Win32.Sobig.F@mm Removal Tool 1.0

Win32.Sobig.F@mm Removal Tool 1.0 Screenshot Name: Win32.

Developer:	SOFTWIN software by SOFTWIN →
Price:	0.00
License:	Freeware
File size:	0K
Language:
OS:	Windows Vista (?)
Rating:	0 /5 (0 votes)

Name: Win32.Sobig.F@mm
Aliases: W32/Sobig.F@mm
Type: Executable Mass Mailer
Size: ~70 KB
Discovered: 19.08.2000
Spreading: High
Damage: Low
In The Wild: Yes

Symptoms:
Registry keys:
HKLMSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
HKCUSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc

Following files in the %WINDIR% folder:

Winstt32.dat
Winppr32.exe
Winstf32.dll

Technical description:

It arrives in e-mail in the following format:

Subject:
Randomly chosen from the following list:
"Re: Wicked screensaver"
"Re: That movie"
"Re: Your application"
"Re: Approved"
"Re: Re: My details"
"Re: Details"
"Your details"
"Thank you!"
"Re: Thank you!"

Body:
Please see the attached file for details.
Or
See the attached file for details

Attachment:
Randomly chosen from the following list:
“movie0045.pif"
"wicked_scr.scr"
"application.pif"
"document_9446.pif"
"details.pif"
"your_details.pif"
"thank_you.pif"
"document_all.pif"
"your_document.pif “

After the user opens the attachment the worm copies in the following location:
%WINDIR%winppr32.exe
and adds the following registry keys:
HKLMSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc

HKCUSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc

It searches for e-mails in the following file types:
html, wab, mht, hlp, txt, eml, htm, dbx

The worm also spreads trough network shares.
After the 10.09.2003 it stops spreading

Removal instructions:

The BitDefender Virus Analyse Team has releasead a free removal tool for this particular virus.

Important: You will have to close all applications before running the tool (including the antivirus shields) and to restart the computer afterwards. Additionally you'll have to manually delete the infected files located in archives and the infected messages from your mail client.

The BitDefender Antisobig-en.exe tool does the following:

it detects all the known Sobig versions;

it deletes the files infected with Sobig;

it kills the process from memory;

it repairs the Windows registry

You may also need to restore the affected files.

To prevent the virus from replicating itself from infected machines to clean machines, you should try to disinfect all computers in the network before rebooting any of them, or unplug the network cables.

tags the following windirwinppr32 exe exe sinc with value value windirwinppr32 thank you attached file pif document for details details pif file for the worm the infected

Win32.Sobig.F@mm Removal Tool 1.0 screenshot

Download Win32.Sobig.F@mm Removal Tool 1.0

Download Win32.Sobig.F@mm Removal Tool 1.0

Authors software

BitDefender for Mail Servers Virus Definitions -
SoftWin

BitDefender Virus Definitions March 21, 2007
SOFTWIN

Win32.Sobig.F@mm Removal Tool 1.0
SOFTWIN

Name: Win32.

BitDefender Free Edition 8.0
SoftWin

Makes it possible for you to get closer to the tricky world of data security Have you ever been looking for your own, tailored antivirus? Have you thought you can have it for free? The seventh generation of BitDefender allows you to customize your product, so you can make it yours.

MiMail worm free removal tool
SoftWin

A NEW variant of the MiMail worm family, version C, is proliferating across the world, according to security firm iDefense.

Similar software

Win32.Sobig.F@mm Removal Tool 1.0
SOFTWIN

Name: Win32.

NotSoBig 1.1
Fresh Software

NotSoBig will log into your POP3 account, scan for all varients of the SoBig virus, and delete them off the server.

HS SoBigRemover 1.2
Yenicag Bilisim Ltd

This software can be used to detect large number of SoBig viruses in an email account and delete them remotely without needing to download any of them to your machine.

Excel Bulk Mailer 3.00
Martin Groesbeek

Excel Bulk Mailer is an excel based 'Mass Mailer'.

Win32.Bagle.AJ@mm Free Removal tool 1.0
Bitdefender

Free removal tool for Win32.

Vallen e-Mailer R2006.0411
Vallen-Systeme GmbH

Vallen e-Mailer is an e-mail client that will help you to deliver newsletters.

avast! Virus Cleaner 1.0.211
ALWIL Software

avast! Virus Cleaner is a free tool that will help you remove selected virus & worm infections from your computer.

Multi Virus Cleaner 2007 7.6.0
AxBx Corporation

Multi Virus Cleaner is a small freeware utility to remove from you computer the most important viruses, worms and other malware such as: MyDoom, Bagle, Sasser, Zafi, Netsky, Klez, Sobig, Welchia and Blaster.

Win32.Mydoom.V@mm Free Removal tool 1.0
Softwin

Symptoms: Presence of files Documents and SettingsAdministratorStart MenuProgramsStartuprx32hh00.

Email Subscriber Pro 2.504
Getfreefile

Email Subscriber Pro is intended for organizing subscription to mailing lists on websites.

Other software in this category

CleanCIH 1.6
Proland

Clean your PC from the Win95.

Klez Removal Tool 1.0.11
Symantec Corporation

W32.

WinImp 1.21
Technelysium

WinImp is a new file archiver which not only recognises common archive formats, but also introduces a new, high performance archive format.

Softpit PC Search Light 1.3
Goldmarc Technology AS

The softpit PC search light is a useful utility for people who need to find critical information fast and precisely on their own computer.

freewareApp

Win32.Sobig.F@mm Removal Tool 1.0

Download Win32.Sobig.F@mm Removal Tool 1.0

Authors software

Similar software

Other software in this category

Search

Featured Software

Latest software

Top tags

Our network