NEW worm spreading fast - W32/Sobig-F

  • Thread starter Thread starter Marc Liron
  • Start date Start date
M

Marc Liron

In case you are NOT already aware....

There is a new worm that has been spreading fast around
the Internet ALL day.

Called the Sobig Worm... This variant is a new strain and
had been labelled
W32/Sobig-F

It can allow files to be downloaded to your PC and
executed.

PLEASE do not open ANY attachment with an extension ending
in

..PIF or .SCR

There are even examples of this worm hiding inside .ZIP
files too.

For more information read:

http://www.updatexp.com/sobig-worm-f.html


Kind Regards

Marc Liron
www.updatexp.com
~~~~~~~~~~~~~~~~~~~~~~
The home of the talking XP
Newsletter!
~~~~~~~~~~~~~~~~~~~~~~
 
Marc Liron said:
In case you are NOT already aware....

There is a new worm that has been spreading fast around
the Internet ALL day.

Called the Sobig Worm... This variant is a new strain and
had been labelled
W32/Sobig-F

It can allow files to be downloaded to your PC and
executed.

PLEASE do not open ANY attachment with an extension ending
in

.PIF or .SCR

There are even examples of this worm hiding inside .ZIP
files too.

For more information read:

http://www.updatexp.com/sobig-worm-f.html


Kind Regards

Marc Liron
www.updatexp.com
~~~~~~~~~~~~~~~~~~~~~~
The home of the talking XP
Newsletter!
~~~~~~~~~~~~~~~~~~~~~~
 
Marc said:
There is a new worm that has been spreading fast around
the Internet ALL day.
Called the Sobig Worm... This variant is a new strain and
had been labelled W32/Sobig-F

Update your virus checker and apply. If that isn't yet sufficient (depending
on what checker you use), here is a protocol for identifying, disabling, and
removing it:

IDENTIFY IT:
Search for DLLHOST.EXE. (It's on C:.) If it's about 5-6 KB in size, all is
well. If it's about 10,240 KB in size, it's the virus.

DISABLING IT:
From a command prompt, run these two commands:
NET STOP "Network Connections Sharing"
NET STOP "WINS Client"
(Each should confirm.)

REMOVING IT:
Reboot to terminate the service. Find this Registry key:
HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSetServices>
In the left panel, delete the subkeys:
RpcPatch
RpcTftpd
 
Back
Top