|
|
| Immediate Delivery |
 |
| 55 KB |
 |
|
Publisher's description of WinSobigFmm free Removal Tool
|
|
|
|
Win32.Sobig.F@mm FREE Removal Tool Name: Win32.Sobig.F@mm
Aliases: W32/Sobig.F@mm
Type: Executable Mass Mailer
Size: ~70 KB
Discovered: 19.08.2000
Spreading: High
Damage: Low
In The Wild: Yes
Symptoms:
Registry keys:
HKLMSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
HKCUSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
Following files in the %WINDIR% folder:
Winstt32.dat
Winppr32.exe
Winstf32.dll
Technical description:
It arrives in e-mail in the following format:
Subject:
Randomly chosen from the following list:
"Re: Wicked screensaver"
"Re: That movie"
"Re: Your application"
"Re: Approved"
"Re: Re: My details"
"Re: Details"
"Your details"
"Thank you!"
"Re: Thank you!"
Body:
Please see the attached file for details.
Or
See the attached file for details
Attachment:
Randomly chosen from the following list:
"movie0045.pif"
"wicked_scr.scr"
"application.pif"
"document_9446.pif"
"details.pif"
"your_details.pif"
"thank_you.pif"
"document_all.pif"
"your_document.pif "
After the user opens the attachment the worm copies in the following location:
%WINDIR%winppr32.exe
and adds the following registry keys:
HKLMSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
HKCUSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
It searches for e-mails in the following file types:
html, wab, mht, hlp, txt, eml, htm, dbx
The worm also spreads trough network shares.
After the 10.09.2003 it stops spreading
Removal instructions:
The BitDefender Virus Analyse Team has releasead a free removal tool for this particular virus.
Important: You will have to close all applications before running the tool (including the antivirus shields) and to restart the computer afterwards. Additionally you'll have to manually delete the infected files located in archives and the infected messages from your mail client.
The BitDefender Antisobig-en.exe tool does the following:
it detects all the known Sobig versions;
it deletes the files infected with Sobig;
it kills the process from memory;
it repairs the Windows registry
You may also need to restore the affected files.
To prevent the virus from replicating itself from infected machines to clean machines, you should try to disinfect all computers in the network before rebooting any of them, or unplug the network cables.
|
|
55 KB |
 |
 |
|
| Downloads: |
15 |
Last update: |
Jan 7, 2008 |
| Size: |
55 KB |
Operating System: |
Windows All |
| Price: |
- |
License: |
Freeware |
| You may also be interested in: |
|
BackDoor.Rebbew (A,B,C,D) Removal Tool Small removal tool for the BackDoor.Rebbew (A,B,C,D) infection...
Panda Platinum 2006 Internet Security le ofrece la protecciÃÆón mÃÆás eficaz contra virus, spyware, hackers, phishing, spam y demÃÆás amenazas, para que disfrute de Internet con toda tranquilidad....
W32.Kelvir.D Free Removal Tool 1.0.1 Free Removal Tool for W32.Kelvir.D virus...
W32.Mytob.AR@mm Free Removal Tool 1.0.2 W32.Mytob.AR@mm Free Removal Tool was designed to remove the infections of W32.Mytob.AR@mm...
W32.Erkez.B@mm Removal Tool 1.0.0 Free removal tool to clean the infections of W32.Erkez.B@mm...
|
|
| More to Try |
PC Washer is a powerful system cleaner that allows you to remove space wasting junk files from...
Parallels Desktop 3.0 for Mac provides the best solution to enable Apple users to run Windows,...
STOPzilla Anti-Spyware safely detects and removes Spyware, Adware, Popup Ads, Phishing Attacks,...
KriptoDrive 2007 Makes your documents truly safe, so nobody can read them or manipulate them...
EasyClone 2008 Technician is the complete solution to backup your hard disk. It copies the entire...
PictureImp is the world's first "Zero-Click" web image downloader. You will definitely love...
|
|
