WinSobigFmm free Removal ToolWin32.Sobig.F@mm Removal Tool 1.0 Win32.Sobig.F@mm FREE Removal Tool | |
Download |
WinSobigFmm free Removal Tool Ranking & Summary
Advertisement
WinSobigFmm free Removal Tool Tags
- Win32/Virut Win32.Mytob Win32.Evaman Win32.Swash Win32.Mofei Sobig.E antivirus Sobig.E Win32.Rovud.a-c Sobig.F antivirus Sobig.F W32/Sobig.F Win32/Vampiro I-Worm.Sobig Win32/Tanatos Win32.Parite erase Win32/Sality Win32/Sality Win32.Pawur erase Win32/Prepender Win32/Prepender erase Win32/Magistr Win32/Magistr erase Win32/Mabezat Win32/Mabezat Win32/Kriz erase Win32/Gaelicum Win32/Gaelicum erase Win32/Elkern Win32/Elkern erase Win32/Dupator Win32/Dupator erase Win32/Delf.2.B Win32/Delf.2.B erase Win32/Alman Win32/Alman sobig remover sobig mm editor Win32.IrcBot Win32 MIDP to Win32 mm+g Win32 COM mm
WinSobigFmm free Removal Tool Description
Win32.Sobig.F@mm FREE Removal Tool Name: Win32.Sobig.F@mm Aliases: W32/Sobig.F@mm Type: Executable Mass Mailer Size: ~70 KB Discovered: 19.08.2000 Spreading: High Damage: Low In The Wild: Yes Symptoms: Registry keys: HKLMSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value: %WINDIR%winppr32.exe /sinc HKCUSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value: %WINDIR%winppr32.exe /sinc Following files in the %WINDIR% folder: Winstt32.dat Winppr32.exe Winstf32.dll Technical description: It arrives in e-mail in the following format: Subject: Randomly chosen from the following list: "Re: Wicked screensaver" "Re: That movie" "Re: Your application" "Re: Approved" "Re: Re: My details" "Re: Details" "Your details" "Thank you!" "Re: Thank you!" Body: Please see the attached file for details. Or See the attached file for details Attachment: Randomly chosen from the following list: "movie0045.pif" "wicked_scr.scr" "application.pif" "document_9446.pif" "details.pif" "your_details.pif" "thank_you.pif" "document_all.pif" "your_document.pif " After the user opens the attachment the worm copies in the following location: %WINDIR%winppr32.exe and adds the following registry keys: HKLMSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value: %WINDIR%winppr32.exe /sinc HKCUSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value: %WINDIR%winppr32.exe /sinc It searches for e-mails in the following file types: html, wab, mht, hlp, txt, eml, htm, dbx The worm also spreads trough network shares. After the 10.09.2003 it stops spreading Removal instructions: The BitDefender Virus Analyse Team has releasead a free removal tool for this particular virus. Important: You will have to close all applications before running the tool (including the antivirus shields) and to restart the computer afterwards. Additionally you'll have to manually delete the infected files located in archives and the infected messages from your mail client. The BitDefender Antisobig-en.exe tool does the following: it detects all the known Sobig versions; it deletes the files infected with Sobig; it kills the process from memory; it repairs the Windows registry You may also need to restore the affected files. To prevent the virus from replicating itself from infected machines to clean machines, you should try to disinfect all computers in the network before rebooting any of them, or unplug the network cables.
WinSobigFmm free Removal Tool Related Software