image provided by Linkware Graphics Music Images
 Nick Rozanski CEng FBCS		 CEng Registration No 569711

 

 

If think you have received a virus-laden email from me recently, or are concerned that I have installed a piece of Trojan-horse software on your PC, that is not the case.

The following will explain what is going on and what you can do about it.

The Sobig.F Virus and Spurious Emails

Sobig.F is a particularly irksome virus. Not only does it propagate itself by sending email to everyone in your Outlook address book, it spoofs the sender to a random email address which it scavenges from your hard disk. Someone, somewhere out there has my email address on their PC and has become infected with Sobig.F. They are sending emails which purport to be from me but are being spoofed from their own computer (without their knowledge, I presume).

I regularly scan my work and home PCs using the latest virus signatures and can confirm 100% that I am not infected. In any case, nowadays I manage my email using Thunderbird on Fedora Core Linux so am much less vulnerable to viruses and spyware than when I was running Windows.

With luck, your email service provider has been filtering these emails out before they get to you. (Unfortunately they also forward me a message every time this happens - I have now received a couple of hundred of these). But if you have received an email from me with one of the following subject lines:

  • Your details
  • Thank you!
  • Re: Thank you!
  • Re: Details
  • Re: Re: My details
  • Re: Approved
  • Re: Your application
  • Re: Wicked screensaver
  • Re: That movie

then please just delete it. Do not send me an email telling me I have sent you a virus. I haven't, and you are just playing into the virus-writer's hands.

Sobig.F switched itself off on 10 September 2003. However it is believed that new versions are in development. If you are reading this and haven't recently virus-checked your PC, do it now!

MADFINDER Spyware and SVC.EXE

Spyware is software which is installed on your computer without your knowledge or consent, and which proceeds to secretly gather information about you or your on-line activities. Spyware is surreptitiously installed after visiting a malicious or compromised Internet site, or may be delivered to your PC by a virus. Spyware is not always detected by anti-virus software and may not be blocked by firewalls. It usually needs specialised removal software such as Ad-Aware in order to remove it.

Madfinder is spyware written using an Internet Explorer technology called the Browser Helper Object. I understand that Madfinder installs a file called SVC.EXE, and that if you delete this file and references to it in your Startup folder it re-appears the next time you boot your PC.

This file is unrelated to my utility of the same name. I can't help you remove it so please don't ask!

I am told that that version 6.181 of Ad-Aware will remove Madfinder, although as I haven't been infected I can't confirm this. You can download a free version of Ad-Aware from http://www.lavasoft.de.

I have also been told about a tool called CWShredder aimed specifically at removing Madfinder and its variants. You can download a free version of CWShredder from http://www.spywareinfo.com/~merijn/cwschronicles.html.

Thanks to Daniel, Maurice and Anders for making me aware of Madfinder and how to remove it.
quick links

My Architecture Book

My Architecture Book

 contents
 architecture links
 quick reference card

About Me

 My Curriculum Vitae
 find me on LinkedIn

My Other Sites

 Kingston Chamber Orchestra

KCO site statistics from SiteUptime

Copyright © 2007 Nick Rozanski URL: http://www.nick.rozanski.org.uk/index.php?page=virus Last changed: 26 April 2008