Tuesday, February 07, 2012
Register  Login
  Our sponsors   
  Users currently online   
Membership Membership:
Latest New User Latest: kevin
New Today New Today: 0
New Yesterday New Yesterday: 0
User Count Overall: 56
People Online People Online:
Visitors Visitors: 4
Members Members: 0
Total Total: 4
Online Now Online Now:
Wizardwrx
Viruswarn banner
you are here: Forums  Search

Welcome to the Viruswarning forums.  All your original content has been ported to the new forums as  well as new content and additional opportunities to interact with the authors of Viruswarn.com.  You can always access old content at www.leedrake.com/forum .  You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....

But at least it's all here.

Enjoy!
  Viruswarn Forums
Forums > Viruswarning Forum > Viruswarning archive
Subject: Not my mail

You are not authorized to post a reply.   
Author Messages
Lee Drake
Posts:238
08/01/2003 7:04 PM  
What is it? Another email worm from Russia, how tiresome :). This worm dubbed w32.mimail.mm uses yet another bit of social engineering to try to get the user to run it. It seems to come from the admin@yourdomain.com (where yourdomain.com is the domain of your email address) saying your account has been closed/expired/is full etc. Attached is a zip file (supposedly with more information). Inside the zip file is - of course - a virus, and when you open the html file the virus it will run on your system if it's not properly patched. The email includes a phrase that says your email address is expiring and please read the attachment for details. This one looks like it exploits a bug documented and fixed back in April (support.microsoft.com/default.aspx?scid=kb;en-us;330994) to attempt to run without asking. As usual - if you're patched up to date and you have current virus signature files, you're protected. And everyone knows never open anything from someone unless you know what's in there right? :) The process it runs runs as videodrv.exe - if you have that process running or being loaded - you have the virus. What should you do?
  • Be sure to run Microsoft Windows Update and accept ALL critical security patches. Review optional patches and apply all those that are labeled as "security updates".
  • Keep good, up to date virus signatures, and be sure your virus software is updating.
  • Never open unexpected attachments. The contents of zip files are included in this list.
  • Run a program such as Zone-Alarm to prevent programs from running on your machine and accessing the internet without your knowledge
  • Symantec Virus signatures should be on or later than August 1st 2003 to detect this threat.
  • McAfee DAT files version 4192 and later will detect it.
  • McAfee's site has manual removal instructions
For more information: support.microsoft.com/default.aspx?scid=kb;en-us;330994 www.sarc.com/avcenter/venc/data/w32.mimail.a@mm.html us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100523 Lee Drake Aztek Computer Solutions, Inc. 274 N. Goodman St Suite B269 39 N. Goodman St. Rochester, NY 14607 the human side of computing Email: ldrake@azcomputer.net Web: www.azcomputer.net Office Phone: 585-242-2060 Fax number: 585-242-9441
You are not authorized to post a reply.
Forums > Viruswarning Forum > Viruswarning archive > Not my mail


ActiveForums 3.6
  Register or Login


Forgot Password ?
Copyright 2006 by OS-Cubed, Inc.   Terms Of Use  Privacy Statement