Win32:Sobig

is a network worm which sends itself to all email addresses, which it finds in the txt, eml, html, htm, dbx and wab files. It uses on of the following subjects:
Re: Movies
Re: Sample
Re: Document
Re: Here is that sample

... and one the following attachment names:
Movie_0074.mpeg.pif
Document003.pif
Untitled1.pif
Sample.pif

When executed, it stores itself in the Windows folder under the name winmgm32.exe and creates the following registry key to be executed on every Windows start up:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ WindowsMGM

Then it tries to copy itself into the following folders on the all accessible shared remote disks:
Windows\All Users\Start Menu\Programs\StartUp
Documents and Settings\All Users\Start Menu\Programs\Startup

It also tries to contact one site on the Geocities server and to get the address from which it then tries to download and execute one Trojan Horse.

Removal:
To remove this virus please use our free avast! Virus Cleaner.

Any avast! with VPS file dated on or after 10th January 2003 is able to detect this worm.

Technology/OEM Products

avast! AV engine for OEMs

OEM Partners

Shop Online



cialis generic india | discount viagra | generic viagra | buy cialis | viagra canada no prescription | cial | real viagra online | viagra uk | order viagra online | viagra price | cialis professional online | viagra for sale | viagra no prescription