The details of the email are

Sender: bill@microsoft.com <or any of the identified recipient addresses>

The subject can be:

• Re: Screensaver
• Re: Movie
• Re: Submited (004756-3463)
• Re: 45443-343556
• Re: Approved
• Approved
• Re: Your application
• Re: Application

The message body contains: Please see the attached file.

And the attachment is one of the following

• screensaver.scr
• movie.pif
• submited.pif
• 45443.pif
• documents.pif
• approved.pif
• application.pif
• document.pif

The worm also attempts to copy itself to the following folders on all the open network shares:

• \Windows\All Users\Start Menu\Programs\StartUp
• Documents and Settings\All Users\Start Menu\Programs\Startup

The worm stops spreading via network shares on June 8, 2003.

How to Clean/Delete the SoBig.C Worm?

Follow these steps in removing the SoBig.C worm.

1) Terminate the running program

• Open the Windows Task Manager by either pressing CTRL+ALT+DEL on Win9x machines or CTL+Shift+Tab and clicking on the Processes tab on WinNT/2000/XP machines.
• Locate the following program, click on it and End Task or End Process

       System MScvb or mscvb32.exe

• Close Task Manager

2) Remove the Registry entries

• Click on Start, Run, Regedit
• In the left panel go to

HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>Current Version>Run

• In the right panel, right-click and delete the following entry

System MScvb

Repeat this procedure for the following location

HKEY_CURRENT_USER>Software>Microsoft>Windows>Current Version>Run

• Close the Registry Editor

3) Delete the infected files

• Click Start, point to Find or Search, and then click Files or Folders.
• Make sure that "Look in" is set to (C:) and that "Include subfolders" is checked.
• In the "Named" or "Search for..." box, type, or copy and paste, the file names:
  msddrr.dat
  mscvb32.exe
• Click Find Now or Search Now.
• Delete the displayed files.

4) Reboot the computer and run a thorough virus scan using your favorite antivirus program.

For Automatic Removal of the SoBig.C worm, click on the following link

Symantec SoBig.C Automatic Removal Program

Removal of Other SoBig worm viruses

SoBig.A
SoBig.B
SoBig.C
SoBig.D
SoBig.E
SoBig.F

Tools for Removing Spyware, Adware, and Malware

PC HELL
Other Pages

Spyware/Adware Removal Help

MSBlast.exe Worm Removal

Welchia (Dllhost.exe and SVCHost.exe) Worm Removal

Uninstall McAfee Instructions

Uninstall Norton Instructions

Uninstall Avast Instructions

Uninstall AVG Instructions

Uninstall Antivir Instructions

How to Manually Run the Microsoft Malicious Software Removal Tool

Bloodhound.Exploit.6 Virus Removal

MyDoom Virus Removal

MiMail.C Virus Removal

Swen Worm Virus Removal

SoBig.F Worm Removal

Dumaru Virus Removal

BugBear.B Worm Removal

SoBig.E Worm Removal

Pop Up Ad Removal Info

KAK Worm Removal

MiMail.A Worm Removal

W95.MTX Virus Removal

Snow White Virus Removal

BadTrans Trojan Removal

Wininit Virus (Bymer Trojan)

Happy99 Worm Removal

VBS Netlog Worm Removal

Pretty Park Worm Removal

Sasser Worm Virus Removal

Backdoor SDBot.H Trojan Removal

VBS.Loveletter Help

Computer Security Information

Back Orifice Information

PC HELL Main Page

Free Spyware Scan!
Protect your PC against privacy threats with the award winning SpyEraser.
Get the latest and most powerful detection and removal technologies, including Live Guard real time online protection. Sophisticated scanning technologies and threat analysis tools even detect new variants of existing threats, as well as new ones, as they evolve. With its intelligent alert warning system and full quarantine, backup and restore features, SpyEraser is the best defense for protection against attack from malware pests.

Search PCHELL.COM

Return to PC Hell