Sober.O Worm Sobig.A Worm

Discussion in 'NOD32 version 2 Forum' started by SteelyDon, May 4, 2005.

Thread Status:
Not open for further replies.
  1. SteelyDon

    SteelyDon Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    81
    Location:
    Southern Ontario
    Sober O is spreading quickly. My gal has both these on her machine, and have to go have a look. We both run NOD. NOD has a removal tool, but we could not get it together over the phone. I see in the worms forum below that it is mentioned. If anyone here has had luck with the NOD removal tool, please advise. Thanks.
     
  2. tazdevl

    tazdevl Registered Member

    Joined:
    May 17, 2004
    Posts:
    837
    Location:
    AZ, USA
    Make sure you are using Blackspear's extra settings. They are explained in a sticky thread at the top of the forum.

    Have you tried booting into safe mode and running NOD32 (after you change the settings)? Try running the cleaner in it as well.
     
  3. SteelyDon

    SteelyDon Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    81
    Location:
    Southern Ontario
    I won't see the machine until 4 hrs from now. She downloaded the NOD cleaner, but with uncertain results.

    Note: Symantec says to turn off SYSTEM RESTORE before running cleaners, for obvious reasons.
    Yes?
     
  4. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    Just curious...Do you know at this point if the worms are actually running on her PC or just the .zip and/or .pif files in messages in her email inbox? If they are still in the inbox, all you need to do is delete them.

    If they are running, beyond the cleanup, you should re-check all of the NOD32 settings, especially the email and update ones. These are worms that have existing definitions for them...
     
  5. Happy Bytes

    Happy Bytes Guest

    First at all: Sober & Sobig are not the same type of worm. So you need actually 2 NOD cleaner tools. One for the sober, and the other one for the Sobig.A worm.

    If you have any questions feel free to ask here :D

    If the worm is only in the inbox and got not activated just delete them there and run the cleaner tools just to be on a safe side after this.
     
  6. SteelyDon

    SteelyDon Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    81
    Location:
    Southern Ontario
    Thanks.. Yes, she deleted them manually. NOD did the red screen thing and asked if she wanted them deleted, she said yes, but the emails did not leave so she did it manually. Maybe NOD deletes the attachments containing the worm, and leaves the mail.
     
  7. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    COOL!!! :D
     
  8. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    Cool avatar :D
     
  9. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    In my experience thats the normal thing for NOD to do.
     
Thread Status:
Not open for further replies.