HolidayBuyer's Guide

Desktops forum

General discussion

Please HELP ME!!!! A virus has been put on my system.

by mamajenn / November 21, 2005 9:45 PM PST

I just went to my email and had a message on Nov. 21, 2005 from (mail@fbi.gov Your IP was logged.) I debated about opening this message and started not to until I scrolled down and on November 22, 2005, I had a message from (Admin@cia.gov You visit illegal websites.) Well, the only sites I go to are quicken, cnet, dell forum, research for shopping, citi, etc. You get the idea, I don't go to illegal websites. Anyway, curisoity got the best of me so I opened the email from fbi. This was the message.
9We have logged your IP address on more than 30 illegal websites. Important: Please answer our questions. List of questions are attached. Yours faithfully, Steven Allison FBI 935 Pennsylvania Avenue NW Room 3220 Washington, DC 20535 Phone (202) 324 3000) I tried to call the number but did not get an answer.
My AVG message:
(Virus found
File list 469.zip Virus identified I-Worm/Sober.CF
Attachment moved to virus vault)

I think I have been conned. I don't think the message was from the FBI but a person trying to put a virus on my system. What do I do? Do I contact the FBI? Do I leave the virus in the vault or do a reformat my system to make sure that it is gone. How can I prevent someone from doing this? I have never had this to happen so I am lost. Please tell me what I need to do about this mess. I know that all of the computer geniuses can help a grandmother. Please help me. MamaJen

Discussion is locked
You are posting a reply to: Please HELP ME!!!! A virus has been put on my system.
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Please HELP ME!!!! A virus has been put on my system.
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
I bet the machine is fine.
by R. Proffitt Forum moderator / November 21, 2005 10:11 PM PST

AVG caught the worm and put it in the vault. I'd empty the AVG vault if this was my machine and count my blessing that AVG worked as it should.

-> Spam, and worms, viruses that go with spam are not something you did anything wrong. You will get these from time to time and need to never open email from anyone but those you know or expect an email from.

There is no mess to clean up as AVG caught it before there was a mess.

Bob

Collapse -
Sober.cf
by DanielFoord / November 29, 2005 3:50 PM PST

Can anybody give me some advice.

My lovely wife opened the "BKA" (the German version of the "FBI") email read it, clicked on the attachment. To cut a long story short.

I found the virus the next day with an AVG scan. It put it in the vaultand I deleted it (it was only found in the Firefox cache).
What is strange though is that assuming the attachment was really opened and it did the dirty, why can't I find ANY of the symptoms of the Sober.cf worm on the computer?

www.antiviruslab.com/description.php?virus=288453&lang=gb

The /winsecurity/ directory doesn't exist on my computer.

None of the registery settings are there to make it start itself up etc.

Registry:
[HKCU\Software\MicrosoftWindows\CurrentVersion\Run]
_Windows = "%Windows%\WinSecurity\services.exe"
[HKLM\Software\MicrosoftWindows\CurrentVersion\Run]
Windows = "%Windows%\WinSecurity\services.exe"


Are we somehow virus free? (How come?)
I thought if you clicked download it was an self extracting file that did stuff?
Has Firefox's download manager somehow protected us?

Any ideas

Cheers

Dan

Collapse -
The AVG
by Eddiefromalienwarecomps / November 30, 2005 5:07 AM PST
In reply to: Sober.cf

did it's job od catching the virus and deleting it from the vault. You should be fine.

Collapse -
As stated and...
by PKsteven / November 22, 2005 2:55 AM PST

Just remember, if it was that serious, the FBI would not Email you, nor a Lawyer stating you have money from a dead relative, which is another scam\virus\hoax. These sound serious to get worried unsuspecting people to open them. NOTHING that serious would be emailed to you. Also, if ever you get an email stating a Windows or Explorer update, remember, Windows never updates through email, only through update site.

Paul

Collapse -
And also
by Eddiefromalienwarecomps / November 22, 2005 4:42 AM PST

This was probably stated before, never check e-mail from unknown sources. That was pretty dumb of you to open it (no offense), I don't think the FBI will do e-mail. If it was from the FBI, they would have called you or something. Anyways run a virus check and empty out the vault. Your system should be fine. You can get a firewall because that helps protect your computer. Also a Norton Anti Virus can help, but that is paid virus protection. Empty out vault and you will be fine.

Collapse -
dumb of you
by PKsteven / November 22, 2005 6:36 AM PST
In reply to: And also

You seem to have a habit of thinking everyone is dumb but you. I have read other replies by you and they don't say much. Perhaps you were born with a divine knowledge of everything? Did you think this person may have a busy life, kids, work hard, not a lot of time to know something that may be SIMPLE to you? All I see you do is repeat what everyone else puts with the exception of a rude comment usually. This was not DUMB of this person, they were simply uninformed about these types of emails. The only dumb ones are those who think they know everything and everyone else is beneath them. They have then stopped learning.
Paul

Collapse -
From MamaJenn
by mamajenn / November 22, 2005 10:24 AM PST
In reply to: dumb of you

