Free hard drive encryption - Download a trial of SafeGuard Easy

Resolve: virus disinfection tools

Resolve is the name for a set of small, downloadable Sophos utilities designed to remove and undo the changes made by certain viruses, Trojans and worms. They terminate any virus processes and reset any registry keys that the virus changed. Existing infections can be cleaned up quickly and easily, both on individual workstations and over networks with large numbers of computers.

Resolve tools for numerous virus families are linked to from the table below.

Note: When disinfecting variants not listed below, use the recovery instructions in the appropriate virus analysis.

Resolve tools come in two versions, a Windows disinfector and a command line disinfector. The first few letters of the tool name indicate the family of viruses it disinfects (replaced below by *****).

Windows disinfector

The Windows disinfector, *****GUI is for standalone Windows computers. To use it:

open the tool
run it
then click GO.

To disinfect several computers: download the tool, save it to floppy disk, write-protect the floppy disk and run it from there.

Command line disinfector

The command line tool *****SFX.EXE is a self-extracting archive containing *****CLI, a Resolve command line disinfector for use by system administrators on Windows networks. The self-extracting file includes notes on running the program, and on using it for disinfecting a network.

Resolve tools

Virus disinfector	Variants covered
Agent AGENTCLI	Troj/Agent-L, Troj/Agent-GB
Agobot AGOBTGUI and AGOBTCLI	W32/Agobot-BT, W32/Agobot-HD, W32/Agobot-HH, W32/Agobot-HL, W32/Agobot-HS, W32/Agobot-IJ, W32/Agobot-IK, W32/Agobot-LG, W32/Agobot-LT, W32/Agobot-MR, W32/Agobot-MW, W32/Agobot-NA, W32/Agobot-NZ, W32/Agobot-OT, W32/Agobot-OU, W32/Agobot-QF, W32/Agobot-QO, W32/Agobot-RB, W32/Agobot-RV, W32/Agobot-SX, W32/Agobot-VB, W32/Agobot-SL, W32/Agobot-TY, W32/Agobot-ZF
Anig ANIGGUI and ANIGCLI	W32/Anig-A, W32/Anig-C
Apribot APRIBGUI and APRIBCLI	W32/Apribot-C
Avril AVRILGUI and AVRILCLI	W32/Avril-A, W32/Avril-B, W32/Avril-C
Badtrans BADTRGUI and BADTRCLI	W32/Badtrans-A and Troj/Keylog-C W32/Badtrans-B and Troj/PWS-AV
Bagle BAGLEGUI and BAGLECLI	W32/Bagle-A, W32/Bagle-C, W32/Bagle-D, W32/Bagle-E, W32/Bagle-F, W32/Bagle-G, W32/Bagle-H, W32/Bagle-I, W32/Bagle-J, W32/Bagle-K, W32/Bagle-N, W32/Bagle-Q, W32/Bagle-R, W32/Bagle-U, W32/Bagle-AA, W32/Bagle-AF, W32/Bagle-AG, W32/Bagle-AI, W32/Bagle-AN, W32/Bagle-AQ, W32/Bagle-AU, W32/Bagle-AZ, W32/Bagle-BW
Bagledl BAGDLGUI and BAGDLCLI	Troj/BagleDl-AB
Bagledlaa BDLAAGUI and BDLAACLI	Troj/BagleDl-AA
Banker BANKRGUI and BANKRCLI	Troj/Banker-R
Blaster BLASTGUI and BLASTCLI	W32/Blaster-A
Bobandy BOBANGUI and BOBANCLI	W32/Bobandy-C
Bobax BOBAXGUI and BOBAXCLI	W32/Bobax-D
Bofra BOFRAGUI and BOFRACLI	W32/Bofra-A, W32/Bofra-B, W32/Bofra-C
Brontok BRONTGUI and BRONTCLI	W32/Brontok-A, W32/Brontok-AJ, W32/Brontok-K
Bugbear-B BUGBEGUI and BUGBECLI	W32/Bugbear-B
CoreFloo-C CORFCGUI and CORFCCLI	Troj/CoreFloo-C
