Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Sober.R - MEDIUM RISK by McAfee and difficult to remove

  The Sober virus family is always one to watch. This one is spreading rapidly and McAfee has declared Medium Risk. It is also very difficult to clean until enhanced cleaning capabilities are provided by AV companies.

Sober.R - MEDIUM RISK by McAfee
http://vil.nai.com/vil/content/v_136390.htm

Other AV companies
http://secunia.com/virus_information/22225/sober.s/

EMAIL TO AVOID - English & German variants
Subject: Your new Password
Body:  Your password was successfully changed! Please see the attached file for detailed information.

This mass-mailing email virus arrives in an email message with one of the following attachment names: KlassenFoto.zip, pword_change.zip

SPECIAL INSTRUCTIONS FOR INFECTED PCs

Cleaning this new variant is difficult as some new techniques used by the virus writer lock down security of infected files, (blocks access to files using special registry settings), so that you have to clean in SAFE MODE until McAfee releases it's next DAT file (which will reset file access permissions in the registry to allow direct cleaning).

Quote:

Due to the nature in which this virus operates once a machine is successfully infected, read-access to its file may be denied. The AV scanner will not be able to detect the file in this case. Because of this, if a machine is suspected to be infected, users are recommended to follow the procedure below:

Reboot the system into Safe Mode (hit the F8 key as soon as the Starting Windows text is displayed, choose Safe Mode.
Run a system scan using the specified engine/DATs.
Delete files flagged as infected
Restart machine in default mode.

Posted: Oct 06 2005, 06:43 AM by Harry Waldron | with 1 comment(s)

Comments

TrackBack said:

# October 6, 2005 8:20 PM