[Dshield] Sobig Help

John D. lists at webcrunchers.com
Thu Aug 21 01:16:14 GMT 2003


>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: MD5
>
>
>I know this sounds silly, but I could really use some help from the
>list.  It appears my mother-in-law was infected by one of the Sobig
>variants.  As of right now, Norton has not been able to detect it, so
>do you all know what files I should look for and delete to remove the
>virus (no one on the network I manage has been infected -- everything
>is blocked at the server -- so I have not had to dissect one of these
>worms yet).
>
>Any help you can provide will go a long way toward saving my marriage
>;).

http://www.lurhq.com/sobig.html

Go here - and it should give you instructions for removal...  but if you
really want to catch the person who infected your mother-in-law,  you could install an IDS on your network,  and using the Snort rule in the URL above,  you can catch the perpetrator the next time they try to log into her computer.

John





More information about the list mailing list