¿Necesita ayuda? Pregunte a la comunidad o contrate a un experto.
Ir a Avira Answers
Alias:W32.Mimail.Gen, W32/Mimail.l@MM
Type:Worm 
Size:11,296 bytes 
Origin:unknown 
Date:12-02-2003 
Damage:sends itself by email 
VDF Version:6.22.00.54 
Danger:Low 
Distribution:Medium 

General DescriptionThe Worm/Mimail.L (11,269 bytes) copies itself in Windows directory as svchost.exe and XU39REU.TMP when activated. The worm creates a ZIP archive named X8WUI12S.TMP. It searches the local drive for email addresses, to send itself to, using its own SMTP engine.

Symptoms* increased email traffic

Distribution* sends itself by email, using its own SMTP engine

Technical DetailsWhen the worm is active, it copies itself in the following directories:
* C:\%Windows%\svchost.exe
* C:\%Windows%\XU39REU.TMP
and creates the file X8WUI12S.TMP in Windows directory.

It makes the following registry entry, so that it will be automatically run at the next system start:
HKEY_LOCAL_MACHINE\Software\Microsoft
\Windows\CurrentVersion\Run
"France"="C:\\WINDOWS\\svchost.exe"

Then, the worm is looking for email addresses in the files with the following extensions, in order to send itself by email using its own SMTP engine: .com, .wav, .cab, .pdf, .rar, .zip, .tif, .psd, .ocx, .vxd, .mp3, .mpg, .avi, .dll, .exe, .gif, .jpg, and .bmp.

An email message sent by Worm/Mimail.L looks like this:

Subject: Re[2] We are going to bill your credit card:
Attachment: wendy.zip

Manual Remove Instructions- for Windows 2000/XP:
In order to remove the virus by hand, you should be in Safe Mode first. Press the F8 key when you start your computer, and select the 'safe mode' option that will appear.

Delete the following files:
* C:\%Windows%\svchost.exe
* C:\%Windows%\XU39REU.TMP
* C:\%Windows%\X8WUI12S.TMP

Start "regedit" after that and delete the following registry entries:

HKEY_LOCAL_MACHINE\Software\Microsoft
\Windows\CurrentVersion\Run
"France"="C:\\WINDOWS\\svchost.exe"

Restart your computer.

- for Windows 9x/Me:
In order to remove the virus by hand, you should be in Safe Mode first. Press the F8 key when you start your computer, and select the 'safe mode' option that will appear.

Delete the following files:

* C:\%Windows%\svchost.exe
* C:\%Windows%\XU39REU.TMP
* C:\%Windows%\X8WUI12S.TMP

Start "regedit" after that and delete the following registry entries:

HKEY_LOCAL_MACHINE\Software\Microsoft
\Windows\CurrentVersion\Run
"France"="C:\\WINDOWS\\svchost.exe"

Restart your computer.
Descripción insertada por Crony Walker el martes 15 de junio de 2004

Volver . . . .
https:// Esta ventana está cifrada para su seguridad.