SoBig.E Worm Virus Information and Removal Help

What is SoBig.E Worm and How Did I Get It?
The SoBig worm spreads through email attachments and shared network folders. It sends copies of itself via is own SMTP engine and obtains the recipient addresses from information found in files with the following extensions:
  • .wab
  • .dbx
  • .htm
  • .html
  • .eml
  • .txt

The details of the email are

Sender: support@yahoo.com
<username@domain.com>
<obtained email address>

When constructing the email, the worm spoofs the From field using support@yahoo.com or an email address that it has obtained from the system, or the user name and the domain of the currently logged on user.

The subject can be:

  • referer.pif
  • 004448554.pif
  • re.document.pif
  • new_document.pif
  • submited.pif
  • Screensaver.scr
  • movie.pif
  • Applications.pif
  • Application.pif
  • Your application
  • Re: Re: Document
  • Re: Re: Application ref. 003644
  • Re: Documents
  • Re: Screensaver
  • Re: Submited (Ref: 003746)
  • Re: Movies
  • Re: Movie
  • Re: Application

The message body contains: Please see the attached zip file for details

What makes this virus unique is the fact the attachment is a zip file which is normal not a problem unless it is unzipped. However Windows XP machines have unzipping built into them when you double-click on the attachment. The attachment is one of the following

  • Movie.zip (Movie.pif)
  • screensaver.zip (sky_world.scr)
  • document.zip (document.pif)
  • application.zip (application.pif)
  • Your_details.zip(details.pif)

The worm also attempts to copy itself to the following folders on all the open network shares:

  • \Windows\All Users\Start Menu\Programs\StartUp
  • Documents and Settings\All Users\Start Menu\Programs\Startup

The worm stops spreading via network shares on July 14, 2003.

How to Clean/Delete the SoBig.E worm?

Follow these steps in removing the SoBig.E worm.

1) Terminate the running program

  • Open the Windows Task Manager by either pressing CTRL+ALT+DEL on Win9x machines or CTL+Shift+Tab and clicking on the Processes tab on WinNT/2000/XP machines.
  • Locate the following program, click on it and End Task or End Process

       SFtrb Service or winssk32.exe

  • Close Task Manager

2) Remove the Registry entries

  • Click on Start, Run, Regedit
  • In the left panel go to

HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>Current Version>Run

  • In the right panel, right-click and delete the following entry

SSK Service

Repeat this procedure for the following location

HKEY_CURRENT_USER>Software>Microsoft>Windows>Current Version>Run

  • Close the Registry Editor

3) Delete the infected files

  • Click Start, point to Find or Search, and then click Files or Folders.
  • Make sure that "Look in" is set to (C:) and that "Include subfolders" is checked.
  • In the "Named" or "Search for..." box, type, or copy and paste, the file names:
    msrrf.dat
    winssk32.exe
  • Click Find Now or Search Now.
  • Delete the displayed files.

4) Reboot the computer and run a thorough virus scan using your favorite antivirus program.

for Automatic Removal of the SoBig.E worm, click on the following link

Symantec SoBig.E Automatic Removal Program

Removal of Other SoBig worm viruses

SoBig.A
SoBig.B
SoBig.C
SoBig.D
SoBig.E
SoBig.F

 

space.gif (58 bytes)

 

Search PCHell.com
site search by freefind advanced


 




Tools for Removing Spyware, Adware, and Malware


PC HELL
Other Pages

Spyware/Adware Removal Help

MSBlast.exe Worm Removal

Welchia (Dllhost.exe and SVCHost.exe) Worm Removal

Uninstall McAfee Instructions

Uninstall Norton Instructions

Uninstall Avast Instructions

Uninstall AVG Instructions

Uninstall Antivir Instructions

Uninstall Panda Instructions

How to Manually Run the Microsoft Malicious Software Removal Tool

Bloodhound.Exploit.6 Virus Removal

MyDoom Virus Removal

MiMail.C Virus Removal

Swen Worm Virus Removal

SoBig.F Worm Removal

Dumaru Virus Removal

BugBear.B Worm Removal

SoBig.E Worm Removal

Pop Up Ad Removal Info

KAK Worm Removal

MiMail.A Worm Removal

W95.MTX Virus Removal

Snow White Virus Removal

BadTrans Trojan Removal

Wininit Virus (Bymer Trojan)

Happy99 Worm Removal

VBS Netlog Worm Removal

Pretty Park Worm Removal

Sasser Worm Virus Removal

Backdoor SDBot.H Trojan Removal

VBS.Loveletter Help

Computer Security Information

Back Orifice Information

PC HELL Main Page

 






iPadastic - News, Tutorials, Help, Tips, and Hints for the iPad



Download Hoyle Games
including Casino 3D, Card, Board, and Solitaire games.



Written by Mark Hasting

Recommended Software for PC Hell Visitors
Malwarebytes Anti-Malware
Malwarebytes Anti-Malware
iolo System Mechanic® - Fix, Speed Up Your PC
iolo System Mechanic®
Emsisoft Anti Malware
Emsisoft Anti Malware
space.gif (58 bytes)

Search PCHELL.COM

Return to PC Hell
Return to PC Hell

Google