[Dshield] Sobig Help

Deb Hale haled at pionet.net
Wed Aug 20 17:28:28 GMT 2003


What makes you think that she is infected?  Is she getting emails that say
that her email sent to someone was rejected contained the Sobig Virus?  If
she is, this does not necessarily mean that she is infected.  It probably
does mean that someone that she emails who has her in their address book is
infected.  Check her sent items - is there indication that she indeed did
send an email to everyone in her address book. Check to see if any of the
telltale signs are there:

http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html

If any of this things exist you need to look for infection, if not then
chances are her machine is not infected.  It probably is an email buddy that
got infected.  I have actually gotten calls from several people with the
same concern and have found that they are fine, someone they email aren't.
Hope this helps.  

Deborah F Hale
Certified Business Continuity Professional/Computer Security Specialist
BCP Enterprise, Inc
Telephone: (712) 252-0361
www.bcpenterprise.com
 


-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Allan Liska
Sent: Wednesday, August 20, 2003 10:28 AM
To: dshield
Subject: [Dshield] Sobig Help


-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5


I know this sounds silly, but I could really use some help from the list.
It appears my mother-in-law was infected by one of the Sobig variants.  As
of right now, Norton has not been able to detect it, so do you all know what
files I should look for and delete to remove the virus (no one on the
network I manage has been infected -- everything is blocked at the server --
so I have not had to dissect one of these worms yet).

Any help you can provide will go a long way toward saving my marriage ;).

Thanks!


allan
- --
Allan Liska
allan at allan.org
http://www.allan.org
http://www.hosthideout.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUAP0OTlikg6TAvIBeFAQEMugP/WkcgFgGBJC41Npbm3D29HK1DsODHp+Vz
9czYbFvcgf7JLbaY09ryIgA9jcuqunaAYiHNASbeG/rCdBSs2/fRpslJc0BPYpK1
f8z/wRLT3pYJSzbv2sbTbsma3UEn8mYytV2El1lXwsZUHqNiFgD6JOFhIdvk7iF0
wAJo8MA77t8=
=AKDu
-----END PGP SIGNATURE-----


_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list






More information about the list mailing list