The Sobig or Sobig-A is a Win32 worm that creates a file called Winmgm32.Exe in the Windows subdirectory (folder). The worm spreads through network shares.
- Run REGEDIT and delete the following keys:
- Run Vbuster.Exe and use it to delete all occurances of the worm
- You should also use the "F1" and "S" function of Vbuster.Exe to search for and delete Reteral.Txt created by the worm although this is not absolutely neccessary.
- For Windows 2000, XP and NT, you will have to use Regedit to delete the following keys:
- HKU\(code number)\Software\Microsoft\Wireless\CurrentVersion\Run\WindowsMGM
for each user who has activated the worm