What do you want to download today?
 | Win32.Sobig.F@mm Removal Tool 1.0 Review |
Tweet
 |
Softango review
Win32.Sobig.F@mm Virus Removal Tool for FREE
Is your system infected by a SoBig Virus? One of the common types of SoBig viruses that attack a system is Win32.Sobig.F. Getting to know about the Win32.Sobig.F will help you to detect it easily. The following summary will help you understand about the Win32.Sobig.F virus.
Name: Win32.Sobig.F@mm
Aliases: W32/Sobig.F@mm
Type: Executable Mass Mailer
Size: ~70 KB
Discovered: 19.08.2000
Spreading: High
Damage: Low
In The Wild: Yes
Symptoms:
Registry keys:
HKLMSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
HKCUSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
Following files in the %WINDIR% folder:
Winstt32.dat
Winppr32.exe
Winstf32.dll
Technical Description
It arrives in e-mail in the following format:
Subject:
Randomly chosen from the following list:
"Re: Wicked screensaver"
"Re: That movie"
"Re: Your application"
"Re: Approved"
"Re: Re: My details"
"Re: Details"
"Your details&quo
Body:
Please see the attached file for details.
Or
See the attached file for details
Attachment:
Randomly chosen from the following list:
"movie0045.pif"
"wicked_scr.scr"
"application.pif"
"document_9446.pif"
"details.pif"
"your_details.pif"
"thank_you.pif"
"document_all.pif"
"your_document.pif "
After the user opens the attachment, the worm copies in the following location:
%WINDIR%winppr32.exe and adds the following registry keys:
HKLMSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
HKCUSoftwareMicrosoftWindowsRunCurrentVersionTrayX with value:
%WINDIR%winppr32.exe /sinc
It searches for e-mails in the following file types:
html, wab, mht, hlp, txt, eml, htm, dbx
The worm also spreads trough network shares.
After the 10.09.2003 it stops spreading.
How to Remove Win32.Sobig.F from your System?
One of the best ways to get rid of the Win32.Sobig.F is to make use of the Win32.Sobig.F@mm FREE Removal Tool. The tool has been released by BitDefender Virus Analyze Team. As the name implies, Win32.Sobig.F is absolutely free and can be used to detect and eliminate all versions of SoBig viruses from your system. The software tool kills all the Sobig virus processes and repairs your Windows Registry completely.
Instructions to Remove Win32.Sobig.F Virus
It is important to close all the applications completely before you run the Win32.Sobig.F Removal tool. Once you run the tool and finish with the virus detection and elimination process, you have to restart the computer in order to get rid of the virus threat completely. Also, make sure to delete all the archived infect files and messages in your mail client manually. Restore all the affected files once you are done with the virus removal process.
In order to prevent the virus infection from spreading to other systems, you got to disinfect all the computers in the network before rebooting any of the systems.