Secunia issued a HIGH RISK alert for Sorber.X (avast! named “Win32:Sober-AB2” ?), and IPA* says that this warm had the following engines stopped:
aswclnr, avwin., brfix, fxsbr, gcas, gcip
giantanti, guardgui., hijack, inetupd.
microsoftanti, nod32., nod32kui, s_t_i_n
sober, stinger
I think “aswclnr” may be avast! Virus Cleaner.
So I have questions.
Could avast! 4 engine for desktop protection on a infected computer be stopped by this warm ?
Did anyone verify this? I am getting slaughtered by incoming emails that avast labels “Win32:Sober-AB2” and am worried that I am infected. No, I didn’t open these emails but I am seeing suspect services running and when I do a search on the servies it says that they are either an exploit or a needed service. Gets confusing.
Using Outlook 2003 with WinXP Pro SP2 if that helps.
If avast is catching it in incoming email and you are opting to delete or send the email to the chest (you are doing this rather than allow the email to be delivered?) then you aren’t infected by the detected virus.
You may well be infected by spyware undetected by avast.
What are these unknown/suspicious services?
If you haven’t already got this software (freeware), download, install, update and run it.
You could also use an on-line scanner to confirm, established connection to the on-line scanner of your choice and just before you do the scan, pause Standard Shield, enable after completion.
This is unrelated, but DavidR, is there anyway to fully delete all of the files that online scanners place on your computer after the scan is finished (ie. the activex files)?
Some may be nice and have a means of uninstalling or removing the files after a scan. Otherwise you would need to know where they were placed on your HDD to be able to remove them manually. Hijackthis often shows info about the on-line scanner’s tracks on your system (activeX control path, etc.), this should give a clue as to the location on your HDD.