Home>Tips
& Articles>Remove
Worms & Virus>
Remove Worm.Mimail.J
About Mimail.J
MiMail.I and MiMail.J are mass mailing worms that attempts to steal
credit card information.The worm displays a PayPal Secure Application
form that asks the user to enter their credit card information.
Remove this worm virus using McAfee Virus Scan 2004!
The emails sent by the worm seems like this:
From: Do_Not_Reply@paypal.com
Subject: IMPORTANT <random string of characters>
Message:
Dear PayPal member,
We regret to inform you that your account is about to be expired
in next five business days. To avoid suspension of your account you
have to reactivate it by providing us with your personal information.
To update your personal profile and continue using PayPal services you
have to run the attached application to this email. Just run it and
follow the instructions.
IMPORTANT! If you ignore this alert, your account will be suspended
in next five business days and you will not be able to use PayPal anymore.
Thank you for using PayPal.
Attachment:InfoUpdate.exe -or- www.paypal.com.pif
W32/Mimail-J is a worm very similar to Mimail.I.
This variant tries to get you to give up your credit card details, just
like Mimail.I, but also asks you for additional personal information
such as your Social Security Number and your mother's maiden name.
How to Remove Mimail.J?
Follow these steps to remove the MiMail.J worm.
1) Turn off System Restore functions for Windows Me,Windows
XP and Windows 2003 system.
2) End the running program or reboot your system to enter into Safe
mode.
Open the Windows Task Manager by either pressing CTRL+ALT+DEL on Win9x
machines or CTL+Shift+Tab and clicking on the Processes tab on WinNT/2000/XP
machines.
Locate the program named SVCHOST32 , click on it and
End Task or End Process
3) Remove the Registry entries
Click on Start|Run|Regedit
In the left panel go to
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>Current Version>Run
In the right panel, right-click and delete the following entry
"SvcHost32" = C:\Windows\svchost32.exe
Close the Registry Editor
4) Delete the infected files
Find the following files and delete them:
svchost32.exe (in the Windows directory)
C:\ppinfo.sys
C:\pp.hta
C:\pp.gif
5) Reboot the computer and run a thorough virus scan using your favorite
antivirus program.
Remove other worms & virus:
