Win32.Sobig.F@mm Removal Tool 1.0
Sponsored Links
Win32.Sobig.F@mm Removal Tool 1.0 Ranking & Summary
File size:
55 KB
Platform:
Windows 9X/ME/NT/2K/2003/XP/Vista
License:
Freeware
Price:
Downloads:
1796
Date added:
2004-12-06
Publisher:
SoftWin
Win32.Sobig.F@mm Removal Tool 1.0 description
Name: Win32.Sobig.F@mm
Aliases: W32/Sobig.F@mm
Type: Executable Mass Mailer
Size: ~70 KB
Discovered: 19.08.2000
Spreading: High
Damage: Low
In The Wild: Yes
Symptoms:
Registry keys:
HKLMSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
HKCUSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
Following files in the %WINDIR% folder:
Winstt32.dat
Winppr32.exe
Winstf32.dll
Technical description:
It arrives in e-mail in the following format:
Subject:
Randomly chosen from the following list:
"Re: Wicked screensaver"
"Re: That movie"
"Re: Your application"
"Re: Approved"
"Re: Re: My details"
"Re: Details"
"Your details"
"Thank you!"
"Re: Thank you!"
Body:
Please see the attached file for details.
Or
See the attached file for details
Attachment:
Randomly chosen from the following list:
movie0045.pif"
"wicked_scr.scr"
"application.pif"
"document_9446.pif"
"details.pif"
"your_details.pif"
"thank_you.pif"
"document_all.pif"
"your_document.pif
After the user opens the attachment the worm copies in the following location:
%WINDIR%winppr32.exe
and adds the following registry keys:
HKLMSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
HKCUSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
It searches for e-mails in the following file types:
html, wab, mht, hlp, txt, eml, htm, dbx
The worm also spreads trough network shares.
After the 10.09.2003 it stops spreading
Removal instructions:
The BitDefender Virus Analyse Team has releasead a free removal tool for this particular virus.
Important: You will have to close all applications before running the tool (including the antivirus shields) and to restart the computer afterwards. Additionally youll have to manually delete the infected files located in archives and the infected messages from your mail client.
The BitDefender Antisobig-en.exe tool does the following:
- it detects all the known Sobig versions;
- it deletes the files infected with Sobig;
- it kills the process from memory;
- it repairs the Windows registry
You may also need to restore the affected files.
To prevent the virus from replicating itself from infected machines to clean machines, you should try to disinfect all computers in the network before rebooting any of them, or unplug the network cables.
Aliases: W32/Sobig.F@mm
Type: Executable Mass Mailer
Size: ~70 KB
Discovered: 19.08.2000
Spreading: High
Damage: Low
In The Wild: Yes
Symptoms:
Registry keys:
HKLMSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
HKCUSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
Following files in the %WINDIR% folder:
Winstt32.dat
Winppr32.exe
Winstf32.dll
Technical description:
It arrives in e-mail in the following format:
Subject:
Randomly chosen from the following list:
"Re: Wicked screensaver"
"Re: That movie"
"Re: Your application"
"Re: Approved"
"Re: Re: My details"
"Re: Details"
"Your details"
"Thank you!"
"Re: Thank you!"
Body:
Please see the attached file for details.
Or
See the attached file for details
Attachment:
Randomly chosen from the following list:
movie0045.pif"
"wicked_scr.scr"
"application.pif"
"document_9446.pif"
"details.pif"
"your_details.pif"
"thank_you.pif"
"document_all.pif"
"your_document.pif
After the user opens the attachment the worm copies in the following location:
%WINDIR%winppr32.exe
and adds the following registry keys:
HKLMSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
HKCUSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
It searches for e-mails in the following file types:
html, wab, mht, hlp, txt, eml, htm, dbx
The worm also spreads trough network shares.
After the 10.09.2003 it stops spreading
Removal instructions:
The BitDefender Virus Analyse Team has releasead a free removal tool for this particular virus.
Important: You will have to close all applications before running the tool (including the antivirus shields) and to restart the computer afterwards. Additionally youll have to manually delete the infected files located in archives and the infected messages from your mail client.
The BitDefender Antisobig-en.exe tool does the following:
- it detects all the known Sobig versions;
- it deletes the files infected with Sobig;
- it kills the process from memory;
- it repairs the Windows registry
You may also need to restore the affected files.
To prevent the virus from replicating itself from infected machines to clean machines, you should try to disinfect all computers in the network before rebooting any of them, or unplug the network cables.
Win32.Sobig.F@mm Removal Tool 1.0 Screenshot
Advertisements
Win32.Sobig.F@mm Removal Tool 1.0 Keywords
Win32.Sobig.F
Removal Tool
WINDIR
Removal Tool 1.0
Tool 1.0
tool
removal
mm
Re:
following
infected
Win32.Sobig.F@mm Removal Tool
Win32.Sobig.F@mm Removal Tool 1.0
Anti-Virus Tools
Security & Privacy
Bookmark Win32.Sobig.F@mm Removal Tool 1.0
Win32.Sobig.F@mm Removal Tool 1.0 Copyright
WareSeeker periodically updates pricing and software information of Win32.Sobig.F@mm Removal Tool 1.0 full version from the publisher, so some information may be slightly out-of-date. You should confirm all information before relying on it. Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future development of Win32.Sobig.F@mm Removal Tool 1.0 Edition. Download links are directly from our publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
Featured Software
Want to place your software product here?
Please contact us for consideration.
Contact WareSeeker.com
Related Information
msjvm removal tool 1.0a
virus removal tools
norton removal tool
removal tools
malicious software removal tool
spyware removal tool
removal tool for antivirus 2009
mcafee removal tool
removal tool norton
virus removal tool
removal tool for mcafee
trojan removal tool
alexa toolbar removal tool 1.0
symantec removal tool
removal tool antivirus pro 2009
removal tool for avg
removal tool for trojan horse
mirar toolbar removal
Related Software
Free Win32.Bagle.AD@mm Removal Tool Free Download
A removal tool to clean the W32.Bofra infections. Free Download
This tool is designed to remove the infections of the W32.Bobax threats. Free Download
Win32.Bagle.AJ@mm Free Removal tool Free Download
Free Win32.Evaman.A@mm Removal Tool Free Download
Free removal tool for Win32.Bagle.AL@mm Free Download
This software removes the W32.Mytob@mm worms from you computer Free Download
W32.Pasobir Removal Tool was designed to remove the infections of W32.Pasobir Free Download
Latest Software
Popular Software
Favourite Software
