View Full Version : NEW worm spreading fast - W32/Sobig-F
Marc Liron
December 5th 03, 12:48 PM
In case you are NOT already aware....
There is a new worm that has been spreading fast around
the Internet ALL day.
Called the Sobig Worm... This variant is a new strain and
had been labelled
W32/Sobig-F
It can allow files to be downloaded to your PC and
executed.
PLEASE do not open ANY attachment with an extension ending
in
..PIF or .SCR
There are even examples of this worm hiding inside .ZIP
files too.
For more information read:
http://www.updatexp.com/sobig-worm-f.html
Kind Regards
Marc Liron
www.updatexp.com
~~~~~~~~~~~~~~~~~~~~~~
The home of the talking XP
Newsletter!
~~~~~~~~~~~~~~~~~~~~~~
Robbo
December 5th 03, 12:48 PM
"Marc Liron" > wrote in message
...
>
> In case you are NOT already aware....
>
> There is a new worm that has been spreading fast around
> the Internet ALL day.
>
> Called the Sobig Worm... This variant is a new strain and
> had been labelled
> W32/Sobig-F
>
> It can allow files to be downloaded to your PC and
> executed.
>
> PLEASE do not open ANY attachment with an extension ending
> in
>
> .PIF or .SCR
>
> There are even examples of this worm hiding inside .ZIP
> files too.
>
> For more information read:
>
> http://www.updatexp.com/sobig-worm-f.html
>
>
> Kind Regards
>
> Marc Liron
> www.updatexp.com
> ~~~~~~~~~~~~~~~~~~~~~~
> The home of the talking XP
> Newsletter!
> ~~~~~~~~~~~~~~~~~~~~~~
>
Robbo
December 5th 03, 12:48 PM
Cheers Marc
"Robbo" > wrote in message
...
>
> "Marc Liron" > wrote in message
> ...
> >
> > In case you are NOT already aware....
> >
> > There is a new worm that has been spreading fast around
> > the Internet ALL day.
> >
> > Called the Sobig Worm... This variant is a new strain and
> > had been labelled
> > W32/Sobig-F
> >
> > It can allow files to be downloaded to your PC and
> > executed.
> >
> > PLEASE do not open ANY attachment with an extension ending
> > in
> >
> > .PIF or .SCR
> >
> > There are even examples of this worm hiding inside .ZIP
> > files too.
> >
> > For more information read:
> >
> > http://www.updatexp.com/sobig-worm-f.html
> >
> >
> > Kind Regards
> >
> > Marc Liron
> > www.updatexp.com
> > ~~~~~~~~~~~~~~~~~~~~~~
> > The home of the talking XP
> > Newsletter!
> > ~~~~~~~~~~~~~~~~~~~~~~
> >
>
>
Jim Eshelman
December 5th 03, 12:51 PM
Marc Liron wrote:
> There is a new worm that has been spreading fast around
> the Internet ALL day.
> Called the Sobig Worm... This variant is a new strain and
> had been labelled W32/Sobig-F
Update your virus checker and apply. If that isn't yet sufficient (depending
on what checker you use), here is a protocol for identifying, disabling, and
removing it:
IDENTIFY IT:
Search for DLLHOST.EXE. (It's on C:.) If it's about 5-6 KB in size, all is
well. If it's about 10,240 KB in size, it's the virus.
DISABLING IT:
From a command prompt, run these two commands:
NET STOP "Network Connections Sharing"
NET STOP "WINS Client"
(Each should confirm.)
REMOVING IT:
Reboot to terminate the service. Find this Registry key:
HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSetServices>
In the left panel, delete the subkeys:
RpcPatch
RpcTftpd
--
Jim Eshelman
MS-MVP, Windows Shell/User
http://aumha.org/
http://WinSupportCenter.com/
vBulletin® v3.6.4, Copyright ©2000-2012, Jelsoft Enterprises Ltd.