Download software free New Listings :: Most Popular Listings :: Top Ranked :: Link to Us :: Search :: Site Map
Google
  Web SoftNu.com   

Categories
Windows
Drivers
Games
Linux

Most Popular This Week
1. McAfee AVERT Stinger3
2. The Cleaner Pro3
3. AntiVir Personal Edition6
4. Trojan Remover6
5. avast! Virus Cleaner5
Most Popular This Month
1. McAfee AVERT Stinger17
2. The Cleaner Pro9
3. NOD323
4. XSecure3
5. MiMail worm free removal tool2
Most Downloaded This Month
1. McAfee AVERT Stinger6
2. Anti Trojan Elite2
3. Microsoft Mydoom Worm Removal Tool2
4. IPArmor2
5. NotSoBig2
Most Downloaded This Week
1. McAfee AVERT Stinger2
2. avast! Virus Cleaner1
3. Trojan Remover1
4. Avast! Home Edition1
5. Anti Trojan Elite1
Refer Win32.Sobig.F@mm Removal Tool to a friend!

If you have a friend that you would like to recommend this page to, or if you just want to send yourself a reminder, here is the easy way to do it!

Simply fill in the e-mail address of the person(s) you wish to tell about Win32.Sobig.F@mm Removal Tool, your name and e-mail address (so they do not think it is spam and can reply to you directly with gracious thanks), and click the SEND button.

If you want to, you can also enter a message that will be included on the e-mail.

After sending the e-mail, you will be transported back to the page you recommended!

Resource title:Win32.Sobig.F@mm Removal Tool
Resource URL:http://www.softnu.com/win32.sobig.f-mm-removal-tool.html
Description:Name: Win32.Sobig.F@mm Aliases: W32/Sobig.F@mm Type: Executable Mass Mailer Size: ~70 KB Discovered: 19.08.2000 Spreading: High Damage: Low In The Wild: Yes Symptoms: Registry keys: HKLMSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value: %WINDIR%winppr32.exe /sinc HKCUSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value: %WINDIR%winppr32.exe /sinc Following files in the %WINDIR% folder: Winstt32.dat Winppr32.exe Winstf32.dll Technical description: It arrives in e-mail in the following format: Subject: Randomly chosen from the following list: "Re: That movie" "Re: Wicked screensaver" "Re: Your application" "Re: Approved" "Re: Re: My details" "Re: Details" "Your details" "Thank you!" "Re: Thank you!" Body: Please see the attached file for details. Or See the attached file for details Attachment: Randomly chosen from the following list: “movie0045.pif" "wicked_scr.scr" "application.pif" "document_9446.pif" "details.pif" "your_details.pif" "thank_you.pif" "document_all.pif" "your_document.pif “ After the user opens the attachment the worm copies in the following location: %WINDIR%winppr32.exe and adds the following registry keys: HKLMSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value: %WINDIR%winppr32.exe /sinc HKCUSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value: %WINDIR%winppr32.exe /sinc It searches for e-mails in the following file types: html, wab, mht, hlp, txt, eml, htm, dbx The worm also spreads trough network shares. After the 10.09.2003 it stops spreading Removal instructions: The BitDefender Virus Analyse Team has releasead a free removal tool for this particular virus. Important: You will have to close all applications before running the tool (including the antivirus shields) and to restart the computer afterwards. Additionally you'll have to manually delete the infected files located in archives and the infected messages from your mail client. The BitDefender Antisobig-en.exe tool does the following: - it detects all the known Sobig versions; - it deletes the files infected with Sobig; - it kills the process from memory; - it repairs the Windows registry. You may also need to restore the affected files. To prevent the virus from replicating itself from infected machines to clean machines, you should try to disinfect all computers in the network before rebooting any of them, or unplug the network cables.




Home Add a Link Modify a Link Login Register
SoftNu.com, Free Software Download (C) 2003