WinSobigFmm free Removal Tool
License:freeware | Update:2008.01.07
Win32.Sobig.F@mm FREE Removal Tool Name: Win32.Sobig.F@mm
Aliases: W32/Sobig.F@mm
Type: Executable Mass Mailer
Size: ~70 KB
Discovered: 19.08.2000
Spreading: High
Damage: Low
In The Wild: Yes
Symptoms:
Registry keys:
HKLMSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
HKCUSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
Following files in the %WINDIR% folder:
Winstt32.dat
Winppr32.exe
Winstf32.dll
Technical description:
It arrives in e-mail in the following format:
Subject:
Randomly chosen from the following list:
"Re: Wicked screensaver"
"Re: That movie"
"Re: Your application"
"Re: Approved"
"Re: Re: My details"
"Re: Details"
"Your details"
"Thank you!"
"Re: Thank you!"
Body:
Please see the attached file for details.
Or
See the attached file for details
Attachment:
Randomly chosen from the following list:
"movie0045.pif"
"wicked_scr.scr"
"application.pif"
"document_9446.pif"
"details.pif"
"your_details.pif"
"thank_you.pif"
"document_all.pif"
"your_document.pif "
After the user opens the attachment the worm copies in the following location:
%WINDIR%winppr32.exe
and adds the following registry keys:
HKLMSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
HKCUSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
It searches for e-mails in the following file types:
html, wab, mht, hlp, txt, eml, htm, dbx
The worm also spreads trough network shares.
After the 10.09.2003 it stops spreading
Removal instructions:
The BitDefender Virus Analyse Team has releasead a free removal tool for this particular virus.
Important: You will have to close all applications before running the tool (including the antivirus shields) and to restart the computer afterwards. Additionally you'll have to manually delete the infected files located in archives and the infected messages from your mail client.
The BitDefender Antisobig-en.exe tool does the following:
You may also need to restore the affected files.
To prevent the virus from replicating itself from infected machines to clean machines, you should try to disinfect all computers in the network before rebooting any of them, or unplug the network cables.
Related Software
|
|
WinSobigFmm free Removal Tool |
| Win32.Sobig.F@mm FREE Removal Tool Name: Win32.Sobig.F@mm Aliases: W32/Sobig.F@mm Type: Executable Mass Mailer Size: ~70 KB Discovered: 19.08.2000 Spreading: High Damage: Low In The Wild: Yes Symptoms: Registry keys: ... |
|
W32.Bofra free removal tool |
| Free removal tool for W32.Bofra@mm. (renamed from W32.Mydoom) Symantec Security Response has developed a removal tool to clean the following infections: W32.Bofra.A@mm (renamed from W32.Mydoom.AI@mm) W32.Bofra.B@mm (renamed from W32.Mydoom.AJ@mm) W32.Bofra.C@mm... |
|
W32 Zotob Free Removal Tool |
| Remove the infections of the following threats: W32.Zotob.A, W32.Zotob.B, W32.Zotob.C@mm, W32.Zotob.D, W32.Zotob.E, W32.Zotob.F W32.Zotob Free Removal Tool was designed to remove infections of the following threats: W32.Zotob.A W32.Zotob.B W32.Zotob.C@mm ... |
|
W32MytobAR Free Removal Tool |
| W32.Mytob.AR@mm Free Removal Tool was designed to remove the infections of W32.Mytob.AR@mm W32.Mytob.AR@mm Free Removal Tool was designed to remove the infections of W32.Mytob.AR@mm. Important: If you are on a network or have a full-time connection to the Internet,... |
|
W32KelvirD Free Removal Tool |
| Free Removal Tool for W32.Kelvir.D virus W32.Kelvir.D Free Removal Tool from Symatec. The W32.Kelvir.D Removal Tool does the following: - Terminates the W32.Kelvir.D processes - Deletes the W32.Kelvir.D files - Deletes the registry values that the worm added ... |
|
IWormZafib free removal tool |
| I-Worm.Zafi.b removal tool- removal tool for I-Worm.Zafi.b and I-Worm.Bagle.at,au I-Worm.Zafi.b removal tool is a free removal tool for computers infected with I-Worm.Zafi.b worm If your computer has been infected by I-Worm.Zafi.b virus, you can download a free removal... |
|
BackdoorAgentB free removal tool |
| Backdoor.Agent.B free removal tool -removal tool for Backdoor.Agent.B Follow these steps to download and run the tool: Download the FxAgentB.exe Save the file to a convenient location, such as your Windows desktop. Close all the running programs. (If you are on a... |
|
W32Serflog Free Removal Tool |
| W32.Serflog.A Free Removal Tool - free removal for W32.Serflog.A infections This tool is designed to remove infections of W32.Serflog.A. The W32.Serflog.A Removal Tool does the following: - Terminates the W32.Serflog.A processes - Deletes the W32.Serflog.A files -... |
|
WinMydoomVmm Free Removal tool |
| Free Removal tool for Win32.Mydoom.V@mm virus Symptoms: Presence of files Documents and SettingsAdministratorStart MenuProgramsStartuprx32hh00.exe and %SYSTEM%winspf32.exe. Presence of a file tmp*.tmp with a size of 234496 bytes. Presence of registry key:... |
|
|
WinBagleALmm free removal tool |
| Free removal tool for Win32.Bagle.AL@mm Symptoms: - Presence of file %SYSTEM%WINdirect.exe. - Presence of file %SYSTEM%windll.exe. - Presence of registry key HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunwin_upd.exe = %SYSTEM%WINdirect.exe or ... |