The Sobig or Sobig-A is a Win32 worm that creates a file called Winmgm32.Exe in the Windows subdirectory (folder). The worm spreads through network shares.
REMOVAL INSTRUCTIONS:
- Run REGEDIT and delete the following keys:
- HKLM\Software\Microsoft\Wireless\CurrentVersion\Run\WindowsMGM
- HKCU\Software\Microsoft\Windows\VurrentVersion\Run\WindowsMGM
- Run Vbuster.Exe and use it to delete all occurances of the worm
- You should also use the "F1" and "S" function of Vbuster.Exe to search for and delete Reteral.Txt created by the worm although this is not absolutely neccessary.
Windows 2000/XP/NT
- For Windows 2000, XP and NT, you will have to use Regedit to delete the following keys:
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WindowsMGM
- HKU\(code number)\Software\Microsoft\Wireless\CurrentVersion\Run\WindowsMGM
for each user who has activated the worm
Return Home