The latest variant of the Sobig virus is going aro…

The latest variant of the Sobig virus is going around. The easiest way to see if you’re infected is to look for a WINPPR32.EXE file in your Windows directory. Running dir %windir%\WINPPR32.EXE from a command prompt (run cmd) will tell you that the file isn’t found or give you info for the file. If you have the file, you’re infected. Update your virus scanner and/or do a free online virus scan at Trend Micro or Panda.

The virus spreads by email. If you get one of these emails, remember that the return address is forged. The virus picks a random address found on the infected PC (address book, old mass emails, saved webpages, etc.) and uses that as the return address. You can find the actual sender by viewing the header information of the email (usually hidden by default). In Outlook Express, you should be able to select the message and press Ctrl+F3 to view the raw data. There should be a line that starts with Recieved from. It will say that a message was received from an IP address, to your mail server, meant for your email address. The virus has a built-in mail server, so the IP address of the sending mail server is the infected PC. If you run ping -a 111.222.333.444 (using the infected IP address you just found), it will look up the hostname for that IP address. That will tell you the user’s ISP, and possibly their region. This can help you figure out who the infected user is. If the forged address is something like list-subscribe&#64mycoolcar.com, then you can probably assume that the infected user is subscribed to the same mailing list at mycoolcar.com that you are, and that’s where they got your address. Obviously the best way to contact them is probably going to be through mycoolcar.com.

Make sure you don’t run any of the email attachments while you’re doing this. That will infect your computer and just make things worse. As a general rule, you shouldn’t open any attachment unless you’re expecting it, even if you know the person. Many of the newer viruses spread using information from the address book, so you’re very likely to get an email virus from someone you know.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Note: This post is over 5 years old. You may want to check later in this blog to see if there is new information relevant to your comment.