Home>Tips
& Articles>Remove
Worms & Virus>
Remove Worm.Mimail.F
About Mimail.F
Mimail.F is a worm which spreads via email and infects systems with
a zipped attachment in an email.
Remove this worm virus using McAfee Virus Scan 2004!
The emails sent by the worm seems like this:
From: john@<your domain>
Subject: don't be late!<30 spaces><random
characters>
Message:
Will meet tonight as we agreed, because on Wednesday I don't think I'll
make it,
so don't be late. And yes, by the way here is the file you asked for.
It's all written there. See you.
<random characters>
Attached file:readnow.zip
Readnow.zip is a compressed file which contains an executable file
named readnow.doc.scr. The worm also creates a copy of itself named
exe.tmp and a copy of readnow.zip named zip.tmp, both in the Windows
folder.
The worm looks for email addresses in files on the local drive. It
attempts to exclude the following extensions from its search:
AVI, BMP, CAB, COM, DLL, EXE, GIF, JPG, MP3, MPG, OCX, PDF, PSD,RAR,
TIF, VXD, WAV,ZIP
The worm also attempts to launch a denial of service attack against
the websites mysupersales.com and www.mysupersales.com.
How to Remove Mimail.F?
Follow these steps to remove the MiMail.F worm.
1) Turn off System Restore functions for Windows Me,Windows
XP and Windows 2003 system.
2) End the running program or reboot your system to enter into Safe
mode.
Open the Windows Task Manager by either pressing CTRL+ALT+DEL on Win9x
machines or CTL+Shift+Tab and clicking on the Processes tab on WinNT/2000/XP
machines.
Locate the program named CNFRM32 , click on it and
End Task or End Process
3) Remove the Registry entries
Click on Start|Run|Regedit
In the left panel go to
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>Current Version>Run
In the right panel, right-click and delete the following entry
"CNFRM32" = C:\Windows\cnfrm.exe
Close the Registry Editor
4) Delete the infected files
Open your Windows folder ( such as c:\Windows, C:WINNT ), find the following
files and delete them:
cnfrm.exe, eml.tmp, zip.tmp, exe.tmp
5) Reboot the computer and run a thorough virus scan using your favorite
antivirus program.
Remove other worms & virus:
