Tell me something.....are all men curious or is it just my boss! At least once a month he opens an e-mail with an attachment that has a virus! He has me send a memo monthly to all employees not to open e-mails with attachments and then he always goes and does it! I had updated our anti virus software yesterday but he still got the virus today. It's called worm_sobig.a From what I can see, it didn't do too much damage to his computer. It was just really slow for him today but I figured I'd warn you guys that it's out there! --------------------------------------------------------------------------------
Virus type: Worm
Destructive: No
Aliases: SOBIG, W32/Sobig@MM, W32/Sobig.A@mm
Pattern file needed: 436 (I was good up until 433)
This memory-resident, multi-threaded worm propagates via email and shared network folders.
It sends copies of itself via email using its own Simple Mail Transfer Protocol or SMTP engine and obtains its target recipients from addresses found in files with the following extensions:
WAB DBX HTM HTML EML TXT The details of the email that it sends are as follows:
Sender: big@boss.com Subject: <could be any of the following> Re: Movies Re: Sample Re: Document Re: Here is that sample Attachment: <could be any of the following> Movie_0074.mpeg.pif Document003.pif Untitled1.pif Sample.pif
This worm also downloads files from remote Web sites.
Solution:
Terminating the Malware Program
This procedure terminates the running malware process from memory.
Open Windows Task Manager. On Windows 9x/ME systems, press CTRL+ALT+DELETE On Windows NT/2000/XP systems, press CTRL+SHIFT+ESC, and click the 1 Processes tab. In the list of running programs*, locate the process: WINMGM32 Select the malware process, then press either the End Task or the End Process button, depending on the version of Windows on your system. To check if the malware process has been terminated, close Task Manager, and then open it again. Close Task Manager. Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing during startup.
Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter. In the left panel, double-click the following: HKEY_LOCAL_MACHINE>Software>Microsoft> Windows>CurrentVersion>Run In the right panel, locate and delete the entry or entries: WindowsMGM In the left panel, double-click the following: HKEY_CURRENT_USER>Software>Microsoft> Windows>CurrentVersion>Run In the right panel, locate and delete the entry or entries: WindowsMGM Close Registry Editor NOTE: If you were not able to terminate the malware process from memory as described in the previous procedure, restart your system. Running Trend Micro Antivirus
Scan your system with Trend Micro antivirus and delete all files detected as WORM_SOBIG.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner.
Deleting Malware Files
On Windows 9x/NT
Click Start>Find>Files and Folders. In the Named input box, type: DWN.DAT;SNTMLS.DAT In the Look In drop-down list, select the drive which contains Windows, then press Enter. On Windows 2000/ME/XP
Click Start>Search>For Files and Folders. In the Search for files and folders named input box, type: DWN.DAT;SNTMLS.DAT In the Look In drop-down list, select the drive which contains Windows, then press Enter. Once the files are found right-click each file then select DELETE. Click YES when prompted.
Additional Windows ME/XP Cleaning Instructions
Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network or home PC.
For additional information about this threat, see Technical Details.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.