Tell me something.....are all men curious or is it just my boss!
At least once a month he opens an e-mail with an attachment that has a virus! He has me send a memo monthly to all employees not to open e-mails with attachments and then he always goes and does it!
I had updated our anti virus software yesterday but he still got the virus today. It's called worm_sobig.a
From what I can see, it didn't do too much damage to his computer. It was just really slow for him today but I figured I'd warn you guys that it's out there!
--------------------------------------------------------------------------------
Virus type: Worm
Destructive: No
Aliases: SOBIG, W32/Sobig@MM, W32/Sobig.A@mm
Pattern file needed: 436 (I was good up until 433)
Scan engine needed: 5.200
Overall risk rating: Medium
--------------------------------------------------------------------------------
Reported infections: Medium
Damage Potential: High
Distribution Potential: High
--------------------------------------------------------------------------------
Description:
This memory-resident, multi-threaded worm propagates via email and shared network folders.
It sends copies of itself via email using its own Simple Mail Transfer Protocol or SMTP engine and obtains its target recipients from addresses found in files with the following extensions:
WAB
DBX
HTM
HTML
EML
TXT
The details of the email that it sends are as follows:
Sender: big@boss.com
Subject: <could be any of the following>
Re: Movies
Re: Sample
Re: Document
Re: Here is that sample
Attachment: <could be any of the following>
Movie_0074.mpeg.pif
Document003.pif
Untitled1.pif
Sample.pif
This worm also downloads files from remote Web sites.
Solution:
Terminating the Malware Program
This procedure terminates the running malware process from memory.
Open Windows Task Manager.
On Windows 9x/ME systems, press
CTRL+ALT+DELETE
On Windows NT/2000/XP systems, press
CTRL+SHIFT+ESC, and click the 1 Processes tab.
In the list of running programs*, locate the process:
WINMGM32
Select the malware process, then press either the End Task or the End Process button, depending on the version of Windows on your system.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing during startup.
Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry or entries:
WindowsMGM
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry or entries:
WindowsMGM
Close Registry Editor
NOTE: If you were not able to terminate the malware process from memory as described in the previous procedure, restart your system.
Running Trend Micro Antivirus
Scan your system with Trend Micro antivirus and delete all files detected as WORM_SOBIG.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner.
Deleting Malware Files
On Windows 9x/NT
Click Start>Find>Files and Folders.
In the Named input box, type:
DWN.DAT;SNTMLS.DAT
In the Look In drop-down list, select the drive which contains Windows, then press Enter.
On Windows 2000/ME/XP
Click Start>Search>For Files and Folders.
In the Search for files and folders named input box, type:
DWN.DAT;SNTMLS.DAT
In the Look In drop-down list, select the drive which contains Windows, then press Enter.
Once the files are found right-click each file then select DELETE. Click YES when prompted.
Additional Windows ME/XP Cleaning Instructions
Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network or home PC.
For additional information about this threat, see Technical Details.
At least once a month he opens an e-mail with an attachment that has a virus! He has me send a memo monthly to all employees not to open e-mails with attachments and then he always goes and does it!
I had updated our anti virus software yesterday but he still got the virus today. It's called worm_sobig.a
From what I can see, it didn't do too much damage to his computer. It was just really slow for him today but I figured I'd warn you guys that it's out there!
--------------------------------------------------------------------------------
Virus type: Worm
Destructive: No
Aliases: SOBIG, W32/Sobig@MM, W32/Sobig.A@mm
Pattern file needed: 436 (I was good up until 433)
Scan engine needed: 5.200
Overall risk rating: Medium
--------------------------------------------------------------------------------
Reported infections: Medium
Damage Potential: High
Distribution Potential: High
--------------------------------------------------------------------------------
Description:
This memory-resident, multi-threaded worm propagates via email and shared network folders.
It sends copies of itself via email using its own Simple Mail Transfer Protocol or SMTP engine and obtains its target recipients from addresses found in files with the following extensions:
WAB
DBX
HTM
HTML
EML
TXT
The details of the email that it sends are as follows:
Sender: big@boss.com
Subject: <could be any of the following>
Re: Movies
Re: Sample
Re: Document
Re: Here is that sample
Attachment: <could be any of the following>
Movie_0074.mpeg.pif
Document003.pif
Untitled1.pif
Sample.pif
This worm also downloads files from remote Web sites.
Solution:
Terminating the Malware Program
This procedure terminates the running malware process from memory.
Open Windows Task Manager.
On Windows 9x/ME systems, press
CTRL+ALT+DELETE
On Windows NT/2000/XP systems, press
CTRL+SHIFT+ESC, and click the 1 Processes tab.
In the list of running programs*, locate the process:
WINMGM32
Select the malware process, then press either the End Task or the End Process button, depending on the version of Windows on your system.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing during startup.
Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry or entries:
WindowsMGM
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry or entries:
WindowsMGM
Close Registry Editor
NOTE: If you were not able to terminate the malware process from memory as described in the previous procedure, restart your system.
Running Trend Micro Antivirus
Scan your system with Trend Micro antivirus and delete all files detected as WORM_SOBIG.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner.
Deleting Malware Files
On Windows 9x/NT
Click Start>Find>Files and Folders.
In the Named input box, type:
DWN.DAT;SNTMLS.DAT
In the Look In drop-down list, select the drive which contains Windows, then press Enter.
On Windows 2000/ME/XP
Click Start>Search>For Files and Folders.
In the Search for files and folders named input box, type:
DWN.DAT;SNTMLS.DAT
In the Look In drop-down list, select the drive which contains Windows, then press Enter.
Once the files are found right-click each file then select DELETE. Click YES when prompted.
Additional Windows ME/XP Cleaning Instructions
Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network or home PC.
For additional information about this threat, see Technical Details.
Please take NEW Pres Election Survey
http://investorshub.advfn.com/boards/board_surveymenu.asp?board_id=13242 
Join the InvestorsHub Community
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
