Author Topic: About Sober.X announced by Secunia  (Read 3664 times)

0 Members and 1 Guest are viewing this topic.

Iso-G

  • Guest
About Sober.X announced by Secunia
« on: November 24, 2005, 02:52:19 PM »
Secunia issued a HIGH RISK alert for Sorber.X (avast! named "Win32:Sober-AB2" ?), and IPA* says that this warm had the following engines stopped:
  aswclnr, avwin., brfix, fxsbr, gcas, gcip
  giantanti, guardgui., hijack, inetupd.
  microsoftanti, nod32., nod32kui, s_t_i_n
  sober, stinger


I think "aswclnr" may be avast! Virus Cleaner.
So I have questions.

1. Could avast! 4 engine for desktop protection on a infected computer be stopped by this warm ?
2. Does avast! Virus Cleaner remove this worm ?


*IPA: Information-technology Promotion Agency (About IPA/ISEC)

SKAAA

  • Guest
Re: About Sober.X announced by Secunia
« Reply #1 on: January 04, 2006, 04:19:39 PM »
Did anyone verify this?  I am getting slaughtered by incoming emails that avast labels "Win32:Sober-AB2" and am worried that I am infected.  No, I didn't open these emails but I am seeing suspect services running and when I do a search on the servies it says that they are either an exploit or a needed service.  Gets confusing.

Using Outlook 2003 with WinXP Pro SP2 if that helps.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89352
  • No support PMs thanks
Re: About Sober.X announced by Secunia
« Reply #2 on: January 04, 2006, 05:38:54 PM »
If avast is catching it in incoming email and you are opting to delete or send the email to the chest (you are doing this rather than allow the email to be delivered?) then you aren't infected by the detected virus.

You may well be infected by spyware undetected by avast.
What are these unknown/suspicious services?

If you haven't already got this software (freeware), download, install, update and run it.
1. Ad-Aware
2. Spybot Search and Destroy
3. Spywareblaster Don't install this until you are clean.
4. Ewido Security Suite If using winXP. or a-Squared free if using win98/ME.

You could also use an on-line scanner to confirm, established connection to the on-line scanner of your choice and just before you do the scan, pause Standard Shield, enable after completion.

On-line Virus Scanners and other useful Links Security-Ops.eu.tt
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Staind

  • Guest
Re: About Sober.X announced by Secunia
« Reply #3 on: January 05, 2006, 07:26:30 AM »
This is unrelated, but DavidR, is there anyway to fully delete all of the files that online scanners place on your computer after the scan is finished (ie. the activex files)?

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: About Sober.X announced by Secunia
« Reply #4 on: January 05, 2006, 08:39:41 AM »
Just a note...stinger has been renamed to prevent the virus from circumventing it.

http://us.mcafee.com/virusInfo/default.asp?id=stinger

Just in case anyone needs it.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89352
  • No support PMs thanks
Re: About Sober.X announced by Secunia
« Reply #5 on: January 05, 2006, 03:37:25 PM »
This is unrelated, but DavidR, is there anyway to fully delete all of the files that online scanners place on your computer after the scan is finished (ie. the activex files)?
Some may be nice and have a means of uninstalling or removing the files after a scan. Otherwise you would need to know where they were placed on your HDD to be able to remove them manually. Hijackthis often shows info about the on-line scanner's tracks on your system (activeX control path, etc.), this should give a clue as to the location on your HDD.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security