Thank you for all your advice and helpful comments. I have not taken offense to statements that any of you have made as I have learned a valuable lesson. Please lets not be throwing stones at each other as I am the one that messed up. Again thank you for all your timely advice. Have a joyous and festive holiday. Jen

Collapse -
You also
by PKsteven / November 22, 2005 10:54 AM PST
In reply to: From MamaJenn

You have a wonderful holiday also. No more stones, promise! :)Take care, Paul

Collapse -
Same here
by icfy911 / November 24, 2005 8:35 PM PST
In reply to: From MamaJenn

Exactly the same happened to me...And i feel so silly now!!
But u know what? the email wasnt even for me, i mean it came to my inbox, but it was for someone i never heard of! Then,like u, i didnt know what to do...But curiosity killed the cat... I scan the attachment with my AVG, and it found nothing!! I tried to open it! cause i wanted to know which were the "illegal" places i had visited...And i couldnt open it for some reason im still trying to figure out...
I talked to a friend after that, and he told me "DONT open the attachment", but i already had. Any ways, i scan the comp with AVG, and the viruss was there!!!, 4 files infected!!and when something like that happens, i never know if i shoul mouve to vault, or heal or delete!
ok, u are not alone in this...lol

Collapse -
In your situation
by Eddiefromalienwarecomps / November 25, 2005 4:45 AM PST
In reply to: Same here

Wouldn't you just scan the computer, move virus to vault and delete it from there. I have had viruses/horses come into my computer and I do that.

Collapse -
Make life simple please
by Eddiefromalienwarecomps / November 22, 2005 10:59 AM PST
In reply to: dumb of you

Look you are making really a big deal out of this. What other replies do I make people feel dumb and make myself feel superior, NONE. Of course you are the one saying all this because you think you can help everyone else with all your relies. I have problems also and I come here to ask questions, but you know what you need to get a life and stop making bogus judgements of people just because you think you are better than everyone else. I am simply here to learn like everyone else, but you think you don't have to learn, no you think you know everything there is and this allows you to say whatever you want and judge others. REALLY GET A LIFE.

Collapse -
I make comments based on knowledge
by Eddiefromalienwarecomps / November 22, 2005 11:03 AM PST

Everyone repeats stuff here not me, I usually agree and disagree and add information and the funny thing is, GIVE ME ONE EXAMPLE OF A RUDE THING I SAID. THANK YOU, YOU CAN'T MR.JUDGE, SO SHUT UP IF YOU CAN'T BACK UP A STATEMENT.

Collapse -
And now what...?
by icfy911 / November 24, 2005 8:50 PM PST
In reply to: And also

Hi! I had the same problem as mammajen, but im worried, about the personal information in my computer, or should i not worry? what about the credit cards info? should i report them as stolen? please tell me!!!

Collapse -
I-Worm/Sober.CF
by JJJ22 / November 22, 2005 12:55 PM PST

So my question to this is:

How long would someone have to keep emptying the Virus Vault, will this eventually go away!!

Collapse -
Vault
by PKsteven / November 22, 2005 2:13 PM PST
In reply to: I-Worm/Sober.CF

If it moved the attachment to the vault, you will be likely to delete the attachment and no longer have it on your system. You should delete the email also. I am not an AVG guru so I don't know every function unfortunately but it sounds as if you are ok now. Empty the vault and do a scan, see if anything else comes up.
Happy holidays, Paul

Collapse -
Yeah... and what does a virus vault do anyway?
by tennuck / November 23, 2005 3:33 AM PST
In reply to: I-Worm/Sober.CF

Please Eddie - no replies from you, your too sensitive and I don't want this thread to go airy.

Is a Virus truly confined in the virus vault. Could a virus crack the vault itself.

Collapse -
To senstive!?!?!?!?!?!
by Eddiefromalienwarecomps / November 23, 2005 4:37 AM PST

Hey man I only said what I had to say to defend myself. I am not going to let someone who I have never met judge me and think he/ or she is right all the time. If it happened to you, you would defend yourself, unless you're afraid and is what society calls a "scaredy cat" then I understand.

Collapse -
People need to be educated
by tennuck / November 23, 2005 3:14 AM PST

Sorry Jen, but I laughed and mocked a little until I realized how scary this whole deal must be for you. It would seem common sense that a legitimate, or respectful institution would not solicit ANY information in an unrequested email, but I guess it isn't. Maybe I'm the ignorant one here. CNET is in a good position to publish the "idiot's guide to protecting yourself against spoofers, spammers, hackers, splashers, squashers and whatever comes up next", by using some good ol' fashion common-sense. Nothing against you Jen - I've done it too.

Collapse -
From Mamajenn
by mamajenn / November 23, 2005 4:34 AM PST

I have read all the remaining emails and have been surprised at comments. First lets not throw any more stones as we all make mistakes and learn from them. I was not offended by being called dumb because it was a dumb move on my part to open the email. I should have known better and should have listened to the little voice sitting on my right side but I chose to listen to the little voice on my left and got caught. However, I learned from the mistake and also learned about the virus vault which I was not familiar with. Please lets all sit back, reflect on all that is good and be thankful that we all woke up this morning to a bright new day. Bless each of you for taking the time to respond to my question and hopefully, you learned something also. Thanks again, Jen

Collapse -
I'm sorry
by Eddiefromalienwarecomps / November 23, 2005 4:46 AM PST
In reply to: From Mamajenn

I'm sorry for calling you dumb,( I didn't mean anything by it, I did say no offense)but society also isn't smart enough to realize hacker pranks from something legitimate. People that open phony e-mails are giving what the virus maker wants, access to your computer and your personal information. People are giving these hackers jobs, money and things to do with their lives. If people start realizing the phony emails, and get protection then maybe one day the computer world can be a safe place for doing w/e the hell you want.

