Win32.Sobig.F@mm Removal Tool 1.0
Name: Win32.
|
0.00 
Freeware
0K
Windows Vista 
Name: Win32.Sobig.F@mm
Aliases: W32/Sobig.F@mm
Type: Executable Mass Mailer
Size: ~70 KB
Discovered: 19.08.2000
Spreading: High
Damage: Low
In The Wild: Yes
Symptoms:
Registry keys:
HKLMSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
HKCUSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
Following files in the %WINDIR% folder:
Winstt32.dat
Winppr32.exe
Winstf32.dll
Technical description:
It arrives in e-mail in the following format:
Subject:
Randomly chosen from the following list:
"Re: Wicked screensaver"
"Re: That movie"
"Re: Your application"
"Re: Approved"
"Re: Re: My details"
"Re: Details"
"Your details"
"Thank you!"
"Re: Thank you!"
Body:
Please see the attached file for details.
Or
See the attached file for details
Attachment:
Randomly chosen from the following list:
“movie0045.pif"
"wicked_scr.scr"
"application.pif"
"document_9446.pif"
"details.pif"
"your_details.pif"
"thank_you.pif"
"document_all.pif"
"your_document.pif “
After the user opens the attachment the worm copies in the following location:
%WINDIR%winppr32.exe
and adds the following registry keys:
HKLMSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
HKCUSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
It searches for e-mails in the following file types:
html, wab, mht, hlp, txt, eml, htm, dbx
The worm also spreads trough network shares.
After the 10.09.2003 it stops spreading
Removal instructions:
The BitDefender Virus Analyse Team has releasead a free removal tool for this particular virus.
Important: You will have to close all applications before running the tool (including the antivirus shields) and to restart the computer afterwards. Additionally you'll have to manually delete the infected files located in archives and the infected messages from your mail client.
The BitDefender Antisobig-en.exe tool does the following:
You may also need to restore the affected files.
To prevent the virus from replicating itself from infected machines to clean machines, you should try to disinfect all computers in the network before rebooting any of them, or unplug the network cables.
tags
the following windirwinppr32 exe exe sinc with value value windirwinppr32 thank you attached file pif document for details details pif file for the worm the infected
Download Win32.Sobig.F@mm Removal Tool 1.0
Download Win32.Sobig.F@mm Removal Tool 1.0
Similar software
Win32.Sobig.F@mm Removal Tool 1.0
SOFTWIN
Name: Win32.
NotSoBig 1.1
Fresh Software
NotSoBig will log into your POP3 account, scan for all varients of the SoBig virus, and delete them off the server.
HS SoBigRemover 1.2
Yenicag Bilisim Ltd
This software can be used to detect large number of SoBig viruses in an email account and delete them remotely without needing to download any of them to your machine.
MailBoy 2004 Mass Mailer 1.9
MMSoft Inc.
MailBoy 2004 MASS MAILER - Easy to use yet powerful mass mailer.
ADV Mass Mailer for Outlook 2000/XP/2003 2.0
Advancity Internet Solutions
ADV Mass Mailer is a program for Microsoft Outlook 2000 and Outlook XP to allow the users send mass mail to the contacts in their Contacts folders.
Win32.Bagle.AJ@mm Free Removal tool 1.0
Bitdefender
Free removal tool for Win32.
Excel Bulk Mailer 3.00
Martin Groesbeek
Excel Bulk Mailer is an excel based 'Mass Mailer'.
1st Mass Mailer 6.642
IM-Soft
1st Mass Mailer is a very fast mass mailer with a lot of useful features.
Mass Mailer 2.32
Mass Mailer
Mass Mailer gives you the features you need to quickly create and maintain a successful Internet marketing campaign.
Easy Mass Mailer 1.8
EasySoftMade Inc.
Easy Mass Mailer is uniquely fast and easy to use email sending program.
RSS