spyaxe - how do I get rid of these?? and how do I avoid getting them?
help! :thumbsup:

#3 User is offline   Scarlett 

  • Bleeping Diva
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 7,479
  • Joined: 25-April 04
  • Gender:Female
  • Location:As always I'm beside myself ;)

Posted 02 January 2006 - 09:55 PM

Hello rasberry

Please start your own topic here: http://www.bleepingcomputer.com/forums/forum25.html

Be sure to include as much detail as you possibly can.

Up to and including your Operating System, and what steps you have taken so far.

OK :thumbsup:

This post has been edited by Scarlett: 02 January 2006 - 09:56 PM

Posted Image

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users