|
VIRUS COMPANY iDefense said that the SoBig virus has started to proliferate again.
The virus installs a copy of itself in the Windows directory as a firm called winppr32.exe, and then the registry is changed so that the worm executes at startup. The file size, said iDefense, varies in order to attempt to thwart anti-viral software, and typically comes as an attachment with email subject headings such as Re: Details, Re: Approved, Re: Re: My details, Re: That movie, Re: Thank you!, Re: Your application, Re: Wicked screensaver, Thank you!, Your details Source: http://www.theinquirer.net/?article=11115 |
|
Yup.. i was just looking at this, it also drops WINSTT32.dat in the winnt folder. it's a configuration file along with the following registry keys to hook up the system.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "TrayX" = C:\WINNT\WINPPR32.EXE /sinc HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run "TrayX" = C:\WINNT\WINPPR32.EXE /sinc http://vil.nai.com/vil/content/v_100561.htm the latest stinger that was posted today should have the remedy for it ;) you could get this from the link below. http://vil.nai.com/vil/stinger/ |
Yep, just got one of those today. As usual, NAV caught it and "de-rezzed" it. (Apologies to Tron!) Amazing that people still open attachments from total strangers. How many times do you have to pound it into these idiots heads?
Ranting finished! Thank You. |
I will take care ;)
Thanks for these precious informations :lol: |
1 Attachment(s)
Just in case, here's the removal tool,
And I hope it's not needed. or, http://securityresponse.symantec.com...r/FixSbigF.exe |
thx alot User
|
| All times are GMT +1. The time now is 10:13 AM. |
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.