Win32:Sobig

is a network worm which sends itself to all email addresses, which it finds in the txt, eml, html, htm, dbx and wab files. It uses on of the following subjects:
Re: Movies
Re: Sample
Re: Document
Re: Here is that sample

... and one the following attachment names:
Movie_0074.mpeg.pif
Document003.pif
Untitled1.pif
Sample.pif

When executed, it stores itself in the Windows folder under the name winmgm32.exe and creates the following registry key to be executed on every Windows start up:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ WindowsMGM

Then it tries to copy itself into the following folders on the all accessible shared remote disks:
Windows\All Users\Start Menu\Programs\StartUp
Documents and Settings\All Users\Start Menu\Programs\Startup

It also tries to contact one site on the Geocities server and to get the address from which it then tries to download and execute one Trojan Horse.

Removal:
To remove this virus please use free avast! Virus Cleaner.

Any avast! with VPS file dated on or after 10th January 2003 is able to detect this worm.