Home>Tips
& Articles>Remove
Worms & Virus>
Remove Worm.Mimail.I
About Mimail.I
MiMail.I and MiMail.J are mass mailing worms that attempts to steal
credit card information.The worm displays a PayPal Secure Application
form that asks the user to enter their credit card information.
Remove this worm virus using McAfee Virus Scan 2004!
The emails sent by the worm seems like this:
Subject: YOUR PAYPAL.COM ACCOUNT EXPIRES
Messeage:
Dear PayPal member,
PayPal would like to inform you about some important information
regarding your PayPal account. This account, which is associated with
the email address
<your.own@email.address.added.here>
will be expiring within five business days. We apologize for any
inconvenience that this may cause, but this is occurring because all
of our customers are required to update their account settings with
their personal information.
We are taking these actions because we are implementing a new security
policy on our website to insure everyone's absolute privacy. To avoid
any interruption in PayPal services then you will need to run the application
that we have sent with this email (see attachment) and follow the instructions.
Please do not send your personal information through email, as it will
not be as secure.
IMPORTANT! If you do not update your information with our secure
application within the next five business days then we will be forced
to deactivate your account and you will not be able to use your PayPal
account any longer. It is strongly recommended that you take a few minutes
out of your busy day and complete this now.
DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This mail is sent by an
automated message system and the reply will not be received.
Thank you for using PayPal.
Attachment:paypal.asp.scr or www.paypal.com.scr
The emails sent by the worm pretend to come from the email address
donotreply@paypal.com. It creates a file named svchost32.exe in the
Windows directory along with a temporary file and adds the following
registry key to the system. Then it displays a dialog box pops up requesting
you to enter a range of information about your credit card.
Information entered into the form is sent out by email. Note:never
act on web links or attachments sent to you in emails which claim to
come from banks or financial companies. The apparent source of an email
is too easily forged.
How to Remove Mimail.I?
Follow these steps to remove the MiMail.I worm.
1) Turn off System Restore functions for Windows Me,Windows
XP and Windows 2003 system.
2) End the running program or reboot your system to enter into Safe
mode.
Open the Windows Task Manager by either pressing CTRL+ALT+DEL on Win9x
machines or CTL+Shift+Tab and clicking on the Processes tab on WinNT/2000/XP
machines.
Locate the program named SVCHOST32 , click on it and
End Task or End Process
3) Remove the Registry entries
Click on Start|Run|Regedit
In the left panel go to
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>Current Version>Run
In the right panel, right-click and delete the following entry
"SvcHost32" = C:\Windows\svchost32.exe
Close the Registry Editor
4) Delete the infected files
Find the following files and delete them:
svchost32.exe (in the Windows directory)
C:\ppinfo.sys
C:\pp.hta
C:\pp.gif
5) Reboot the computer and run a thorough virus scan using your favorite
antivirus program.
Remove other worms & virus:
