Sobig E warning
There appears too be a mutation and increased number of reports of Sobig E
virus/worm. Suppodedly the worm should have deactivated on July 16th and
Symantec then downgraded the risk. The first you know is when you get an
error app_bk_038 pop up on screen. The sobig removal tools on Symantec &
other sites only partially remove this worm and leave 2 of the 3 mutations
untouched the symantec site HERE only gives partially correct advice on
removing it these are the registry keys that contain the worm.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run: [Cgtask Services]
C:\WINDOWS\System32\cgtask.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run: [MMtask Service]
mmtask.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run:[SSK
Service]C:\WINDOWS\system32\winssk32.exe
The removal tool only removes the winssk32.exe entries and files. You need
to manually remove the rest. Of course if you are running an up to date
antivirus program you shouldn't be infected in the first place. The
speculation is that the worm has been on the systems all the time,
connecting to a remote host, and the so-called deactivation only affects the
ability to connect, and hence the error is generated because the files
remain active, but the server that the worm reports to is deactivated.
