"worm.s.sober" i think its called virus. please help

[Guest]

i've been getting these popups on my computer for the last hour. it seems
like the virus/worm is sending out emails from my account. it won't stop and
i dont know what to do. i think i got it from a friends email with an
attachment. any help would be greatly appreciated , thanks!


http://img517.imageshack.us/img517/5021/screenshot0013ee.png

http://img517.imageshack.us/img517/170/screenshot0070rv.png

http://img517.imageshack.us/img517/9681/screenshot0043hy.png

 

[David H. Lipman]

From: "markthegrave" <[email protected]>

| i've been getting these popups on my computer for the last hour. it seems
| like the virus/worm is sending out emails from my account. it won't stop and
| i dont know what to do. i think i got it from a friends email with an
| attachment. any help would be greatly appreciated , thanks!
|
| http://img517.imageshack.us/img517/5021/screenshot0013ee.png
|
| http://img517.imageshack.us/img517/170/screenshot0070rv.png
|
| http://img517.imageshack.us/img517/9681/screenshot0043hy.png
|


There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.


* * * Please report back your results * * *

 

[Nick Skrepetos \(SuperAdBlocker.com\)]

Hello,

You may wish to post this to the microsoft.public.security.virus or
alt.comp.virus newsgroups for more specific help.

Along with the other suggestions, you may wish to try Super Ad Blocker with
SUPERAntiSpyware:
http://www.superadblocker.com

Super Ad Blocker | SUPERAntiSpyware offers several unique features such as
using a system level driver to delete detected items, so pests do not come
back once detected and cleaned.

Super Ad Blocker offers a fully functional 15-day trial. You can scan and
clean your computer and then remove Super Ad Blocker if you do not wish to
keep it. We do appreciate when users support our development efforts by
purchasing the product

If that does not find and/or remove the spware/adware on your machine, you
can submit a diagnostic and I will diagnose your machine for free and post
the results back to the group and update our rules with anything found:
http://www.superadblocker.com/diagnostic.html?id=nicks

You may also wish to "see" what is running on your computer here:
http://www.fileresearchcenter.com

Nick Skrepetos
SuperAdBlocker.com - SUPERAntiSpyware
http://www.superadblocker.com
http://blogs.superadblocker.com
http://forums.superadblocker.com

** Please note that I am the author of the above programs and sites and I do
have a vested interest in Super Ad Blocker, SUPERAntiSpyware and
FileResearchCenter.com. You, the user, have no obligation to purchase the
software and are free to try the software, clean/fix your system, and then
uninstall.

 

[HeeroYuy]

So what exactly does SuperAdBlocker do that the free ones don't?

 

[David H. Lipman]

From: "HeeroYuy" <[email protected]>

| So what exactly does SuperAdBlocker do that the free ones don't?
|

It has been shown to remove some malware that the free ones fail to remove. The good thing
is that there is a 15 day, fully functional, free trial period.

 

[Nick Skrepetos \(SuperAdBlocker.com\)]

Hello,

As an ad-blocker Super Ad Blocker blocks just about any type of ad you can
imagine from the regular pop-ups, banners, flash, rich media, floating,
fly-in ads to the sponsored search ads on search engines and sites. We also
block the IntelliText ads (words that appear double underlined on sites -
when you hover over them, they show the ad). You have complete control over
the blocking and allowing of content. We support IE, FireFox, AOL and MSN
with native plugins.

As an anti-adware/anti-spyware application, we have tackled some of the most
difficult spyware that others have not been able to reliably detect and
remove such as the Lop.com and SurfSideKick variants. We have several system
level components designed to tackle the WinLogon and AppInit_Dll type
attacks as well has the newer rootkit style attacks. One of our biggest
strengths is our reaction time once we find a new variant. Our rules are
often updated several times a day, 7 days a week - this depends on what we
are finding in our diagnostics and reports of course.

Something else we offer is 24/7 e-mail support that is actually staffed and
answered by the developers of the products who are very skilled at handling
just about any type of problem.

If you have any specific questions, I am more than happy to answer!

Nick Skrepetos
SuperAdBlocker.com | SUPERAntiSpyware
http://www.superadblocker.com
http://blogs.superadblocker.com
http://forums.superadblocker.com

 

[HeeroYuy]

I'm not seeing difference, really.

Hello,

As an ad-blocker Super Ad Blocker blocks just about any type of ad you can
imagine from the regular pop-ups, banners, flash, rich media, floating,
fly-in ads to the sponsored search ads on search engines and sites. We
also
block the IntelliText ads (words that appear double underlined on sites -
when you hover over them, they show the ad). You have complete control
over
the blocking and allowing of content. We support IE, FireFox, AOL and MSN
with native plugins.

