SoBig.B Worm Virus Information and Removal Help

What is Palyh worm (AKA SoBig.B Worm) and How Did I Get It?
The SoBig worm spreads through email attachments and shared network folders. It sends copies of itself via is own SMTP engine and obtains the recipient addresses from information found in files with the following extensions:
  • .wab
  • .dbx
  • .htm
  • .html
  • .eml
  • .txt

The details of the email are


The subject can be:

  • Approved (Ref: 38446-263)
  • Cool screensaver
  • Re: Approved (Ref: 3394-65467)
  • Re: Movie
  • Re: My application
  • Re: My details
  • Screensaver
  • Your details
  • Your password

And the attachment is one of the following

  • application.pif
  • approved.pif
  • doc_details.pif
  • movie28.pif
  • password.pif
  • ref-394755.pif
  • screen_doc.pif
  • screen_temp.pif
  • your_details.pif

The worm also attempts to copy itself to the following folders on all the open network shares:

  • \Windows\All Users\Start Menu\Programs\StartUp
  • Documents and Settings\All Users\Start Menu\Programs\Startup

The worm attempts to download data from Web pages. The worm deactivates on May 31, 2003, and therefore, the last day on which the worm will spread is May 30, 2003.

How to Clean/Delete the SoBig.B or Palyh Worm?

Follow these steps in removing the Palyh worm.

1) Terminate the running program

  • Open the Windows Task Manager by either pressing CTRL+ALT+DEL on Win9x machines or CTL+Shift+Tab and clicking on the Processes tab on WinNT/2000/XP machines.
  • Locate the following program, click on it and End Task or End Process

       System Tray or MSCCN32.EXE

  • Close Task Manager

2) Remove the Registry entries

  • Click on Start, Run, Regedit
  • In the left panel go to

HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>Current Version>Run

  • In the right panel, right-click and delete the following entry


Repeat this procedure for the following location

HKEY_CURRENT_USER>Software>Microsoft>Windows>Current Version>Run

  • Close the Registry Editor

3) Delete the infected files

  • Click Start, point to Find or Search, and then click Files or Folders.
  • Make sure that "Look in" is set to (C:) and that "Include subfolders" is checked.
  • In the "Named" or "Search for..." box, type, or copy and paste, the file names:
  • Click Find Now or Search Now.
  • Delete the displayed files.

4) Reboot the computer and run a thorough virus scan using your favorite antivirus program.

For Automatic Removal of the SoBig.B or Palyh worm, click on the following link

Symantec SoBig.B Automatic Removal Program

Removal of Other SoBig worm viruses


space.gif (58 bytes)


site search by freefind advanced


Tools for Removing Spyware, Adware, and Malware

Other Pages

Spyware/Adware Removal Help

MSBlast.exe Worm Removal

Welchia (Dllhost.exe and SVCHost.exe) Worm Removal

Uninstall McAfee Instructions

Uninstall Norton Instructions

Uninstall Avast Instructions

Uninstall AVG Instructions

Uninstall Antivir Instructions

Uninstall Panda Instructions

How to Manually Run the Microsoft Malicious Software Removal Tool

Bloodhound.Exploit.6 Virus Removal

MyDoom Virus Removal

MiMail.C Virus Removal

Swen Worm Virus Removal

SoBig.F Worm Removal

Dumaru Virus Removal

BugBear.B Worm Removal

SoBig.E Worm Removal

Pop Up Ad Removal Info

KAK Worm Removal

MiMail.A Worm Removal

W95.MTX Virus Removal

Snow White Virus Removal

BadTrans Trojan Removal

Wininit Virus (Bymer Trojan)

Happy99 Worm Removal

VBS Netlog Worm Removal

Pretty Park Worm Removal

Sasser Worm Virus Removal

Backdoor SDBot.H Trojan Removal

VBS.Loveletter Help

Computer Security Information

Back Orifice Information

PC HELL Main Page


iPadastic - News, Tutorials, Help, Tips, and Hints for the iPad

Download Hoyle Games
including Casino 3D, Card, Board, and Solitaire games.

Written by Mark Hasting

Recommended Software for PC Hell Visitors
Malwarebytes Anti-Malware
Malwarebytes Anti-Malware
iolo System Mechanic® - Fix, Speed Up Your PC
iolo System Mechanic®
Emsisoft Anti Malware
Emsisoft Anti Malware
space.gif (58 bytes)


Return to PC Hell
Return to PC Hell