Help! Virus/Worm Sending Me 600+ e-mails a day!!!

Help!

What should I do? I'm now getting about 12 e-mails a minute (and this went on all yesterday, but it was about 1 e-mail per minute!) that are from the virus/worm, code-named W32/Sobig.F-mm The e-mails have subject headers that say things like:

"Re: Thank you!"
or
"Re: My details"
or
"Wicked Screensaver"

With file attachments.

How do I get this thing to stop clogging my e-mail account??? I'm afraid that my ISP may shut me down for receiving too many e-mails!!!

Thanks,
Adam.

As well as those, the ones arriving in my email box also sometimes say, "approved."

The interesting thing though is that they are all going to one email address - at least all the one's I opened anyway (I have Pegasus Mail so I can open stuff like this without infection).

Only thing I can think of is: figure out WHO is the person who is infected who has your email address on their system (I assume this is how this virus/worm works - sending itself out to email address in your address book or whatever email address it finds, and maybe using From addresses you have too).

Which raises the point... if someone has had any dealings with [email protected] or anything remotely like that, then you may be infect with a computer virus. Granted, the from address could come from anywhere. But hey. It is worth a shot.

What to do. Add @yahoogroups.com to your filters. Move all incoming emails that have Thank You in their subject line. Create a filter to delete all Wicked Weasel emails. Creat filter to move emails with Approve in subject line. Five minutes of creating a few filters gives much peace.

Michael Ross


Not filters needed

The "From" address on the email is not the real computer the email is coming from. It grabs that email address at random from places like email address books, and fakes it as the "From" email address.

Don't open the attachments!

I didn't receive any attachments with mine, as all my email is filtered through www.Spamcop.net - which automatically detects viruses and removes them from the email. It's a pretty good service....

You can read more about this virus at the link below.

- Dien Rice


Sobig worm returns

Hi,

Yesterday afternoon while filling out a form at eLance my WinXP machine suddenly rebooted itself. It hadn't ever done that before, but I've had plenty of Windows machines that had, so I wasn't terribly concerned. As soon as I got back online I noticed that something on my machine was sending a lot of bytes off into the internet. I keep my wife's computer and my other computer well protected, but the one I was using yesterday is a fairly new one and I had unwisely failed to protect it.

As soon as I noticed that something was sending a lot of stuff off into the net (it wasn't very obvious that it was happening but I noticed because I'm very in tune with how my computers behave) I got offline and then I downloaded the install file for ZoneAlarm on another computer and copied onto my sick computer. Among other messages ZoneAlarm told me that DLLHOST.EXE was wanting to send to 209.244.0.3:DNS so I researched that at google groups, and heard about something called TrojanHunter ( http://www.misec.net/trojanhunter/ ) and I downloaded the evaluation version and ran it. It reported a possible trojan that seemed related to the dllhost message that ZoneAlarm gave. I'm in the process of trying to discover if it's really a trojan.

I wish I could spank people who write virii, worms and trojans....

Best,

- Boyd

dno

> dno
..

DNO-NM = Do Not Open - No Message inside. all the contents are in the subject line.

Dennis Bevers

> DNO-NM = Do Not Open - No Message inside.
> all the contents are in the subject line.

> Dennis Bevers
..

F-Secure provides a free special tool to disinfect the Sobig.F
worm. The tool and disinfection instructions are available on
their ftp site:

ftp://ftp.f-secure.com/anti-virus/tools/f-sobig.zip
or
ftp://ftp.f-secure.com/anti-virus/tools/f-sobig.txt
+
ftp://ftp.f-secure.com/anti-virus/tools/f-sobig.exe

Hope that helps

Oliver Peters


f-sobig.zip file