This type of worm is embedded in an e-mail attachment, and spreads using the infected computer's e-mailing networks.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.
You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.
Email-Worm:W32/Mimail.G is a worm that propagates in infected e-mail message attachments. The worm is also capable of launching Denial of Service (DoS) attacks on certain websites.
Mimail.G closely resembles the Mimail.C variant.
Mimail.G was found on 2 November, 2003.
Mimail.G is almost identical to the Mimail.C variant, except in the following points:
1. Mimail.G worm's file is 10784 bytes long, compressed with UPX file compressor and the unpacked file's size is 22560 bytes.
2. The worm installs itself to Windows folder as SYSLOAD32.EXE file and creates a startup key in the Registry:
- [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SystemLoad32" = "%windir\sysload32.exe"
where %windir% is a Windows directory name.
3. The worm performs a DoS attack on the following sites:
4. The worm spreads itself in the following message:
From: john@ Subject: don't be late! Body: Will meet tonight as we agreed, because on Wednesday I don't think I'll make it, so don't be late. And yes, by the way here is the file you asked for. It's all written there. See you. Attachment: readnow.zip
The attachment is a ZIP archive that contains the worm's executable file (READNOW.DOC.SCR).
5. Mimail.G does not have Mimail.C's spying functionality.