The worm behaves like below:-

  1. Virus removed user folder options
  2. Virus removed task manager option
  3. Virus make used user messenger, communicator, e-mail contacts and send messages to outside
  4. Changed user default Internet explorer home page to – http://h1.ripway.com/poojasharma/index.html
  5. Created xxx.exe folder for each files and folder name

                     i.      Folder Name         – sales, Created folder as sales.exe

                    ii.      File Name              – purchase, created folder as purchase.exe


To clean the worm manually use:-


1. Kaspersky Virus Removal Tool

2. ComboFix



It’s been identified by 2007.  

Kaspersky  –           IM-Worm.Win32.Sohanad.gen

Trend         –           WORM_SOHANAD.JJ

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: