Why do I keep -getting- these?

Computing.Net > Forums > Security and Virus > Why do I keep -getting- these?

Computing.Net: Over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to sign up now, it's free!

Why do I keep -getting- these?

Original Message

Name: Junsui
Date: July 6, 2005 at 20:05:41 Pacific
Subject: Why do I keep -getting- these?
OS: Windows XP Home Edition
CPU/Ram: P4 1.6 GB

Comment:

I have not opened ANY emails lately. My computer was being slow, and not logging of of my Windows XP user, so I decided to run HouseCall. HouseCall removed Sober.U. This is the third case of Sober I've had in the last 3-4 months. Am I some type of target for these? Does it like(Maybe Hate is a better word) me?

Report Offensive Message For Removal

Response Number 1

Name: Martin Crandall
Date: July 6, 2005 at 20:51:45 Pacific

Reply: (edit)

Actually, i bet you are not deleting it properly!
Not only do these worms, viruses and trojans live within your system files, they also live within System Restore. If System Restore is not disabled before attempting to remove infections, they will automatically return when you reboot.
http://securityresponse.symantec.com/avcenter/venc/data/w32.sober@mm.removal.tool.html
Symantic has a tool especially to get rid of Sober at the above link.
1. Disable System Restore.
2. Read the instructions on the Symantic site.
3. Download the tool to your desktop.
4. Execute the downloaded tool.
5. Reboot.
6. Execute the downloaded tool again.
7. Turn System Restore back on if you are finally clean.
What are you running for AV software? Every decent AV package has been guarding against Sober since October of 03.
Let me guess, you don't have an AV package, you are using one of those free online scans whenever you think you might have a problem?!?
_________________________
The internet is no longer a toy, it's a COMBAT ZONE!

Report Offensive Follow Up For Removal

Response Number 2

Name: Junsui
Date: July 7, 2005 at 08:56:52 Pacific

Reply: (edit)

Last time I had to delete it, I went in System Restore off, booted in Safe Mode, and manually deleted it. I ran the Symantec Tool, but it didn't even know it was there.
''Let me guess, you don't have an AV package, you are using one of those free online scans whenever you think you might have a problem?!?''
Nope. I'm running eTrust EZ AV. I looked at my Real-Time log, and it says it has repeatively blocked Sober.N.

Report Offensive Follow Up For Removal

Response Number 3

Name: Martin Crandall
Date: July 7, 2005 at 11:04:29 Pacific

Reply: (edit)

http://smallbiz.symantec.com/avcenter/venc/data/w32.sober.n@mm!dr.html
So now it's sober.n, at first it was sober.u
_________________________
The internet is no longer a toy, it's a COMBAT ZONE!

Report Offensive Follow Up For Removal

Response Number 4

Name: Junsui
Date: July 7, 2005 at 15:09:21 Pacific

Reply: (edit)

Sober.U is what Trend Micro deleted.
Sober.N is what EZ keeps blocking.
And the tool did -not- help.

Report Offensive Follow Up For Removal

Response Number 5

Name: aceisaneight
Date: July 9, 2005 at 19:13:37 Pacific

Reply: (edit)

are u running any p2p programs?
Please keep us updated so we know if we helped you or not.

Report Offensive Follow Up For Removal


Sobig virus i keep getting popups Bad checksum when downloading updat Servic~1.exe, how do I get rid of i How much protection do I need?	how do I open HT log file? Keep getting popups How do i get rid of TROJAN.LINST What do i need do know? how do i get rid of odbc.hta

msoa32.exe trouble

IE 6 Problems

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Do you have your own blog?

Poll Finishes In 4 Days.
Discuss in The Lounge
Poll History

Disk Error

Why is NetBEUI faster than TCP/IP

Adobe Acrobat Reader Nag Screen

Simple File Sharing.

Wireless DVR access for cameras

All Awaiting Reply