Win32:Sobig

is a network worm which sends itself to all email addresses, which it finds in the txt, eml, html, htm, dbx and wab files. It uses on of the following subjects:
Re: Movies
Re: Sample
Re: Document
Re: Here is that sample

... and one the following attachment names:
Movie_0074.mpeg.pif
Document003.pif
Untitled1.pif
Sample.pif

When executed, it stores itself in the Windows folder under the name winmgm32.exe and creates the following registry key to be executed on every Windows start up:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ WindowsMGM

Then it tries to copy itself into the following folders on the all accessible shared remote disks:
Windows\All Users\Start Menu\Programs\StartUp
Documents and Settings\All Users\Start Menu\Programs\Startup

It also tries to contact one site on the Geocities server and to get the address from which it then tries to download and execute one Trojan Horse.

Removal:
To remove this virus please use our free avast! Virus Cleaner.

Any avast! with VPS file dated on or after 10th January 2003 is able to detect this worm.

Viren
Im Umlauf befindliche Viren Windows Viren Ältere Windows Viren 2002 Ältere Windows Viren 2001 Ältere Windows Viren 2000 Script-Viren Macro-Viren Virus Report Ergebnis des Viren Reports Eicar Test-Datei VPS-History
Mitglieder-Service
VPS (iAVS) Mitglieder-Service
avast! Virus-Cleaner
Home pageWeb site mapPrint this pagePrivacy policy
Copyright © 1988 - 2008 ALWIL Software a.s.
Home page
Viruses  windows viruses  Win32:Sobig