Found Virus Win32:Sober-H-problems!Please help.

I have the homeversion.
I just scanned my computer and he was found the virus Win32:Sober-H[Wrm].
Howcome there is a virus on my computer? The anti-virus software is always scanning e-mail/webscanning etc. I must say I never had a virus before on my computer bedore with other anti-software , just with one in my e-mail because at that time he was not scanning hotmail-e-mails.
But ok, now, the results of scanning are 56 lines. I select them and want to move them to the - kluis- (sorry I don’t know the englisch name for it) but I get a message that there are problems to move them( error 0x80040119) , also if I select them and I try to delete them I get the message -fault while delete them.
I still have the screen open of result scanning and I don’t know what to do now. Can somebody help me. Thank you!

How you got it? The usual method for this worm is via email.

http://www.avast.com/eng/win32soberh.html

The program/virus is in use and as such is being protected by windows. This is why you can’t move or delete it, we need more information:

  • What OS are you using? is it up to date?
  • What avast! version and VPS file (virus database) number, e.g. 0436-4 (see about avast!)
  • What was the virus name, what was the filename, where was it found
    example (C:\windows\system32\infected-filename.xxx)?

If you have windows XP or win2k you can schedule a boot-time scan from within avast.

http://img.photobucket.com/albums/v325/for-dwr/boottime.jpg

You might find this link of use in translation for the future - http://babelfish.altavista.com/

Thanks.
I have XP professional.Yes ,it is up to date.
Avast version: 4.6
Virus Win32:Sober-H[Wrm]

Found in Outlook.pst- and copy.

What to do now?

One I am not an MS Outlook user (only OE), so I’m not speaking from personal experience here.

If you try to delete it you may lose the whole .pst file as I don’t know how avast deals with removing one infected email from within an email folder/database. It can supposedly do this in one of OE’s .dbx folders/databases.

If you know what the Outpost.pst is, I would guess that it is the Outpost inbox? There really isn’t a shortcut, but to open email in turn until avast alarms, delete that email and empty your deleted emails folder.

I would also not advise using the inbox for general email storage as this is the most likely to be corrupted/deleted/infected, etc. once you have read an email, move it into a more appropriate folder, personal, newsletters, etc. I created a 1-pending email folder for those that I wanted to hold pending action so nothing stays in the inbox very long. Sorry if I’m teaching you to suck eggs with the above and asking if you back-up your Outpost.pst folders? If so you could restore the damaged/infected .pst file providing your back-up is clean.

I closed the windowscreen by accident.
There were to many lines with the virus in e-mails.
I always make backups,also from outlook, but now I first have to scan also the backup first.
Do I have to scan again?And then what?

Outlook.pst is your entire outlook file. It contans all emails, contacts, notes, etc. Deleting it would destroy all your emails.

Make sure avast! Outlook/Exchange is on when you open Outlook, and then hunt through all your emails for the attachment that contains the Sober worm.

From this I take it that this was the first you have scanned your email folders since installing avast or you don’t scan incoming email in Outlook?

I always make backups,also from outlook, but now I first have to scan also the backup first. Do I have to scan again?And then what?
I would suggest that you scan the backup copies of your .pst files, no point in restoring a back-up that has the same problem. If it is clean and reasonably recent (so you don't lose much data) you could delete your infected Outpost.pst file and restore the back-up.

Otherwise it is a time consumming task of opening emails to detect them and individually delete them (and clear the deleted items folder). No easy task if the 56 files in the list are infact infected emails, rather than files that couldn’t be scanned for some reason (this happens for encrypted or password protected files, avast can’t scan them).

Check avast’s log viewer (right click the avasticon and select avast! Log Viewer’), this should give some more information on viruses detected and where they were detected. IF you are using the Pro version of avast you shhould be able to view the results of the last scan.

I have scanned my computer totally before.
I can see in the logviewer the Sober worm but I can’t read the complete file on the right. My screen is not big enough :wink:
I still don’t understand why I have this problems,I always be carefull with attachments. And why is Avast not warning me to delete the e-mails with an infected attachment or delete it self?
It is not simple to find the virus in all the e-mails and delete them. Isn’t there an easier way?

Increase the size of the Column go to the right of the column with the cursor until you see the icon change shape (see image) and double click or drag the column to the right, increasing its size.

Understanding why/how is of little relevance until we resolve the problem. But if it came in by email, either you weren’t scanning your email or it was there when you installed avast! and until you start the Outlook/Exchange provider/plug-in you aren’t protected.

Once we have dealt with this you can check using test emails to ensure that they are in fact being scanned.

ok, If I start protectingconsole I see that at Outlook/Exchange there is written: This sercice is waiting for a subsystem. I don’t know what that mean and I haven’t change anything.

The subsystem the service it is waiting for is MS Outlook to be opened.

Open MS Outlook and look in the plug-ins and see if avast! has been recognised and enabled. Sorry if that is not the correct wording as I said I don’t use Outlook.

Strange is that I have used a virusscanner from aonther software and he doesn’t find any virus on my computer. Maybe Avast does have put the emails with virus in the chest?
The first time by scannng by Avast he was asking if I want to delete them or move them to the chest. I clicked-move to chest.
Then the screen of scanning results was coming, with error-reports.

I also did the scan with Housecall from Trend Micro but no virusses found. Strange. Panda found 21.the Sober H and i worm.
I have seen that the e-mails with virusses have the anouncement from Avast SUSPICIOUS. The Sober i worm I don’t know. I didn’t open an attachment in Outlook that suspicious is. I think I just can delete them??
It’s all very strange.