Removing Sober Worm From a Windows PC

Thursday, November 24, 2005

The latest version of this malware comes programmed to turn off some anti-virus and anti-spyware programs, such as Microsoft's Anti-Spyware, so you may find that you can't remove it with your PC's usual security software.

You should, however, be able to download one of the free Sober-removal tools offered by security-software firms. Try any of the following sites:

http://securityresponse.symantec.com (click on the "Information on W32.Sober.X@mm" link)

http://us.mcafee.com (click "Virus Advisory: W32/Sober@MM!M681 is a Medium Risk virus")

http://www.trendmicro.com/download/dcs.asp (click "Sysclean package")

If you find that you can't reach any of these sites, the virus may have edited the "hosts" file, a small text document containing shortcuts to Internet addresses. Use the Start Menu's Search command to look for files with that name; delete any you find inside the C: drive's Windows directory. Then try going online again.

If that does not work, borrow a friend's computer, download any one of those virus-removal packages, and copy it to a CD-R or USB memory key, which you can then use to copy the removal tool to your own computer.

Then start up your usual anti-virus program, download all available updates for it and run a complete scan of your system, just in case.

Once your computer is clean again, swear on the souls of your ancestors that you will never, ever, ever, click on an attachment in a random e-mail message again.

-- Rob Pegoraro


© 2005 The Washington Post Company