The virus infects Win32 PE. Sobig is a family of mass-mailing worms that target PCs running certain versions of Microsoft Windows. The worm sends itself to email addresses that it finds on the infected PC. The worm may also spread to writeable network shares. Also detected as: Win Sobig CA ,I-Worm.
Sobig Global Hauri. The worm spreads through email, newsgroups, writeable network shares, Internet relay chat channels, and peer-to-peer file-sharing programs. It also spreads by exploiting various Windows vulnerabilities. The worm has a backdoor component that connects to an IRC server and joins a specific channel to receive commands from attackers. These worms can also spread using backdoors opened by other malicious software.
The worm tries to download and apply security updates; some variants try to remove other malicious software that may be on the infected computer. Some variants replace Web pages stored on the computer with their own Web page.
Welchia Symantec ,Win Nachi CA. The Trojan opens a backdoor that allows an attacker to control the computer remotely. It may also arrive as an email file EML file that contains the malware executable in Base format. In this form, this file infector executes when the malicious EML file is opened. Once opened, it searches for. HTM or. Once found, it drops a copy of the.
EML file into the folder where the infected. HTML file is found. Adds a script line to the infected HTML file to execute the embedded malicious. This action guarantees continuous infection and increases security risk of the infected system. Note: Please skip this step if the threat s listed below have already been removed.
Classification Category :. Type :. Aliases :. Automatic action Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it. Manual removal Disinfection of this virus should be done as follows: Disable network sharing or disconnect from the network Set real-time scanner on-access scanner action to 'Disinfect Automatically' Scan ALL files not just selected ones on all hard drives Disinfect all infected files, delete all files that can't be disinfected Restart the computer Scan all files again to ensure that no more infected files are left Disinfect all other computers on the network before enabling sharing or connecting the network Please make sure that the computer is disconnected from the network while disinfection is done and that all computers in the same network are disinfected.
Suspect a file is incorrectly detected a False Positive? If you wish, you may also: Check for the latest database updates First check if your F-Secure security program is using the latest detection database updates , then try scanning the file again. Submit a sample After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
Exclude a file from further scanning If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product. For more Support Community Find the latest advice in our Community. User Guide See the user guide for your product on the Help Center. Contact Support Chat with or call an expert for help.
0コメント