Category: Computers > Internet
Asked by: nan1dayx-ga
List Price: $5.00
31 Aug 2003 08:31 PDT
Expires: 30 Sep 2003 08:31 PDT
Question ID: 250755
I have been unable to run the sobig removal tool on my computer through the complete process. I have tried this several ways: I have it downloaded on my desktop, have run it several times in regular mode, with NAV temporarily disabled, in safe mode, tried downloading the removal tool a second time doing the same things, tried disconnecting from the internet and also staying connected. My NAV says I do not have the virus but I am still receiving multiple emails periodically. This has not been as bad as last week when I received hundreds. I have only received about 50 in the past few days this time around. No one with microsoft, my ISP or symantec has been able to offer any suggestions. I will get to a certain point and the download stops and creates an error log. I have downloaded updates regularly, do virus scans regularly, downloaded the patch for the blaster worm. Does anyone have a suggestion on how I can run this removal tool completely?
Re: Sobig Virus
Answered By: legolas-ga on 31 Aug 2003 09:08 PDT
Hi nan1dayx, It sounds like you really DON'T have the virus. Rest assured, the emails that you are receiving are from OTHER PEOPLE who *ARE* infected with the virus: you are just the unlucky recipient of the emails. You have done everything I would have suggested to you to protect yourself--however, receiving the virus emails will NOT harm your system (as long as they are not open/executed(!)). It is simply something that should be deleted from your inbox. Nothing more needs to be done other than what you are already doing (keeping updated with Symantec, Microsoft, etc). Hope this puts your mind at rest! However, if you wish to double-check that the virus does not exist in your system manually, here is the Technical details on the virus: (All information from Symantec Anti-Virus Research Center at: http://email@example.com ) *** When W32.Sobig.F@mm is executed, it performs the following actions: Copies itself as %Windir%\winppr32.exe. NOTE: %Windir% is a variable. The worm locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location. Creates the file, %Windir%\winstt32.dat. Adds the value: "TrayX"="%Windir%\winppr32.exe /sinc" to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run so that the worm runs when you start Windows. Adds the value: "TrayX"="%Windir%\winppr32.exe /sinc" to the registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run so that the worm runs when you start Windows. Enumerates any network shares to which the infected computer has write access. The worm uses standard Windows APIs to do this. NOTE: Due to a bug in the code, the worm does not copy over network shares. *** Thanks, Legolas-ga
rated this answer:
Your answer was complete as far as the virus is concerned and very thorough. I had done all of that research myself. My real concern was how to download the Removal Tool. I am assuming I cannot download it unless I have the virus, according to your answer. In any case, I continue to receive emails from someone who is infected which is basically just a pain in the neck. Hence, no solutions I know of other than continuing to delete, delete, delete. Thank you.
|There are no comments at this time.|
If you feel that you have found inappropriate content, please let us know by emailing us at firstname.lastname@example.org with the question ID listed above. Thank you.
|Search Google Answers for|