CoreFloo-D CORFDGUI and CORFDCLI	Troj/CoreFloo-D (Windows NT, 2000, XP and 2003 only)
Cuebot CUEBTGUI and CUEBTCLI	W32/Cuebot-D, W32/Cuebot-L, W32/Cuebot-M and W32/Hwbot-B
Deborm DEBORGUI and DEBORCLI	W32/Deborm-R
Delbot DELBTGUI and DELBTCLI	W32/Delbot-AD
Delf DELFAGUI and DELFACLI	Troj/Delf-ALI
Dloader DLOADGUI and CLOADCLI	Troj/Dloader-ML
Dloader-AKL DLAKLGUI and DLAKLCLI	Troj/Dloader-AKL
Downld DLAPPGUI and DLAPPCLI	Troj/DownLd-AAP
Donk DONKDGUI and DONKDCLI	W32/Donk-D
Dumaru DUMARGUI and DUMARCLI	W32/Dumaru-AK and Troj/Dumaru-B
Enfal ENFALGUI and ENFALCLI	Troj/Enfal-A and Troj/Enfal-B
Esbot ESBOTGUI and ESBOTCLI	W32/Esbot-B and Troj/Rootkit-AA
Eyeveg EYEVGGUI and EYEVGCLI	W32/Eyeveg-G
Fizzer-A FIZZEGUI and FIZZECLI	W32/Fizzer-A
Forbot FORBTGUI and FORBTCLI	W32/Forbot-E, W32/Forbot-G, W32/Forbot-S, W32/Forbot-W, W32/Forbot-AO, W32/Forbot-BF, W32/Forbot-BN, W32/Forbot-BP, W32/Forbot-CB, W32/Forbot-CG, W32/Forbot-DC, W32/Forbot-EJ, W32/Forbot-FE
Frethem FRETHGUI and FRETHCLI	W32/Frethem-A, W32/Frethem-B, W32/Frethem-C, W32/Frethem-D, W32/Frethem-E, W32/Frethem-F, W32/Frethem-Fam, W32/Frethem-G, W32/Frethem-H, W32/Frethem-I, W32/Frethem-J, W32/Frethem-K1, W32/Frethem-K2, W32/Frethem-L, W32/Frethem-M, W32/Frethem-N, W32/Frethem-P, W32/Frethem-Q, W32/Frethem-R, W32/Frethem-S, W32/Frethem-T
Gibe-F GIBEFGUI and GIBEFCLI	W32/Gibe-F
Jeefo JEEFOGUI and JEEFOCLI	W32/Jeefo-A
Korgo KORGOGUI and KORGOCLI	W32/Korgo-H, W32/Korgo-L, W32/Korgo-M, W32/Korgo-P, W32/Korgo-R, W32/Korgo-T
Lebreat LEBREGUI and LEBRECLI	W32/Lebreat-C, W32/Lebreat-F
LegMir LEGMRGUI and LEGMRCLI	W32/LegMir-AD
Looked LOOKDGUI and LOOKDCLI	W32/Looked-AB, W32/Looked-AF
Lovgate LOVGTGUI and LOVGTCLI	W32/Lovgate-A, W32/Lovgate-B, W32/Lovgate-C, W32/Lovgate-D, W32/Lovgate-E, W32/Lovgate-I, W32/Lovgate-J, W32/Lovgate-K, W32/Lovgate-L, W32/Lovgate-M, W32/Lovgate-N, W32/Lovgate-O
Lovgate-F LOVGFGUI and LOVGFCLI	W32/Lovgate-F
Lovgate-Z LOVGZGUI and LOVGZCLI	W32/Lovgate-Z
Mimail MIMAIGUI and MIMAICLI	W32/Mimail-A, W32/Mimail-B, W32/Mimail-C, W32/Mimail-D, W32/Mimail-E, W32/Mimail-F, W32/Mimail-H, W32/Mimail-I, W32/Mimail-J, W32/Mimail-K
Mofei MOFEIGUI and MOFEICLI	W32/Mofei-A, W32/Mofei-E
MyDoom MYDOOGUI and MYDOOCLI	W32/MyDoom-A, W32/MyDoom-B, W32/MyDoom-F, W32/MyDoom-N, W32/MyDoom-O, W32/MyDoom-S, W32/MyDoom-AJ, Troj/Bdoor-CHR
Mytob MYTOBGUI and MYTOBCLI	W32/Mytob-D, W32/Mytob-E, W32/Mytob-K, W32/Mytob-M, W32/Mytob-Y, W32/Mytob-Z, W32/Mytob-AP, W32/Mytob-AQ, W32/Mytob-CP, W32/Mytob-GH
Nachi NACHIGUI and NACHICLI	W32/Nachi-A, W32/Nachi-B
Nanpy NANPYGUI and NANPYCLI	W32/Nanpy-E, W32/Nanpy-I and W32/Kassbot-J
Narcha NARCHGUI and NARCHCLI	W32/Narcha-A
Netsky NTSKYGUI and NTSKYCLI	W32/Netsky-B, W32/Netsky-C, W32/Netsky-D, W32/Netsky-E, W32/Netsky-F, W32/Netsky-G, W32/Netsky-H, W32/Netsky-I, W32/Netsky-J, W32/Netsky-P, W32/Netsky-Q, W32/Netsky-Z, W32/Netsky-AE
Nyxem NYXEMGUI and NYXEMCLI	W32/Nyxem-C
Opaserv OPASEGUI and OPASECLI	W32/Opaserv-A, W32/Opaserv-B, W32/Opaserv-C, W32/Opaserv-D, W32/Opaserv-E, W32/Opaserv-F, W32/Opaserv-Fam, W32/Opaserv-G, W32/Opaserv-H, W32/Opaserv-I, W32/Opaserv-J, W32/Opaserv-K, W32/Opaserv-L, W32/Opaserv-V
