SOBIG-F WORM

The Sobig-F Worm is a variant of the Sobig. Sobig-F spreads via email.
The Subject contains the text: Re: Thank you Thank you! Your details, Re:Details, Re: Re: My Details, Re: Approved, Re: Your application, Re: Wicked screensaver, Re: That Movie

Body text contains the text:
See the attached file for details
Please see the attached file for details

The Attachment Name contains the text:
your_document.pif, document_all.pif, thank_you.pif, your_details.pif, details.pif, document_9446.pif, application.pif, wicked_scr.scr, movie0045.pif


REMOVAL INSTRUCTIONS:

• Run REGEDIT and delete the following keys:
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value Name ="TrayX"  Value ="%windir%\winppr32.exe/sinc"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value Name ="TrayX"   Value ="%windir%\winppr32.exe/sinc"
• Run Vbuster.Exe and use it to delete all occurances of the worm
• You should also use the "F1" and "S" function of Vbuster.Exe to search for and delete "winppr32.exe" created by the worm

Return Home