[Dshield] Sobig Help

Allan Liska allan at allan.org
Wed Aug 20 20:50:45 GMT 2003


Deb,

When she fired up Outlook and tried to check her mail it went nuts trying 
to send out messages.  I had it her unplug it from the network until I 
could get down there and take a look.  It was Sobig, and the Symantec tool 
worked great -- I appreciate everyone's help.


allan

On Wed, 20 Aug 2003, Deb Hale wrote:

> What makes you think that she is infected?  Is she getting emails that say
> that her email sent to someone was rejected contained the Sobig Virus?  If
> she is, this does not necessarily mean that she is infected.  It probably
> does mean that someone that she emails who has her in their address book is
> infected.  Check her sent items - is there indication that she indeed did
> send an email to everyone in her address book. Check to see if any of the
> telltale signs are there:
> 
> http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html
> 
> If any of this things exist you need to look for infection, if not then
> chances are her machine is not infected.  It probably is an email buddy that
> got infected.  I have actually gotten calls from several people with the
> same concern and have found that they are fine, someone they email aren't.
> Hope this helps.  
> 
> Deborah F Hale
> Certified Business Continuity Professional/Computer Security Specialist
> BCP Enterprise, Inc
> Telephone: (712) 252-0361
> www.bcpenterprise.com
>  
> 
> 
> -----Original Message-----
> From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
> Of Allan Liska
> Sent: Wednesday, August 20, 2003 10:28 AM
> To: dshield
> Subject: [Dshield] Sobig Help
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: MD5
> 
> 
> I know this sounds silly, but I could really use some help from the list.
> It appears my mother-in-law was infected by one of the Sobig variants.  As
> of right now, Norton has not been able to detect it, so do you all know what
> files I should look for and delete to remove the virus (no one on the
> network I manage has been infected -- everything is blocked at the server --
> so I have not had to dissect one of these worms yet).
> 
> Any help you can provide will go a long way toward saving my marriage ;).
> 
> Thanks!
> 
> 
> allan
> - --
> Allan Liska
> allan at allan.org
> http://www.allan.org
> http://www.hosthideout.com
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6
> 
> iQCVAwUAP0OTlikg6TAvIBeFAQEMugP/WkcgFgGBJC41Npbm3D29HK1DsODHp+Vz
> 9czYbFvcgf7JLbaY09ryIgA9jcuqunaAYiHNASbeG/rCdBSs2/fRpslJc0BPYpK1
> f8z/wRLT3pYJSzbv2sbTbsma3UEn8mYytV2El1lXwsZUHqNiFgD6JOFhIdvk7iF0
> wAJo8MA77t8=
> =AKDu
> -----END PGP SIGNATURE-----
> 
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 
> 
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> 

-- 
Allan Liska
allan at allan.org
http://www.allan.org




More information about the list mailing list