Return To Home Page Search Fire Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info Prognet Privacy Statement

Click here to view product details, fire framework, screen shots, Y2K statement, etc.Download fire evaluation copy, updates, upgrades, user manual, free utils and lot more.Customers can enjoy technical support, security tips, FAQ, free virus alert mail, etc. Online ordering, renewal form and upgrade details.Resellers, dealers and distributors can enter here.Click here to view latest virus alerts, virus information center, virus calendar, etc.Latest news and other press releases.About Prognet Technologies Pvt. Ltd, technical team, clients, events and lot more.

 

Sobig Worm

Information about Sobig Worm:

                     I-Worm/Sobig spreads via e-mail in Windows platform. It collects e-mail addresses stored in DBX, HTML, DBX, EML, HML, TXT and WAB files to send infected messages. The infected e-mail attachment will be Movie_0074.mpeg.pif, Untitled1.pif, Sample.pif or Document003.pif. The message body will be Attached file:

Subject of the infected mail will be one of the following

Re: Document
Re: here is that sample
Re: Movies
Re: Sample

                     When the infected attachment is executed, the worm copies itself to Windows folder as "Winmgm32.exe". The worm also creates new keys in the registry Run section to load automatically. The registry modification is given below.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
WindowsMGM=C:\%WINDOWS%\Winmgm32.exe

                     I-Worm/Sobig tries to download a backdoor program. It also tries to copy shared network drives of the remote machine startup folders. So the infected files will be executed automatically on the next startup.

Documents and Settings\All Users\Start Menu\Programs\Startup
\Windows\All Users\Start Menu\Programs\StartUp

                     Sobig uses its own SMTP to mail infected messages.Sobig does not contain any destructive payload. This worm is also known as W32/Sobig-A, W32.Sobig.A@mm, WORM_SOBIG.A.

Removing Sobig worm from your computer:

                     Fire has incorporated Sobig worm in signature file to protect Fire users from this worm attack. Fire anti-virus users can update this signature file by using online update facility. It is available with the registered version of Fire anti-virus Kit.

                     A free download of FireLite [ 1100 KB ] version is also available to detect Sobig Worm. Fire anti-virus kit removes Sobig worm without problems. If you find this worm, use registered version of Fire to remove. To get the registered version of Fire call us at 044-28170440 or mail to service@fireav.com or purchase Fire online using

[Analysis: Mr.Ramesh, Prognet Technologies Pvt. Ltd, Jan. 2003]

Go to top of the page
.