I-Worm.Sobig.a, W32/[email protected]
, Win32.HLLM.Reteras, W32/Sobig-A, Win32/[email protected]
WORM_SOBIG.A, Worm/Sobig.A, W32/[email protected]
, Win32:Sobig, I-Worm/Sobig.A,
Category: Computer Worm
Asia, North and South America, and some parts of Europe and Australia
17 Jan 2003
When a file is identified as infected w/ [email protected]
, it shows that it’s an MIME encoded file with the [email protected]
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
Some reports say that the [email protected]
may contaminate a computer when the user checks an infected email attachments or email from “[email protected]
”. These email attachments usually comprise files such as document003.pif, movie_0074.mpeg.pif, untitled 1.pif and sample.pif, thank_you.pif, application.pif, wicked_scr.scr, and your_document.pif. While setting up, this worm can make a duplicate of itself in the directory of Windows under the “winmgm32.exe” filename. Then, it will register this file in the automatic run key of the system registry. The worm virus then makes a “WindowsMGM” registry key so that it is opened each time the Windows is started. It is achievable that the W32.Sobig.A_mm program can multiply vial local network and vial emails. This worm uses the SMTP server to send contaminated messages.
Normally, worms are made only to spread. However, there are reports that this worm sets up and downloads a Trojan backdoor. You can do this by downloading a text file that has a link to the “PE file”. It then gets the file under the “dwn.dat” file in the directory of Windows and opens it. It is thought that the function of this worm makes additional troubles for the user. Since backdoor Trojans could open the contaminated computer to external and remote control through the Local Area Network or Internet. The computer could then be controlled to make actions not authorized and wanted by the user.