This type of worm is embedded in an e-mail attachment, and spreads using the infected computer's e-mailing networks.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
More information on scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
Email-Worm:W32/Mimail.G is a worm that propagates in infected e-mail message attachments. The worm is also capable of launching Denial of Service (DoS) attacks on certain websites.
Mimail.G closely resembles the Mimail.C variant.
Mimail.G was found on 2 November, 2003.
Mimail.G is almost identical to the Mimail.C variant, except in the following points:
1. Mimail.G worm's file is 10784 bytes long, compressed with UPX file compressor and the unpacked file's size is 22560 bytes.
2. The worm installs itself to Windows folder as SYSLOAD32.EXE file and creates a startup key in the Registry:
- [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SystemLoad32" = "%windir\sysload32.exe"
where %windir% is a Windows directory name.
3. The worm performs a DoS attack on the following sites:
4. The worm spreads itself in the following message:
From: john@ Subject: don't be late! Body: Will meet tonight as we agreed, because on Wednesday I don't think I'll make it, so don't be late. And yes, by the way here is the file you asked for. It's all written there. See you. Attachment: readnow.zip
The attachment is a ZIP archive that contains the worm's executable file (READNOW.DOC.SCR).
5. Mimail.G does not have Mimail.C's spying functionality.