The Sober Worm Virus

The Sober Worm Virus-Truth!

  :  
Most virus companies are referring to it as WORM_SOBER.AG or some variation with the word SOBER.

It began circulating in earnest toward the end of November, 2005.

There is a potential for some damage to your computer from this virus.

It affects computers running Windows 98, ME, NT, 2000, XP, and Server 2000.

According to the experts at Trend Micro, it is spreading the most today in the U.S., Canada, Brazil, New Zealand, Belgium, and Germany.

It comes to you via email and may have one of several different messages.

Some say that it has a picture of a celebrity attached. Some warn you that your computer has been identified by the FBI or the CIA as having accessed some illegal websites. A German version of the email spoofs Bundeskriminalert and threatens legal action.

The virus is activated when you click the attachment that it has tried to trick you into executing. It then displays a fake message that says “Error in packed Header” to make you think that when you clicked the file, it did not really work correctly.

It also displays another fake message that says “No Viruses, Trojans or Spyware Found! Status: OK

The virus does several things:

1. Searches for email addresses on the computer.
2. Sends an infected email to all the addresses it has found. It does not use your email software. It has its own software so you will not be aware all of this is happening.
3. Terminates several processes on the computer including the Windows Malicious Software Removal Tool.
4. Creates entries in the system registry, which makes sure that it will run every time you reboot the computer.

If you think you may have the virus, Symantec has a removal tool at:

http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.removal.tool.html

As always, make sure you have good virus protection software from as for example from McAfee, Symantec, or Trend Micro and make sure your virus definitions for the software are up to date.