Member
My personal computer is suffering with the problem of W32.Sober.X@mm. I got that information when my antivirus gave me an alert message about this virus. I want to know what exactly this virus is. The simple reason is that when I am trying to delete this virus I am getting message that this virus is deleted but when I reboots my personal computer, I receive the same message again that “W32.Sober.X@mm” is found on this computer.
Member
Your antivirus detected the “W32.Sober.X@mm” on your computer is kind of internet worm. The threat level of this worm is medium, but whatever is the thereat level. These kinds of worm are harmful for your computer. So I will suggest you that if your current antivirus is not capable of deleting this worm than you should go for another antivirus. Download any other antivirus which is available on the internet and remove this threat from your personal computer.
Member
Sober.X is a mass mailing worm uses e-mail addresses collected from the system to distribute infected mails. The worm uses its own SMTP engine to spread. The infected mail will be in English or German.The infected mail subject in English will be one of the following
Your Password, Registration Confirmation,smtp mail failed, Mail delivery failed,
hi, ive a new mail address , You visit illegal websites ,Your IP was logged Paris Hilton & Nicole Richie
The infected mail Attachment name in English will be one of the following
mailtext.zip mail.zip reg_pass.zip mail.zip reg_pass-data.zip question_list.zip
list.zip download mail_body.zip
The infected mail message body in English will be one of the following
hey it’s me, my old address don’t work at time. I don’t know why?
in the last days I have got some mails. I think that’s your mails but imp not sure!
plz read and check ...
cyaaaaaaa
Member
When the infected e-mail attachment is executed, it displays a fake error message "Error in packed Header" with title "WinZip Self-Extractor" and copies to %WINDOWS%\WinSecurity\services.exe. It also drops SMSS.EXE, CSRSS.EXE, and data files in the infected system.Then it modifies the registry to load automatically on next startup. The registry key modification is given below.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run = "_Windows"="%WINDOWS%\WinSecurity\services.exe"
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run = "_Windows"="%WINDOWS%\WinSecurity\services.exe"
Member
If your antivirus is detecting this worm on your personal computer then it should be able to delete this virus from your computer. Update your antivirus and scan your system in safe mode. For running your system in safe mode you have to reboot you personal computer and press F12. After that you will get an option of running the window in safe mode. After opening your window in safe mode scan your personal computer. I am sure that this will solve your problem.
Member
Antivirus software will definitely remove the virus from your computer. But you must follow some preventive measure to avoid virus, worms, and trojan problems.
• Enable you firewall
• Avoid downloading pirated software
• Scan you personal computer at the regular interval.
• Update your antivirus software
• Use strong password for your personal computer
• Upgrade you system software regularly.
Posting Permissions
Reply With Quote
Bookmarks