1. /
  2. Security Response/
  3. W32.Sober.gen

W32.Sober.gen

Risk Level 1: Very Low

Discovered:
December 20, 2003
Updated:
February 13, 2007 12:15:24 PM
Type:
Worm
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

W32.Sober.gen is a generic detection for a mass-mailing worm that uses its own SMTP engine to spread. The subject of the email varies but has been known to be in either English or German. The email's attachment name also varies, but will commonly have a .bat, .com, .cmd, .exe, .pif, or .scr file extension.

The first time W32.Sober.gen is activated, it displays a cryptic fake error message and then appears to exit.

This threat is written in the Microsoft Visual Basic programming language.

If your computer is detected as infected with W32.Sober.gen, download and run the removal tool. In most cases, it will be able to remove the infection.

Antivirus Protection Dates

  • Initial Rapid Release version December 20, 2003
  • Latest Rapid Release version August 18, 2012 revision 025
  • Initial Daily Certified version December 20, 2003 revision 002
  • Latest Daily Certified version August 19, 2012 revision 007
  • Initial Weekly Certified release date December 20, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: Low
Writeup By: Atli Gudmundsson
Summary| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver