Know Your Malware: Sober.s Removal

Sober.s is a rapidly spreading Internet worm that propagates by e-mail through messages with attached archives containing copies of the parasite. Once the user unpacks such an archive and executes an infected file, the worm displays a fake error message, installs itself to the system and runs a spreading routine. Sober.s searches local files for e-mail addresses, collects them and sends a malicious message to each of them using own mail engine. The letter's subject and body usually are the following:

"Thanks for your registration." or "Hi, Ich bin's"

"Thanks for your registration! We have received your payment. For more information, read the attached text."
"Hier ist die Liste die du haben wolltest. Du solltest dich aber auch eintragen!"

Sober.s automatically runs on every Windows startup.

Related files: services.exe,

Sober.s properties:
Hides from the user
Stays resident in background Remove Sober.s, removal instructions

Linked by shanmuga Tuesday, 15th November 2005 8:39PM