Possible Viruse Sober-N Worm

[Guest]

Good day, I keep receiving a windows error message stating that
services.exe, smss and csrss.exe cannot connect to the internet due to
firewall or antivirus software. I've searched the internet and found that I
may have WIN32 SOBER-N Worm, but my antivirus didn't find a virus on my
system nor did ad-aware find any spyware on my system. I do have the
charactericsts of the virus and have remove entries in the registry and some
files hopeing to cure this problem.

The files removed from registry were in the run field ( _winstart
C:\windows\wizzard connection\status\services.exe) i removed it in both user
and local machine, but I still get the same windows pop ups. Can anyone
advise me of how to stop this from happining?

Thanks in advance.

F.Y.I I used trend micro house call and tried searching their data base
for removal instructions for this worm.

 

[David H. Lipman]

From: "Tiankhy" <[email protected]>

| Good day, I keep receiving a windows error message stating that
| services.exe, smss and csrss.exe cannot connect to the internet due to
| firewall or antivirus software. I've searched the internet and found that I
| may have WIN32 SOBER-N Worm, but my antivirus didn't find a virus on my
| system nor did ad-aware find any spyware on my system. I do have the
| charactericsts of the virus and have remove entries in the registry and some
| files hopeing to cure this problem.
|
| The files removed from registry were in the run field ( _winstart
| C:\windows\wizzard connection\status\services.exe) i removed it in both user
| and local machine, but I still get the same windows pop ups. Can anyone
| advise me of how to stop this from happining?
|
| Thanks in advance.
|
| F.Y.I I used trend micro house call and tried searching their data base
| for removal instructions for this worm.


There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus


Dump the contents of the IE Temporary Internet Folder cache (TIF)
start --> settings --> control panel --> internet options --> delete files

Dump the contents of the Mozilla FireFox Cache
Tools --> Options --> Privacy --> Cache --> Clear

Obtain McAfee's virus and worm removal tool, Stinger: http://vil.nai.com/vil/stinger/

1) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
2) Reboot your PC into Safe Mode and shutdown as many applications as possible
3) Using McAfee Stinger, perform a Full Scan of your platform and clean/delete any
infectors found
4) Restart your PC and perform a "final" Full Scan of your platform
5) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
6) Reboot your PC.
7) Create a new Restore point

* * * Please report back your results * * *

 

[Guest]

David, Thanks for your advice. I have removed the virus from my sytem and
everything is working fine. I did start the sytem in safe mode and scan my
registry for the file, and I also scan my local drives for the files as well.
And BOMB BABY!!!!! We're back in action......

Again Thanks for your help and support.

T. Hinton

 

[David H. Lipman]

From: "Tiankhy" <[email protected]>

| David, Thanks for your advice. I have removed the virus from my sytem and
| everything is working fine. I did start the sytem in safe mode and scan my
| registry for the file, and I also scan my local drives for the files as well.
| And BOMB BABY!!!!! We're back in action......
|
| Again Thanks for your help and support.
|
| T. Hinton
|


I am glad to hear that you are clean and thanx for updating the thread !