dll, dll files, missing dll, download, download msvcp60, download ws2_32, pncrt
WORM SOBIG.F
There are several variants of the Sobig Worm / Virus, the most prevalent of which is Sobig.F.  Once the worm infects a computer, it searches for email addresses and then sends itself to all the email addresses it finds.  The "From:" address is usually replaced with an address extracted from the victim machine, therefore the perceived sender is most likely not a pointer to the infected user.

Common "Subject:" fields include:

  • Re: Details
  • Re: Approved
  • Re: Re: My details
  • Re: Thank you!
  • Re: That movie
  • Re: Wicked screensaver
  • Re: Your application
  • Thank you!
  • Your details
  • Use this patch immediately
  • Re: Wicked screensaver

The message is usually along the lines:

  • See the attached file for details
  • Please see the attached for details

Sobig.F can download arbitrary files to an infected computer and execute them. The author of the worm has used this functionality to steal confidential system information and to set up spam relay servers to porn sites on infected computers.

The worm includes a worm self-update feature which allows it to contact one of the list of master servers, which the author of the worm controls. Then, the worm retrieves a URL that it uses to determine where to get the Trojan file, downloads the Trojan file to the infected computer, and then executes it.

The Sobig.F virus will also disable most antivirus software as well as not allow the infected PC to download new / updated programs.  The known list of programs that the Sobig.F can disable is as follows:

PCCIOMON, PCCMAIN, POP3TRAP, WEBTRAP, AVCONSOL, AVSYNMGR, VSHWIN32, VSSTAT, NAVAPW32, NAVW32, NMAIN, LUALL, LUCOMSERVER, IAMAPP, ATRACK, NISSERV, RESCUE32, SYMPROXYSVC, NISUM, NAVAPSVC, NAVLU32, NAVRUNR, NAVWNT, PVIEW95, F-STOPW, F-PROT95, PCCWIN98, IOMON98, FP-WIN, NVC95, NORTON, MCAFEE, ANTIVIR, WEBSCANX, SAFEWEB, ICMON, CFINET, CFINET32, AVP.EXE, LOCKDOWN2000, AVP32, ZONEALARM.

 

Symptoms of Sobig.F infection:
  • Existence of the WINPPR32.EXE file in Windows directory
  • Existence of WinPPR32.exe as a running process (in the Task Manager when you hit Ctrl+Alt+Del)
  • Unexpected NTP traffic to remote servers which slows down Internet connection

 

The Sobig.F worm / virus is also known as:

W32/Sobig.f@MM, WORM SOBIG.F, W32/Sobig-F, Win32.Sobig.F, I-Worm.Sobig.f, Worm_Sobig.f, W32.Sobig.F@mm, Sobig.F Virus

 

The Sobig.F Remover will detect and remove the Sobig.F worm / virus from any infected PC.  The Sobig.F Remover comes with technical support from PC S.O.S. Experts and a 100% money back guarantee.  Download the Sobig.F Remover here.

>>> Back to Antivirus Main Page

 

BREAKDOWN S.O.S. HOTLINE

Tel.: + 44 (0)207 720 8550 ; + 44 (0)7961 980 184 ; + 44 (0)7888 638 033

PC S.O.S.
Copyright © 1995 - 2012. All rights reserved.