Antivirus Software
  1. Home
  2. Computing & Technology
  3. Antivirus Software
See More About:
SoBig.F Removal
 Related Resources
• Mass Spread of SoBig
• SoBig.F Description
• Virus Encyclopedia
• Glossary of terms
 
 Elsewhere on the Web
• Evolution of the Worm
• F-Secure Description
 

SoBig.F installs drops the file winppr32.exe to the Windows directory and adds the following keys to Windows Registry: 

 [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "TrayX" = %windir%\winppr32.exe /sinc


 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "TrayX" = %windir%\winppr32.exe /sinc

Antivirus vendors are providing free utilities designed to effectively remove the worm from memory, reverse the registry edits, and delete any infected files.

F-Secure provides a special tool to disinfect the Sobig.F worm. The tool and disinfection instructions are available on their ftp site:

ftp://ftp.f-secure.com/anti-virus/tools/f-sobig.zip

ftp://ftp.f-secure.com/anti-virus/tools/f-sobig.txt

ftp://ftp.f-secure.com/anti-virus/tools/f-sobig.exe

The McAfee Avert Stinger has also been updated to remove this latest variant of Sobig in addition to several other common threats.

These tools are designed for the purpose of removing very specific infections. They are not general purpose antivirus software and will not prevent infection.

First page > Mass Spread of SoBig.F > Page 1, 2, 3

Subscribe to the Newsletter
Name
 Email

Explore Antivirus Software
About.com Special Features
Family Tech Center

Stay connected and entertained with reviews on tips on the latest HDTVs, cellphones and more. More >

Connect Your Home Computers

Easy ways to connect two computers for networking purposes. More >

Antivirus Software
  1. Home
  2. Computing & Technology
  3. Antivirus Software

©2009 About.com, a part of The New York Times Company.

All rights reserved.