How to Remove MiMail.C worm
AKA Netwatch.exe virus
the MiMail.C Worm?
From: admin@<current domain> (The from
address may be spoofed to appear that it is coming from the current
How Does MiMail.C Worm Infect My System?
Once unzipped, the file photos.htm creates an exe file named foo.exe in the Temporary Internet Files directory and runs it. The expoit is patched by the April 2003 Cumulative Patch.
The following files are then created in the Windows directory
It also adds the following registry key to the system.
"NetWatch32" = C:\Windows\netwatch.exe
What Does the MiMail.C Worm Do?
Once a computer is infected, the virus checks to see if the system is connected to the Internet by trying to contact google.com. If it can contact google, then the worm attempts to gather email addresses from the infected computer. It grabs addresses from all files on the system, EXCEPT files that have the following extensions:
These addresses are then stored in a file named eml.tmp in the Windows directory. The worm has its own SMTP engine. For each email address the worms sends, it will
How Can I Remove the MiMail.C worm?
Follow these steps in removing the MiMail.C worm.
1) Terminate the running program
2) Remove the Registry entries
3) Delete the infected files (for Windows ME and XP remember to turn off System Restore before searching for and deleting these files to remove infected backed up files as well)
4) Reboot the computer and run a thorough virus scan using your favorite antivirus program.
5) Apply the patch for the April 2003 Cumulative Update to avoid viruses like this in the future.
For Automatic Removal of MiMail.C, download the Symantec removal tool
Other Variations of this virus
Mimail.A Worm Removal
|Recommended Software for PC Hell Visitors|
iolo System Mechanic®
Emsisoft Anti Malware