Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


NETWATCH.EXE PROCESS INFORMATION

Process Name  : Netwatch.exe

Process Path : %WINDOWS%\netwatch.exe [ C:\Windows\netwatch.exe ]

Process type    : Internet Worm

Malware Name :W32.Mimail.C@mm

Alias             : I-Worm/Mimail.C, W32/Mimail-C, W32/Mimail.c@mm, WORM_MIMAIL.C, I-Worm.NetWatch

Threat level : Low

Process Details :

                     Netwatch.exe is dropped by mimail.C worm. It is a modified variant of Mimail worm. It collects e-mail addresses stored in the local hard disk to distribute infected messages. Mimail.C worm arrives as an e-mail attachment. The infected attachment name will be "photos.zip". The infected mail sample is given below.

From: james@domain-name
Subject: Re[2]: our private photos  <random characters>

Hello Dear!,

Finally i've found possibility to right u, my lovely girl :)
All our photos which i've made at the beach (even when u're without ur bh:))
photos are great! This evening i'll come and we'll make the best SEX :)

Right now enjoy the photos.
Kiss, James.
<random characters>

                     When the worm file photos.jpg.exe stored in phots.zip is executed, it copies itself to netwatch.exe in Windows folder. It also drops Zip.tmp, exe.tmp in Windows folder. 

                     Mimail.C collects e-mail addresses in the local system and stores it in a file eml.tmp. After checking the Internet connection, Mimail.C sends infected messages to all the e-mail addresses stored in eml.tmp. The worm uses its own SMTP engine to send infected messages.

                     Mimail modifies registry run section to load automatically on the next startup. The registry modification is given below.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
"NetWatch32"= C:\%Windows%\netwatch.exe 

                     Mimail.C variant performs denial of service (DoS) attack on darkprofits.com, darkprofits.net, www.darkprofits.com, and www.darkprofits.net. The worm contains backdoor abilities and it can be used to steal the data stored in the infected system. Mimail.C variant appeared on 31st October 2003.

How can I protect my system?

                   Solo has incorporated netwatch.exe in its signature file to protect users from this Worm attack. Solo antivirus registered users are already protected from this Worm. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove this Worm?

                   If you are already infected with netwatch.exe process, you can remove it from your computer using Solo Antivirus software. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link