Home>Tips
& Articles>Remove
Worms & Virus>
Remove Worm.Sobig.B
About Sobig.B
The Sobig.B worm (also known as Palyh worm) spreads
via email and network shares. The worm turns an infected computer into
a server for outgoing email messages using its own SMTP engine. The
sender’s addresses are spoofed, and the target addresses are gathered
from files with the following extensions on the infected computer:
.DBX, .EML, .HTM, .HTML, .TXT, .WAB
Remove this worm virus using McAfee Virus Scan 2004!
The Sobig.B worm arrives in email with a variety of subject lines,
including:
"Approved (Ref: 38446-263)", "Cool
screensaver", "Re: Approved (Ref: 3394-65467)",
"Re: Movie" , "Re: My application",
"Re: My details", "Screensaver",
"Your details","Your password"
The sender of the message is: support@microsoft.com
The attachment is one of the following:
application.pif
approved.pif
doc_details.pif
movie28.pif
password.pif
ref-394755.pif
screen_doc.pif
screen_temp.pif
your_details.pif
The worm also attempts to copy itself to the following folders on all
the open network shares:
\Windows\All Users\Start Menu\Programs\StartUp
Documents and Settings\All Users\Start Menu\Programs\Startup
How to Remove Sobig.B?
Follow these steps in removing the SoBig.B worm.
1) Disconnect from the Internet or any network you are connected to,
you may also want to disable System Restore on Windows XP or Windows
ME before continuing
2) Terminate the running program
Open the Windows Task Manager by either pressing CTRL+ALT+DEL on Win9x
machines or CTL+Shift+Tab and clicking on the Processes tab on WinNT/2000/XP
machines.
Locate the following program, click on it and End Task or End Process
System Tray or MSCCN32.EXE
3) Remove the Registry entries
Click on Start, Run, Regedit
In the left panel go to
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>Current
Version>Run
In the right panel, right-click and delete the following entry:
SYSTEM TRAY
Then go to
HKEY_CURRENT_USER>Software>Microsoft>Windows>Current
Version>Run
delete the following entry:
SYSTEM TRAY
4 ) Search the following files in your computer and delete them:
hnks.ini
msdbrr.ini
msccn32.exe
5) Reboot the computer and run a thorough virus scan using your antivirus
program.
Remove other worms & virus:
