Topic: I think someone here has the Sobig virus

[Bill Talcott]

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100561

I received a bunch of emails with forged addresses this morning.  One of the forged addresses was phorum_wish_list-subscribe_AT_lists.e-smith.org so it most likely came from someone subscribed to the Wish List. The IP address that sent them was 24.162.128.188,  which resolves to cs162128-188.hot.rr.com.

Update your virus scanner, or http://www.pandasoftware.com/activescan/ and http://housecall.trendmicro.com/housecall/start_corp.asp are free online scanners if you need them..

[Bill Talcott]

I made a file to remove the Sobig.f virus...

http://mirror.contribs.org/smeserver/contribs/btalcott/contrib/unsobigf.inf

Save it, right-click, and choose Install. The "default install" command is to delete the two files from the Windows directory and remove the Current User and Local Machine startup entries in the registry. If the virus is running, it won't be able to delete the files. Run taskmgr and end the "winppr32.exe" process beforehand, or reboot and use the .inf again (the first time should remove the autorun stuff so the virus won't run after rebooting).