Rbot RBOTGUI and RBOTCLI	W32/Rbot-I, W32/Rbot-R, W32/Rbot-AD, W32/Rbot-DT, W32/Rbot-EK, W32/Rbot-ET, W32/Rbot-FA, W32/Rbot-FH, W32/Rbot-FT, W32/Rbot-HD, W32/Rbot-HN, W32/Rbot-IC, W32/Rbot-IG, W32/Rbot-IR, W32/Rbot-IU, W32/Rbot-NA, W32/Rbot-NZ, W32/Rbot-PR, W32/Rbot-QH, W32/Rbot-QP, W32/Rbot-RD, W32/Rbot-SQ, W32/Rbot-TB, W32/Rbot-UE, W32/Rbot-XW, W32/Rbot-YA, W32/Rbot-AAY, W32/Rbot-AHT, W32/Rbot-AMN, W32/Rbot-AMP, W32/Rbot-AMT, W32/Rbot-AMU, W32/Rbot-AMY, W32/Rbot-ANG, W32/Rbot-APJ, W32/Rbot-APX, W32/Rbot-AQT, W32/Rbot-ASS, W32/Rbot-ASZ, W32/Rbot-AUF, W32/Rbot-AXJ, W32Rbot-DOQ, W32Rbot-FLP, W32Rbot-FMZ, W32Rbot-FON
Rbot-BAA RBBAAGUI and RBBAACLI	W32/Rbot-BAA
Rdoor RDOORGUI and RDOORCLI	W32/Ritdoor-B
RKProc RKPRFGUI and RKPRFCLI	Troj/RKProc-Fam and Troj/Stinx-E, Troj/Stinx-F
Sasser SASSGUI and SASSCLI	W32/Sasser-A, W32/Sasser-B, W32/Sasser-D, W32/Sasser-E
Sdbot SDBOTGUI and SDBOTCLI	W32/Sdbot-H, W32/Sdbot-L, W32/Sdbot-DP, Troj/Sdbot-GG, W32/Sdbot-HP, W32/Sdbot-IU, W32/Sdbot-KF, W32/Sdbot-OV, W32/Sdbot-QC, W32/Sdbot-RY, W32/Sdbot-TW, W32/Sdbot-XC, W32/Sdbot-YI, W32/Sdbot-ZE, W32/Sdbot-ACG, W32/Sdbot-ACK, W32/Sdbot-ADC, W32/Sdbot-AJQ, W32/Sdbot-CAF, W32/Sdbot-CZO, W32/Sdbot-DDS
Sober SOBRGUI and SOBRCLI	W32/Sober-A, W32/Sober-B, W32/Sober-C, W32/Sober-I, W32/Sober-V, W32/Sober-Z
Sobig SOBIGGUI and SOBIGCLI	W32/Sobig-A, W32/Sobig-B, W32/Sobig-C, W32/Sobig-D, W32/Sobig-E, W32/Sobig-F
Startpa STPAZGUI and STPAZCLI	Troj/Startpa-I, Troj/Startpa-Z (Windows NT, 2000, XP and 2003 only)
Sumom SUMOMGUI and SUMOMCLI	W32/Sumom-C
Surila SURILGUI and SURILCLI	Troj/Surila-E
Tilebot TILBTGUI and TILBTCLI	W32/Tilebot-F, W32/Tilebot-GM, W32/Tilebot-GW, W32/Tilebot-IE
Tilebotw TLBTWGUI and TLBTWCLI	W32/Tilebot-S, W32/Tilebot-W, W32/Tilebot-AA, W32/Tilebot-BY, W32/Tilebot-DK, W32/Tilebot-GS and Troj/RKFu-A
Vanebot VANBTGUI and VANBTCLI	W32/Vanebot-A and W32/Vanebot-B
Yaha YAHAGUI and YAHACLI	W32/Yaha-A, W32/Yaha-B, W32/Yaha-C, W32/Yaha-D, W32/Yaha-E, W32/Yaha-F, W32/Yaha-J, W32/Yaha-K, W32/Yaha-L, W32/Yaha-M, W32/Yaha-P, W32/Yaha-Q, W32/Yaha-R, W32/Yaha-Y, W32/Yaha-X
Zafi ZAFIGUI and ZAFICLI	W32/Zafi-B, W32/Zafi-D
Zotob ZOTOBGUI and ZOTOBCLI	W32/Zotob-A, W32/Zotob-B, W32/Zotob-H

Tools (including Resolve tools) and disinfection instructions for some other viruses are linked to from the virus disinfection instructions page.

If you need more information or guidance, then please contact technical support.

Article ID: 12084
Created: 20 Oct 2004
Last updated: 7 Oct 2008

Free hard drive encryption
Download a trial of SafeGuard Easy

Protect sensitive data from unauthorized use
Encrypt data, hard drives and removable media
Work uninterrupted with encryption on demand

Online support

Product maintenance

Contact support

Support services

Resolve: virus disinfection tools

Windows disinfector

Command line disinfector

Resolve tools

In this section

Online support

Product maintenance

Contact support

Support services

Resolve: virus disinfection tools

Windows disinfector

Command line disinfector

Resolve tools