|
Tech Support Have a problem? Maybe we can help! |
|
Thread Tools | Search this Thread | Display Modes |
#1
|
||
|
W32.Sobig.E@mm Virus if you need help
if you need help to remove it here a tool to do it with and information on it:
"W32.Sobig.E@mm removal tool click-here" General Info on it: From: support @ yahoo.com (NOTE: W32.Sobig.E@mm spoofs this field. It could be any address.) Subject: The subject line will be one of the following: Re: Application Re: Movie Re: Movies Re: Submitted Re: ScRe:ensaver Re: Documents Re: Re: Application ref 003644 Re: Re: Document Your application Application.pif Applications.pif movie.pif Screensaver.scr submited.pif new document.pif Re: document.pif 004448554.pif Referer.pif Attachment: The attachment name will be one of the following: Your_details.zip (contains Details.pif) Application.zip (contains Application.pif) Document.zip (contains Document.pif) Screensaver.zip (contains Sky.world.scr) Movie.zip (contains Movie.pif) NOTE: The worm de-activates on July 14, 2003, and therefore, the last day on which the worm will spread is July 13, 2003. Reason for this i got a E-Mail to day with it in it Norton Antivirus stop it dead use the tool to double check it that its been stop anyway playing it safe did not find it at all. save me a big time headack the tool ran for 2-4min then reported all clear did not find it at all in my system this is what it can do: When W32.Sobig.E@mm is executed, it performs the following actions: Copies itself as %Windir%\winssk32.exe. NOTE: %Windir% is a variable. The worm locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location. Creates the file, %Windir%\msrrf.dat. Adds the value: "SSK Service"="%Windir%\winssk32.exe" to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run so that W32.Sobig.E@mm runs when you start Windows. If the operating system is Windows NT/2000/XP, then the worm will also add the value: "SSK Service"="%Windir%\winssk32.exe" to the registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run Counts the Network Resources and copies itself across the network to the following folders: Windows\All Users\Start Menu\Programs\StartUp Documents and Settings\All Users\Start Menu\Programs\Startup Sobig.E can download arbitrary files to infected computers and execute them. The author of the worm has used this functionality to steal confidential system information and to set up spam relay servers on infected computers. This functionality may also be used as a worm self-update feature. Under the correct conditions, Sobig.E attempts to contact one of the list of master servers, which the author of the worm controls. Then, the worm retrieves a URL that it uses to determine where to get the Trojan file, downloads the Trojan file to the local computer, and then executes it. more info: http://securityresponse.symantec.com...obig.e@mm.html
__________________
* altnews sources [getmo & others news] not found main FNN: realrawnews.com *Discord: Unknown77#7121 Playing now days: EA Games> swtor [star wars old republic] Last edited by Hellfighter; 07-05-2003 at 11:34 PM. |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
mm | atholon | Humor & Jokes | 1 | 12-27-2008 07:53 AM |
MM live | skinny killer | General Chat | 0 | 03-08-2008 01:01 PM |
Ravage MM re: banner | Steve | Sigs and Graphics | 12 | 10-16-2003 03:11 PM |
"W32.SoBig.F.@mm.ecn" to stop it. | Hellfighter | Tech Support | 1 | 09-10-2003 09:16 PM |
Virus - W32/Yaha.g@MM | Steve | News | 5 | 07-01-2002 09:37 AM |