Mimail.A

Discussion in 'malware problems & news' started by kloshar, Jan 30, 2004.

Thread Status:
Not open for further replies.
  1. kloshar

    kloshar Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    279
    Location:
    Europe, Slovenia, Bre?ice
    Hello!

    I get a virus Mimail.A. I installed f-secure antivirus, but it doesn't want to update. Does that virus make a connection unavailable? Because I can't run the internet. How can I delete a virus?
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi kloshar,

    Try this one:
    http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.removal.tool.html

    Regards,

    Pieter
     
  3. kloshar

    kloshar Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    279
    Location:
    Europe, Slovenia, Bre?ice
    No, it doesn't find nothing. Any other idea?
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi kloshar,

    How did you establish you have this virus?
    Did you check for this RunKey:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VideoDriver
    =C:\<Windows>\videodrv.exe ?

    BitDefender also has a removal tool. Link can be found at the bottom here:
    http://www.bitdefender.com/bd/site/virusinfo.php?menu_id=1&v_id=146
    But that one does not work for me. Manual removal instructions are there as well.

    Regards,

    Pieter
     
  5. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    Edit by Admin...

    Please include the link to the source article when you post such things. That is not only proper online netiquette, it also gives due credit to those who create and publish such solutions.


    Link added: http://www.pchell.com/virus/mimail.shtml

    [hr]
    hey kloshar,

    see if this works,

    1) Terminate the running program

    Open the Windows Task Manager by either pressing CTRL+ALT+DEL on Win9x machines or CTL+Shift+Tab and clicking on the Processes tab on WinNT/2000/XP machines.
    Locate the following program, click on it and End Task or End Process
    VIDEODRV.EXE

    Close Task Manager
    2) Remove the Registry entries

    Click on Start, Run, Regedit
    In the left panel go to
    HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>Current Version>Run

    In the right panel, right-click and delete the following entry
    "VideoDriver"="%Windows%\videodrv.exe"

    Repeat this procedure for

    HKEY_LOCAL_MACHINE>Software>Microsoft>Code Store Database>Distribution Units

    In the right panel, locate and delete the entry:
    {11111111-1111-1111-1111-111111111111}
    Close the Registry Editor
    3) Delete the infected files (for Windows ME and XP remember to turn off System Restore before searching for and deleting these files to remove infected backed up files as well)

    Click Start, point to Find or Search, and then click Files or Folders.

    Make sure that "Look in" is set to (C:\WINDOWS).

    In the "Named" or "Search for..." box, type, or copy and paste, the file names:
    eml.tmp
    zip.tmp
    exe.tmp

    Click Find Now or Search Now.

    Delete the displayed files.
    4) Reboot the computer and run a thorough virus scan using your favorite antivirus program

    5) Apply the patches, MHTML exploit AND codebase exploit, to avoid viruses like this in the future.


    - Added link to source and comment above - LWM
     
Thread Status:
Not open for further replies.