Mimail.A

Hello!

I get a virus Mimail.A. I installed f-secure antivirus, but it doesn't want to update. Does that virus make a connection unavailable? Because I can't run the internet. How can I delete a virus?

 

Hi kloshar,

Try this one:
http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.removal.tool.html

Regards,

Pieter

 

No, it doesn't find nothing. Any other idea?

 

Hi kloshar,

How did you establish you have this virus?
Did you check for this RunKey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VideoDriver
=C:\<Windows>\videodrv.exe ?

BitDefender also has a removal tool. Link can be found at the bottom here:
http://www.bitdefender.com/bd/site/virusinfo.php?menu_id=1&v_id=146
But that one does not work for me. Manual removal instructions are there as well.

Regards,

Pieter

 

Edit by Admin...

Please include the link to the source article when you post such things. That is not only proper online netiquette, it also gives due credit to those who create and publish such solutions.

Link added: http://www.pchell.com/virus/mimail.shtml

[hr]
hey kloshar,

see if this works,

1) Terminate the running program

Open the Windows Task Manager by either pressing CTRL+ALT+DEL on Win9x machines or CTL+Shift+Tab and clicking on the Processes tab on WinNT/2000/XP machines.
Locate the following program, click on it and End Task or End Process
VIDEODRV.EXE

Close Task Manager
2) Remove the Registry entries

Click on Start, Run, Regedit
In the left panel go to
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>Current Version>Run

In the right panel, right-click and delete the following entry
"VideoDriver"="%Windows%\videodrv.exe"

Repeat this procedure for

HKEY_LOCAL_MACHINE>Software>Microsoft>Code Store Database>Distribution Units

In the right panel, locate and delete the entry:
{11111111-1111-1111-1111-111111111111}
Close the Registry Editor
3) Delete the infected files (for Windows ME and XP remember to turn off System Restore before searching for and deleting these files to remove infected backed up files as well)

Click Start, point to Find or Search, and then click Files or Folders.

Make sure that "Look in" is set to (C:\WINDOWS).

In the "Named" or "Search for..." box, type, or copy and paste, the file names:
eml.tmp
zip.tmp
exe.tmp

Click Find Now or Search Now.

Delete the displayed files.
4) Reboot the computer and run a thorough virus scan using your favorite antivirus program

5) Apply the patches, MHTML exploit AND codebase exploit, to avoid viruses like this in the future.


- Added link to source and comment above - LWM