Home>Tips
& Articles>Remove
Worms & Virus>
Remove Worm.Mimail.G
About Mimail.E
Mimail.G is a worm which spreads via email using addresses harvested
from the hard drive of the infected computer, it is very similiar to
the worm MiMail.E.
Remove this worm virus using McAfee Virus Scan 2004!
The emails sent by the worm seems like this:
Subject: don't be late!
Message:
Hello Dear!,
Will meet tonight as we agreed, because on Wednesday I don't think
I'll make it,
so don't be late. And yes, by the way here is the file you asked for.
It's all written there. See you.
Attached file: readnow.zip (which contains readnow.doc.scr)
Mimail.G spoofs the From field of the sent emails using the email address
john@<your domain> to appear that it is coming from the current
domain.
While searching for email addresses in files on the local hard drive
Mimail.G attempts to exclude files that have the following extensions
from the search:
avi, bmp, cab, com, dll, exe, gif, jpg, mp3, mpg, ocx, pdf, psd, rar,
tif, vxd, wav,zip
Mimail.G trys to contact Google to if the computer is conneted tointernet.
Mimail.G also attempts denial of service attacks to the following servers.
spews.org
spamhaus.org
How to Remove Mimail-E?
Follow these steps to remove the MiMail.E worm.
1) Turn off System Restore functions for Windows Me,Windows
XP and Windows 2003 system.
2) End the running program or reboot your system to enter into Safe
mode.
Open the Windows Task Manager by either pressing CTRL+ALT+DEL on Win9x
machines or CTL+Shift+Tab and clicking on the Processes tab on WinNT/2000/XP
machines.
Locate the program named CN323 , click on it and End
Task or End Process
3) Remove the Registry entries
Click on Start|Run|Regedit
In the left panel go to
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>Current Version>Run
In the right panel, right-click and delete the following entry
"CN323" = C:\Windows\cnfrm33.exe
Close the Registry Editor
4) Delete the infected files
Open your Windows folder ( such as c:\Windows, C:WINNT ), find the following
files and delete them:
Zip.tmp, Exe.tmp, eml.tmp,
cnfrm33.exe
Remove other worms & virus:
