Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


NETMON..EXE PROCESS INFORMATION

Process Name  : Netmon.exe

Process Path : %WINDOWS%\netmon.exe [ C:\Windows\netmon.exe ]

Process type    : Internet Worm

Malware Name :W32.Mimail.M@mm

Alias             : I-Worm/Mimail.M, W32/Mimail-M, W32/Mimail.M@mm, WORM_MIMAIL.M, Mimail.M

Threat level : Low

Process Details :

                     Netmon.exe is the main component dropped by Mimail.M. It is a modified variant of Mimail.C worm. It collects e-mail addresses stored in the local hard disk to distribute infected messages. Mimail.M worm arrives as an e-mail attachment. The infected attachment name will be "only_for_greg.zip" or "wendy.exe" . The infected mail sample is given below.

From: Wendy<random characters>@domain-name
Subject: Re[3]  or  RE:Greg

Hi Greg its Wendy.
 
I was shocked, when I found out that it wasn't you but
your twin brother, that's amazing, you're as like as two
peas. No
one in  bed is better than you Greg. I remember, I remember
everything
very well, that promised you to tell how it was, I'll
give you a call today after 9. He took my skirt off, then my
panties, then my bra, he sucked my tits, with the same fury
you do it.
He was writing alphabet on my pussy for 20 minutes, then
suddenly
stopped, put me in doggy style position and stuck his
dagger.But Greg, why didn't you warn me that his dick is 15
inches long? I was struck, we fucked whole night. I'm so
thankful to you, for acquainted me to your brother. I think
we can do it on
the next Saturday all three together? What do you think? O
yes,
as you wanted I've made a few pictures check them out in
archive, I hope they will excite you, and you will dream
of our new meeting...

                     When the worm file wendy.exe is executed, it copies itself to netmon.exe in Windows folder. It also drops nji2.tmp, msi2.tmp in Windows folder. 

                     Mimail.M collects e-mail addresses in the local system and stores it in a file xjwu2.tmp. After checking the Internet connection, Mimail.M sends infected messages to all the e-mail addresses stored in xjwu2.tmp. The worm uses its own SMTP engine to send infected messages.

                     Mimail.M modifies registry run section to load automatically on the next startup. The registry modification is given below.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
"NetMon"= C:\%Windows%\netmon.exe 

                     Mimail.M variant performs denial of service (DoS) attack on darkprofits.com, darkprofits.net, www.darkprofits.com, and www.darkprofits.net. The worm contains backdoor abilities and it can be used to steal the data stored in the infected system. Mimail.M variant appeared on 3rd December 2003.


How can I protect my system?

                   Solo has incorporated netmon.exe in its signature file to protect users from this Worm attack. Solo antivirus registered users are already protected from this Worm. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove this Worm?

                   If you are already infected with netmon.exe process, you can remove it from your computer using Solo Antivirus software. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link