Most virus companies are referring to it as WORM_SOBER.AG or some
variation with the word SOBER.
It began circulating in earnest toward the end of November, 2005.
There is a potential for some damage
to your computer from this virus.
It affects computers running Windows
98, ME, NT, 2000, XP, and Server 2000.
According to the experts at Trend
Micro, it is spreading the most today in the U.S., Canada, Brazil, New
Zealand, Belgium, and Germany.
It comes to you via email and may have
one of several different messages.
Some say that it has a picture of a
celebrity attached. Some warn you that your computer has been identified
by the FBI or the CIA as having accessed some illegal websites. A
German version of the email spoofs Bundeskriminalert and threatens legal
The virus is activated when you click
the attachment that it has tried to trick you into executing. It then
displays a fake message that says "Error in packed Header" to
make you think that when you clicked the file, it did not really work
It also displays another fake message
that says "No Viruses, Trojans or Spyware Found! Status: OK
The virus does several things:
1. Searches for email addresses on the
2. Sends an infected email to all the addresses it has found. It does
not use your email software. It has its own software so you will not be
aware all of this is happening.
3. Terminates several processes on the computer including the Windows
Malicious Software Removal Tool.
4. Creates entries in the system registry, which makes sure that it will
run every time you reboot the computer.
If you think you may have the virus,
Symantec has a removal tool at:
As always, make sure you have good
virus protection software from as for example from McAfee, Symantec, or
Trend Micro and make sure your virus definitions for the software are up