Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


CNFRM33.EXE PROCESS INFORMATION

Process Name  : Cnfrm33.exe

Process Path : %WINDOWS%\cnfrm33.exe [ C:\Windows\cnfrm33.exe ]

Process type    : Internet Worm

Malware Name :W32.Mimail.D@mm

Alias             : I-Worm/Mimail.D, W32/Mimail-E, W32/Mimail.D@mm, WORM_MIMAIL.D

Threat level : Low

Process Details :

                     Cnfrm33.exe is dropped by Mimail.D worm. It is a modified variant of Mimail.C worm. It collects e-mail addresses stored in the local hard disk to distribute infected messages. Mimail.D worm arrives as an e-mail attachment. The infected attachment name will be "readnow.zip". The infected mail sample is given below.

From: john@domain-name
Subject: don't be late!  <random characters>

Will meet tonight as we agreed, because on Wednesday I don't think I'll make it,

so don't be late. And yes, by the way here is the file you asked for.
It's all written there. See you.

<random characters>

                     When the worm file readnow.doc.scr stored in readnow.zip is executed, it copies itself to cnfrm.exe in Windows folder. It also drops Zip.tmp, exe.tmp in Windows folder. 

                     Mimail.D collects e-mail addresses in the local system and stores it in a file eml.tmp. After checking the Internet connection, Mimail.C sends infected messages to all the e-mail addresses stored in eml.tmp. The worm uses its own SMTP engine to send infected messages.

                     Mimail modifies registry run section to load automatically on the next startup. The registry modification is given below.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
"Cn323"= C:\%Windows%\cnfrm33.exe
                                    or
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
"cnfrm"= C:\%Windows%\cnfrm.exe


                     Mimail.D variant performs denial of service (DoS) attack on spews.org, www.spews.org, spamhaus.org, www.spamhaus.org, spamcop.net, www.spamcop.net . The worm contains backdoor abilities and it can be used to steal the data stored in the infected system. Mimail.D variant appeared on 1st November 2003.

How can I protect my system?

                   Solo has incorporated cnfrm33.exe in its signature file to protect users from this Worm attack. Solo antivirus registered users are already protected from this Worm. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove this Worm?

                   If you are already infected with cnfrm33.exe, you can remove it from your computer using Solo Antivirus software. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link