At the end of every day, I delete all my Eudora attachments which aren't ones I want to keep. Most are garbage and/or viruses.

The other day, I was being hasty and hit the wrong button and one started opening up. I hit esc, stop, help, don't do this - every button I could but apparently it didn't work. :(

Now there's a file that won't let me delete it called nav.pif. It's telling me it's being used. In looking around Google, I see that it's the Sober worm. I ran a virus check on my computer and it doesn't find the Sober worm. I tried running one I found on the net for this worm in particular and it locked up. I don't THINK I opened the file completely.

My computer is running very slow now. :(

Any suggestions on what I can do? I feel like such a dope - I've never had a virus on my computer and now this. :angry:

http://fr.trendmicro-europe.com/enterprise...me=WORM_SOBER.A (http://fr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SOBER.A)

removal instructions Peaches! :(

Originally posted by fatbaby@Nov 4 2003, 01:05 PM
http://fr.trendmicro-europe.com/enterprise...me=WORM_SOBER.A (http://fr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_SOBER.A)

removal instructions Peaches! :(
Thanks, FB - that's the one that locked up. :( But I'll try it again.

:headwall:

Oh, and for those that might ask, yet, I've already done ctr/alt/del to see if I can find anything out of the ordinary that's running and no dice.

This is the info I found:

Wednesday October 29, 01:04 PM

Few PCs get hammered by Sober worm

By Dick O'Brien

A new worm, known as Sober, has been doing the rounds and despite the threat it presents to Windows users, security firms are not overly concerned.

While the worm has only garnered public attention in the past day or two, it was reported by anti-virus vendor Symantec (NASDAQ: SYMC - news) on 24 October. According to Symantec, Sober is a mass-mailing worm that uses its own SMTP engine to spread itself. The subject of the e-mail varies, and it will be in either English or German.

The subject line of the mail varies and may either purport to be a warning of a virus or genuine correspondence, such as "Re (Milan: AISW.MI - news) : Contact." The infected attachment may have any one of a number of file names and can come with a .bat, .com, .exe, .pif, or .scr file extension.

If opened the worm may display a fake error message of "file not complete." It will then copy itself into the system folder on the infected machine. It will also alter the computer's registry, enabling to run every time the machine is started. Following that it will collect all e-mail addresses it can find on the machine and mail itself using its own SMTP engine. Aside from varying subject lines and file names, the body of infected e-mails can vary and may be written in either German or English.

Symantec is attaching a low threat level to the worm. F-Secure labelled it as a medium level threat. McAfee also attached a low risk level to the worm.

"We're monitoring this virus at the moment, but at this stage we aren't attaching a very high level of risk to it," said Dermot Williams, managing director at Irish security company Systemhouse Technologies. The fact that many messages may be in German may hinder its spread. "We would hope that people in English speaking areas would have a higher threshold of suspicion on encountering this virus," Williams explained.

Anti-virus vendors are advising that users keep their anti-virus software updated. Full instructions for manual removal have also been posted on the Web sites of most anti-virus firms.

Removal about 2/3 down the page from Norton

http://securityresponse.symantec.com/avcen...imail.c@mm.html (http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.c@mm.html)

bring up a dos prompt, type in fdisk

:-)

Originally posted by voodooman@Nov 4 2003, 12:26 PM
bring up a dos prompt, type in fdisk

:-)
You use to work for my ISP's support department vdm ???



:yowsa:

Argh - ran Fay's link and after an hour, it locked up. :( I think I'm going to remove most of my webpages and put them on CD's (there's SO much "little crap" on my hard drive) and try again.

Voodoo - you're a PITA :nyanya:

Hi Peaches... in case you didn't get this sorted out yet...
I had to clean up FB's computer of a few of those pif and scr files too.

If nothing else works, use a command prompt and go to the directory in question and then just do two commands like this:

del *.scr
del *.pif

Then maybe run a wipe program if you have one, or if not just do a defrag.

This being helpful stuff is never going to get me asshole of the month status!

If you WANT, I've got Norton AV Pro 2004 downloaded. I can burn it to a CD and you can install on your computer, but I know how you are against that.

Originally posted by clemsontiger@Nov 4 2003, 08:36 PM
If you WANT, I've got Norton AV Pro 2004 downloaded. I can burn it to a CD and you can install on your computer, but I know how you are against that.
In case she catches a virus you mean :yowsa:

Originally posted by Trev+Nov 4 2003, 02:45 PM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Trev @ Nov 4 2003, 02:45 PM)</td></tr><tr><td id='QUOTE'><!--QuoteBegin--clemsontiger@Nov 4 2003, 08:36 PM
If you WANT, I've got Norton AV Pro 2004 downloaded. I can burn it to a CD and you can install on your computer, but I know how you are against that.
In case she catches a virus you mean :yowsa:[/b][/quote]
We'll see :agrin:

Norton doesn't really do a lot in these cases.

Sure they alert you of the presence of the infected files, but they can't quarantine or delete them. (not all of them). Norton won't allow you to execute these files either. The only way to get rid of them is command prompt deletion.

Unless there's another way I don't know about.

i had that and 4 other trojan horses on my pc this morning. luckily norton deleted them (my pc was running slow as well). you may want to try mcaffee's site cause they do have stuff on there that will detect viruses (that norton or any other program may not).

