Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Sober.R - MEDIUM RISK by McAfee

  • Please log in to reply
2 replies to this topic

#1 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:09:07 PM

Posted 06 October 2005 - 05:11 AM

The Sober virus family is always one to watch. This one is spreading rapidly and McAfee has declared Medium Risk. It is also very difficult to clean until enhanced cleaning capabilities are provided by AV companies.

Sober.R - MEDIUM RISK by McAfee

Other AV companies

EMAIL TO AVOID - English & German variants

Subject:  Your new Password
Your password was successfully changed! Please see the attached file for detailed information.

Subject : Fwd: Klassentreffen

ich hoffe jetzt mal das ich endlich die richtige person erwischt habe! ich habe jedenfalls mal unser klassenfoto von damals mit angehngt. wenn du dich dort wiedererkennst, dann schreibe unbedingt zurck!!

wenn ich aber wieder mal die falsche person erwischt habe, dann sorry fr die belstigung ;)

liebe gr

This mass-mailing email virus arrives in an email message with one of the following attachment names: KlassenFoto.zip, pword_change.zip


Cleaning this new variant is difficult as some new techniques used by the virus writer lock down security of infected files, (blocks access to files using special registry settings), so that you have to clean in SAFE MODE until McAfee releases it's next DAT file (which will reset file access permissions in the registry to allow direct cleaning).

Due to the nature in which this virus operates once a machine is successfully infected, read-access to its file may be denied. The AV scanner will not be able to detect the file in this case. Because of this, if a machine is suspected to be infected, users are recommended to follow the procedure below:

Reboot the system into Safe Mode (hit the F8 key as soon as the Starting Windows text is displayed, choose Safe Mode.
Run a system scan using the specified engine/DATs.
Delete files flagged as infected
Restart machine in default mode.

BC AdBot (Login to Remove)


#2 raspberry


  • Members
  • 1 posts
  • Local time:08:07 PM

Posted 02 January 2006 - 09:47 PM

I currectly have w32/sober & spyaxe - how do I get rid of these?? and how do I avoid getting them?
help! :thumbsup:

#3 Scarlett


    Bleeping Diva

  • Members
  • 7,479 posts
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:08:07 PM

Posted 02 January 2006 - 09:55 PM

Hello rasberry

Please start your own topic here: http://www.bleepingcomputer.com/forums/f/25/antivirus-firewall-and-privacy-products-and-protection-methods/

Be sure to include as much detail as you possibly can.

Up to and including your Operating System, and what steps you have taken so far.

OK :thumbsup:

Edited by Scarlett, 02 January 2006 - 09:56 PM.

Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users