Clusterheadaches.com Message Board


    
      
        Clusterheadaches.com Message Board
        (http://www.clusterheadaches.com/cgi-bin/yabb/YaBB.cgi)
      

        New Message Board Archives >> 2005 General Board Posts >> Clean but Whats up with FBI/CIA viruses. 
        
(Message started by: MJ on Dec 5^th, 2005, 9:42pm)

Title: Clean but Whats up with FBI/CIA viruses.
Post by MJ on Dec 5^th, 2005, 9:42pm

In the past 3 hours my computer has quarantined 18 email viruses regarding the FBI/CIA virus.
I have Norton/symantec blocking it very well on my end.

I am wondering if others are getting this as well.
CH.com is the only site I have been to in that time frame.
Can anyone explain what this virus does.

Please scan your systems if not protected.

MJ

Title: Re: Clean but Whats up with FBI/CIA viruses.
Post by BlueMeanie on Dec 5^th, 2005, 9:48pm

FBI/CIA checking YOUR computer. Ya must have done something real bad. 8)

Title: Re: Clean but Whats up with FBI/CIA viruses.
Post by Redd715 on Dec 5^th, 2005, 9:50pm

Its one of the Sober worm varients...

google a removal tool...

Title: Re: Clean but Whats up with FBI/CIA viruses.
Post by MJ on Dec 5^th, 2005, 10:22pm

Thanks Redd was allready there.
Kindof surprised I hadnt been hit before.

an explanation and removal tool exists here.

http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.x@mm.html

I came up clean but it moves pretty fast.

Title: Re: Clean but Whats up with FBI/CIA viruses.
Post by MJ on Dec 5^th, 2005, 10:27pm

Blue meanie

Thats life in the fast lane allways looking over my shoulder.

Title: Re: Clean but Whats up with FBI/CIA viruses.
Post by Redd715 on Dec 5^th, 2005, 10:29pm

Run it in safe mode with system restore turned off..

only way to be sure you have it gone...

edit for typos

Title: Re: Clean but Whats up with FBI/CIA viruses.
Post by MJ on Dec 5^th, 2005, 10:33pm

I did thanks

Title: Re: Clean but Whats up with FBI/CIA viruses.
Post by TheMasterBaker on Dec 6^th, 2005, 8:10am

I have been getting about 6-8 emails a day in my Corporate account.
Security software is catching all of them.
Someone has the bug...

W32.Sober.X@mm (http://www.symantec.com/avcenter/venc/data/w32.sober.x@mm.html)

W32.Sober Removal Tool (http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.removal.tool.html?Open)

US-CERT (http://www.us-cert.gov/) is aware of several new variants of the W32/Sober virus that propagate via email. As with many viruses, these variants rely on social engineering to propagate. Specifically, the user must click on a link or open an attached file. A recent variant sends messages that appear to be from the CIA or FBI, while a German version appears to be coming from the Bundeskriminalamt (BKA), the German Federal police service. US-CERT encourages users to review the appropriate alert (http://www.fbi.gov/pressrel/pressrel05/emailscheme112205.htm)