Collapse -
Help
by thumperrr24 / November 24, 2005 8:53 AM PST

My sister inlaw just got the same thing over the past 3 days. She instantly called her ISP to ask questions. THIS IS INDEED A SCAM. Her ISP had insisted she report it, to do so you can go to http://www.ic3.gov We are now researching to see if there is anything to clean it over sitting in quarentine. I may suggest you contact your ISP & see what they tell you & if we find a tool for cleaning I will gladly post here as to where you can get it. Wish me luck.

Collapse -
There are plenty of tools out there
by Eddiefromalienwarecomps / November 24, 2005 9:08 AM PST
In reply to: Help

You can go to www.download.com and get free virus protection along with paid services, like I have a free AVG virus protection on my laptop. You can go to your local retail store and buy Norton anti virus or any other virus protection, or get a firewall with virus scanners.

Collapse -
plenty of tools
by thumperrr24 / November 24, 2005 10:20 AM PST

Yeah I know the anti virus route. I guess I should have been more clear, I meant a tool specifically for cleaning this worm. Obviously we have anti virus protection, how else would we know we are infected.? So telling us to get an anti virus program, well hmmm how to put this nicely, ummm it's obvious we have been there done that. As with some nasty lil varments than can rampage through a PC sometimes there is a stand alone application to get rid of that nasty lil pest, which in this case I haven't found one & my anti virus has not detected a virus & my sister inlaw got hers in quarentine & since deleted it through the vault. Where at one time she got a pop up saying deleting could set it free. It was once she got rid of the email she could delete it... reason for keeping was in case she had to copy & paste the email alone for ISP or whoever may need it for investigation. & ummm notice copy & paste the email, not forward.

Collapse -
Kind of weird
by Eddiefromalienwarecomps / November 24, 2005 1:40 PM PST
In reply to: plenty of tools

Wow that never happened to me when I would be deleting a worm/virus and I would get a pop saying deleting this can worm can set it free. Setting it free meaning away from your sisters computer, then yeah that is a good thing. But say setting it free and it goes deeper into you sisters computer, that is a bad thing. Maybe it was some pop up of the virus so that it would scare your sister from deleting the virus?? Oh well at least it has been deleted so both you and your sister should have no worries.

Collapse -
weird?!?!?!
by thumperrr24 / November 24, 2005 11:22 PM PST
In reply to: Kind of weird

Yep I agree it's weird. Yeah could have been a scare but then maybe not. With the original email sitting in a subfolder of the inbox for possible refference to investigate. By trying to delete the worm from the vault may have just set it back to the freedom of your pc by reattaching to the original email.Who really knows. What we did was copy the email to word & deleted the email & then emptied the vault without a problem. So I guess IF we ever want to save an email for future sending, like jokes or whatever & the original one came infected, copy & paste the body of the email to word then delete the email, clean the vault. Then just copy the text back into a new email & then you should be able to safely send the jokes. And even after copy & pasting into word, deleting email & emptying the vault, VIRUS SCAN, VIRUS SCAN, VIRUS SCAN. Most say you cannot scan for viruses enough.

Collapse -
Hi, Thumperrr
by PKsteven / November 25, 2005 12:51 PM PST
In reply to: plenty of tools
Collapse -
Cool Paul
by thumperrr24 / November 25, 2005 10:56 PM PST
In reply to: Hi, Thumperrr

Cool Paul thanks a bunch. I am emailing that link to all my buds & they best bookmark it LOL. I am self taught PC, builder, repair you name it & still not afraid to ask for things. With a PC you never stop learning. No matter how good you are with a PC things are always changing & well LOL we all have made our boo boo's. (hides head & admits I made my fair share LOL)I have come to like this forum, I am new to the site & finding it right full of info. Alot of it I know but hey you learn different ways to fix things too. Many good people that don't make you feel like a dork for asking. I was looking for a site exactly like you gave, guess I wasn't seeing it when I looked at Symantec, or just bling from looking at the monitor. So thanks again for the link I was too blind to see.

Collapse -
Yes, we all make them
by PKsteven / November 26, 2005 2:50 AM PST
In reply to: Cool Paul

Glad I could help and yes we all make mistakes, no need to put your head down.:) Technology is changing faster than we can keep up with so we just do our best. Most of the mistakes I have made, are what remind me how to do things correctly now, funny isn't it? Mistakes are made for a reason as long as we learn by them.
Take care, Paul

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

HOLIDAY GIFT GUIDE 2017

Cameras that make great holiday gifts

Let them start the new year with a step up in photo and video quality from a phone.