W32/Sobig.F@mm
| W32/Sobig.F@mm |
Destructivity:  Spreading: Overall risk: 
|
| • Detected by virus detection files published: 8/19/2003 | • Type: Worm |
| • Virus characteristics first published: 8/19/2003 | • Spreading mechanism: Email |
| • Virus characteristics latest update: 6/18/2004 | • Overall risk: High |
| • Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista |
| Virus type |
Spreading mechanism |
Destructivity and payload |
Additional descriptions |
Detection and removal |
||||||||||
Email characteristics:
Possible subject lines: Re: Thank you! Thank you! Your details Re: Details Re: Re: My details Re: Approved Re: Your application Re: Wicked screensaver Re: That movie Possible body text: See the attached file for details Please see the attached file for details. Possible attachment names: your_document.pif document_all.pif thank_you.pif your_details.pif details.pif document_9446.pif application.pif wicked_scr.scr movie0045.pif When run, it will copy itself to the Windows directory under the name winppr32.exe. It creates the registry keys HKLM\Software\Microsoft\Windows\CurrentVersion\Run "TrayX"="[WINDIR]\winppr32.exe /sinc". HKCU\Software\Microsoft\Windows\CurrentVersion\Run "TrayX"="[WINDIR]\winppr32.exe /sinc". This enables it to run from startup. |
||||||||||||||