Name : Netmon.exe
Path : %WINDOWS%\netmon.exe
[ C:\Windows\netmon.exe ]
type : Internet
Alias : I-Worm/Mimail.M,
W32/Mimail-M, W32/Mimail.M@mm, WORM_MIMAIL.M,
level : Low
Netmon.exe is the main
component dropped by Mimail.M. It is
a modified variant of Mimail.C
worm. It collects e-mail addresses stored in the
local hard disk to distribute infected messages. Mimail.M worm arrives as
an e-mail attachment. The infected attachment
name will be "only_for_greg.zip"
or "wendy.exe" . The infected
mail sample is given below.
Subject: Re or RE:Greg
Greg its Wendy.
I was shocked, when I found out that it wasn't
your twin brother, that's amazing, you're as like
one in bed is better than you Greg. I
remember, I remember
very well, that promised you to tell how it was,
give you a call today after 9. He took my skirt
off, then my
panties, then my bra, he sucked my tits, with the
you do it.
He was writing alphabet on my pussy for 20
stopped, put me in doggy style position and stuck
dagger.But Greg, why didn't you warn me that his
dick is 15
inches long? I was struck, we fucked whole night.
thankful to you, for acquainted me to your
brother. I think
we can do it on
the next Saturday all three together? What do you
as you wanted I've made a few pictures check them
archive, I hope they will excite you, and you
of our new meeting...
When the worm file wendy.exe
is executed, it copies itself to netmon.exe in
Windows folder. It also drops nji2.tmp, msi2.tmp
in Windows folder.
Mimail.M collects e-mail
addresses in the local system and stores it in a
file xjwu2.tmp. After checking the Internet
connection, Mimail.M sends infected messages to
all the e-mail addresses stored in xjwu2.tmp. The
worm uses its own SMTP engine to send infected
registry run section to load automatically on the
next startup. The registry modification is given
Mimail.M variant performs
denial of service (DoS) attack on darkprofits.com,
darkprofits.net, www.darkprofits.com, and www.darkprofits.net.
The worm contains backdoor abilities and it can
be used to steal the data stored in the infected
system. Mimail.M variant appeared on 3rd December
How can I protect my
Solo has incorporated
netmon.exe in its signature file to protect
users from this Worm attack. Solo antivirus
registered users are already protected from this
Worm. Make sure that you have installed
registered version of Solo Antivirus to protect
your system from all virus threats.
to remove this Worm?
you are already infected with netmon.exe process,
you can remove it from your computer using Solo
Antivirus software. Use the
following link to Download 30 day trial
version of Solo antivirus to remove
viruses from your computer.
Solo anti-virus not only
scans for all viruses, it contains a unique System
Integrity Checker to protect you from
New Internet Worms, Backdoors and
malicious VB, Java Scripts. It also
effectively removes all existing Internet Worms,
File viruses, malicious VB, Java scripts, Trojans,
Backdoors, boot sector, partition table and macro
purchase Solo antivirus using the link