As an anti-adware/anti-spyware application, we have tackled some of the
most
difficult spyware that others have not been able to reliably detect and
remove such as the Lop.com and SurfSideKick variants. We have several
system
level components designed to tackle the WinLogon and AppInit_Dll type
attacks as well has the newer rootkit style attacks. One of our biggest
strengths is our reaction time once we find a new variant. Our rules are
often updated several times a day, 7 days a week - this depends on what we
are finding in our diagnostics and reports of course.

Something else we offer is 24/7 e-mail support that is actually staffed
and
answered by the developers of the products who are very skilled at
handling
just about any type of problem.

If you have any specific questions, I am more than happy to answer!

Nick Skrepetos
SuperAdBlocker.com | SUPERAntiSpyware
http://www.superadblocker.com
http://blogs.superadblocker.com
http://forums.superadblocker.com

 

[Nick Skrepetos \(SuperAdBlocker.com\)]

I don't believe any of the free ad-blockers handle the floating and fly-in
ads, nor sponsred search ads or IntelliText ads.

Free products, such as SpyBot, Ad-Aware and Microsoft AntiSpyware (Windows
Defender), although great products, don't remove things like SurfSideKick or
Lop.com variants. You can see this yourself if you install those variants
(on a test machine of course!) and then scan with the other products and
then scan with Super Ad Blocker/SUPERAnitSpyware.

I also don't believe you will receive as much "personal" attention from
their support departments due to the volume of inquiries they receive.

-Nick

 

[HeeroYuy]

That's not to say that they won't be updated to close their scanning holes.
As far as personal attention, I've never had issue with the free stuff.
Again, I don't see enough of a difference to warrant my trying a new
product.

 

[Nick Skrepetos \(SuperAdBlocker.com\)]

I am sure they will update them eventually. Until you are infected with
something that can't be removed by the free products, many people don't see
the benefit of the other products

-Nick

 

[HeeroYuy]

I am sure they will update them eventually. Until you are infected with
something that can't be removed by the free products, many people don't
see
the benefit of the other products

-Nick

Why does your software have a keystroke logger on it?

 

[Nick Skrepetos \(SuperAdBlocker.com\)]

There is no keystroke logger, nor mouse logging. We use a system level hook
that Zone Alarm detects and says we are logging keystrokes - that the sad
thing about some of the security software - they don't differentiate and
assume anyone who uses standard Windows hooks is doing something malicious.

We use the hook to detect when mouse clicks and keyboard shortcuts happen
outside of a browser, such as in Yahoo messenger, so we know not to block a
window that a user has clicked the link to open. No data is retained, only
the fact that the click or keystroke happened and when in time it happened
(meaning x milliseconds ago, etc.).

Nick Skrepetos
SuperAdBlocker.com | SUPERAntiSpyware
http://www.superadblocker.com

 

[HeeroYuy]

There is no keystroke logger, nor mouse logging. We use a system level
hook
that Zone Alarm detects and says we are logging keystrokes - that the sad
thing about some of the security software - they don't differentiate and
assume anyone who uses standard Windows hooks is doing something
malicious.

We use the hook to detect when mouse clicks and keyboard shortcuts happen
outside of a browser, such as in Yahoo messenger, so we know not to block
a
window that a user has clicked the link to open. No data is retained, only
the fact that the click or keystroke happened and when in time it happened
(meaning x milliseconds ago, etc.).

You should already be aware that in this day in age, that doesn't make
people feel any better. I have qualms with Apple regarding Quicktime on
this.

 

[Nick Skrepetos \(SuperAdBlocker.com\)]

ZoneAlarm should be responsible for not making blanket statements about
software, they should have to identify the software as a risk, and not just
say "X application is logging your keystrokes", which is infact completely
incorrect. ZoneAlarm itself deeply hooks itself into the system, and could
be identified as a "rootkit" or "monitoring TCP/IP traffic" even though that
is part of what is required to perform its job.

I guess we could create a system level driver that would not allow ZoneAlarm
to access us and flag us as being a "keylogger", but then people would have
problems and assume we were doing something else.

It sounds as if the free alternatives that do not use system level
techinques are a better fit for your software needs and concerns. It think
you will see that these also will be forced to use system level hooking to
accomplish their tasks.

Nick Skrepetos
SuperAdBlocker.com
http://www.superadblocker.com

 

[Nick Skrepetos \(SuperAdBlocker.com\)]

We do have a registry key you can change to disable the use of the system
hook so that Zone Alarm won't complain.

-Nick