This Norton quarantines and/or deletes files. I haven't had a problem with it now that I got Live Update to work. I had one virus on the computer and when I scanned the computer, it deleted the file when it was done scanning. Another good property of this Norton I like is it scans every incoming/outgoing e-mail and file.

oohh Peaches,


I have no clue how to help .. get another pc?

I hope the guys here know how to help you !

there is no program what removes the virus ?

Originally posted by LittleC@Nov 4 2003, 03:02 PM
oohh Peaches,


I have no clue how to help .. get another pc?

I hope the guys here know how to help you !

there is no program what removes the virus ?
My kind of gal - get a new PC! :P

Chris - are you talking about going to dos and doing that?

If THAT doesn't work, I'm going to clear out my webpages as I think that's what is locking the virus detectors up - too many little files - and then redo the virus things. Possibly even get the basement dweller to help :awinky:

It's slow as crap now. :headwall:

Originally posted by Peaches@Nov 4 2003, 03:09 PM
Possibly even get the basement dweller to help :awinky:

I offered to install Norton. That's all the help you're getting.

:nyanya:

Originally posted by clemsontiger+Nov 4 2003, 03:20 PM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (clemsontiger @ Nov 4 2003, 03:20 PM)</td></tr><tr><td id='QUOTE'><!--QuoteBegin--Peaches@Nov 4 2003, 03:09 PM
Possibly even get the basement dweller to help :awinky:

I offered to install Norton. That's all the help you're getting.

:nyanya:[/b][/quote]
That was the help I was referring to, dorkbutt. B)

Originally posted by Peaches+Nov 4 2003, 03:23 PM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Peaches @ Nov 4 2003, 03:23 PM)</td></tr><tr><td id='QUOTE'>Originally posted by -clemsontiger@Nov 4 2003, 03:20 PM
<!--QuoteBegin--Peaches@Nov 4 2003, 03:09 PM
Possibly even get the basement dweller to help :awinky:

I offered to install Norton. That's all the help you're getting.

:nyanya:
That was the help I was referring to, dorkbutt. B)[/b][/quote]
DOH!!!

If you remove the autostart entries in the registry and reboot, you should be able to delete the files. The files won't be running, so they won't be locked.

According to that webpage up there, anyways.

Start -> Run -> type msconfig -> hit Enter -> Click Startup tab ->
remove checks next to anything you don't want or don't recognize (you can slide the field separators over to see the full path of something to give you more of an idea of what it is)
Hit Okay
Exit with restart

When computer boots back up, go remove the file now that it's not loaded.

Originally posted by sarettah+Nov 4 2003, 11:33 AM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (sarettah @ Nov 4 2003, 11:33 AM)</td></tr><tr><td id='QUOTE'><!--QuoteBegin--voodooman@Nov 4 2003, 12:26 PM
bring up a dos prompt, type in fdisk

:-)
You use to work for my ISP's support department vdm ???



:yowsa:[/b][/quote]
Me?

:awinky:

Originally posted by Carrie@Nov 4 2003, 02:10 PM
Start -> Run -> type msconfig -> hit Enter -> Click Startup tab ->
remove checks next to anything you don't want or don't recognize (you can slide the field separators over to see the full path of something to give you more of an idea of what it is)
Hit Okay
Exit with restart

When computer boots back up, go remove the file now that it's not loaded.
NOOOOOOOOOOOOOOOOo

Don't do that Peaches, its a trick.

:yowsa:

After hours of running an illegally obtained copy of Norton, it told us where the file was and it couldn't delete it. Well duh freaking duh. <_<

So....the kid went to the dos prompt and removed it. Simple. Thanks, Chris! :) I think the problem was that I never fully installed the virus.

But I shall be paying attention from now on and not be such a fat finger and actually DELETE my attachments intead of opening them. :awinky:

Thanks everyone!! :inlove:

Peaches, why not set Eudora to not download
any attachments over say, 15K ??

Then you can just click on the trashcan icon in the
message and delete them from the server... they
never get to your machine...


:okthumb:



Last edited by nlphoto at Nov 4 2003, 02:59 PM

Originally posted by nlphoto@Nov 4 2003, 06:58 PM
Peaches, why not set Eudora to not download
any attachments over say, 15K ??

Then you can just click on the trashcan icon in the
message and delete them from the server... they
never get to your machine...


:okthumb:
I get pictures all the time from friends and family that I want to keep. :awinky:

It really hasn't been a problem for years. As I said, I've NEVER been infected with a virus (computer....) and I probably get 30-50 a day. Every night I move the pictures I want into a different file, and delete everything else. I was just in a hurry and hit too many buttons at once. :unsure:

Needless to say, I'm going to be a LOT more careful. :D

Glad you got it all sorted out Peaches - AND that the "basement dweller" was able to help... sometimes kids do come in handy. I know mine surprise me every now and again. lol

:yowsa:

i've got the same problem with my computer..
i did everything - defrag, scan and restore but it's still slow...
it wasn't this slow before...it started when i started receiving files with attachments coming from our applicants....damn...it really pisses me off!! B)