Win32.Sobig.F@mm Removal Tool 1.0
Name: Win32.
|
0.00 
Freeware
0K
Windows Vista 
Name: Win32.Sobig.F@mm
Aliases: W32/Sobig.F@mm
Type: Executable Mass Mailer
Size: ~70 KB
Discovered: 19.08.2000
Spreading: High
Damage: Low
In The Wild: Yes
Symptoms:
Registry keys:
HKLMSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
HKCUSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
Following files in the %WINDIR% folder:
Winstt32.dat
Winppr32.exe
Winstf32.dll
Technical description:
It arrives in e-mail in the following format:
Subject:
Randomly chosen from the following list:
"Re: Wicked screensaver"
"Re: That movie"
"Re: Your application"
"Re: Approved"
"Re: Re: My details"
"Re: Details"
"Your details"
"Thank you!"
"Re: Thank you!"
Body:
Please see the attached file for details.
Or
See the attached file for details
Attachment:
Randomly chosen from the following list:
“movie0045.pif"
"wicked_scr.scr"
"application.pif"
"document_9446.pif"
"details.pif"
"your_details.pif"
"thank_you.pif"
"document_all.pif"
"your_document.pif “
After the user opens the attachment the worm copies in the following location:
%WINDIR%winppr32.exe
and adds the following registry keys:
HKLMSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
HKCUSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
It searches for e-mails in the following file types:
html, wab, mht, hlp, txt, eml, htm, dbx
The worm also spreads trough network shares.
After the 10.09.2003 it stops spreading
Removal instructions:
The BitDefender Virus Analyse Team has releasead a free removal tool for this particular virus.
Important: You will have to close all applications before running the tool (including the antivirus shields) and to restart the computer afterwards. Additionally you'll have to manually delete the infected files located in archives and the infected messages from your mail client.
The BitDefender Antisobig-en.exe tool does the following:
You may also need to restore the affected files.
To prevent the virus from replicating itself from infected machines to clean machines, you should try to disinfect all computers in the network before rebooting any of them, or unplug the network cables.
tags
the following windirwinppr32 exe exe sinc with value value windirwinppr32 thank you attached file pif document for details details pif file for the worm the infected
Download Win32.Sobig.F@mm Removal Tool 1.0
Download Win32.Sobig.F@mm Removal Tool 1.0
Similar software
Win32.Sobig.F@mm Removal Tool 1.0
SOFTWIN
Name: Win32.
MSN Password Sniffer 1.0
mythusoft
MSN Password sniffer is a useful and handy utility that can capture MSN passwords.
Chameleon Clock 5.1
Jury Gerasimov
Chameleon Clock is a desktop clock which purpose is to be useful, user-friendly, and beautiful.
Outlook Profiler 2.7.0.1
GOFF
Outlook Profiler addresses the need to create Outlook Exchange profiles automatically.
Parity Plus 2.1
DataBull
Parity Plus is one of the most powerful Stock Charting and Technical Analysis software application available on the market.
EasyMP3 2005 2.0.0.19
ZeuS Microsystems
EasyMP3 was created to simply encode and decode audio files.
DivX DVD Ripper 1.5
Openwares
DivX DVD Ripper is a free and useful tool for backing up your DVD movies.
Download Accelerator Lite 1.0.4
Openwares
Download Accelerator Lite (DAL) is a free and useful open source tool for increasing download speeds and for resuming, scheduling, and organizing downloads.
Torrent Search 4.8
Openwares
Wired Magazine declared “Kazaa is tired, BitTorrent is Wired!” BitTorrent is the fastest and the newest growing file sharing client for the Windows operating system.
Advanced System Tune up 3.1.0.4
Softwaredepo.com
FREE Advanced System Tuneup and Optimizer is a free program that consist of many useful modules that can be launched from the startup screen.
RSS