Here is the latest thinking of Microsoft on this virus. All the posters who commented below are right on! LOOK OUT!!
Revised Information: See bottom of post for revision date/time information.
Win32.MMail.A continues its spread across the internet. Here's some further information.
Win32.MMail.A
Discovered January 26, 2004 at 6:06PM EST
Detected January 26, 2004 at 7:49PM EST
Added to referencefile 252 (01R252 27.01.2004)
Also Known As: W32.Novarg.A@mm, W32.Mydoom@MM, W32.Shimg, WORM_MIMAIL.R
Worm emails itself to datamined email addresses. The recipient will receive an email with various headings, including:
Hi
Hello
Error
MAIL DELIVERY SYSTEM
Mail Transaction Failed
Returned Mail: Response Error
Server Report
Test
An attachment (the worm) is included using the file extension .exe, .pif, .zip, and .scr. Filenames include body, document, file, message, test, and text.
Upon execution, it will drop taskmon.exe and shimgapi.dll in the %system% folder, and set taskmon.exe to autostart in the HKLM\Software\Microsoft\Windows\CurrentVersion\Run subkey.
If you receive this email, do not open it. Immediately delete the email, download the latest referencefile (01R252 27.01.2004 at the time of this writing) and perform a full system scan as shown by the settings here:
Lavasoft Help & Support
How To: Perform a "Full Scan" with Ad-aware
http://www.lavahelp.com/howto/fullscan/
We will continue to monitor for new variants. Remember to keep anti-virus software and Ad-aware updated, and practice caution when opening email from any recipient.
Please be careful
HB
Revised Information: See bottom of post for revision date/time information.
Win32.MMail.A continues its spread across the internet. Here's some further information.
Win32.MMail.A
Discovered January 26, 2004 at 6:06PM EST
Detected January 26, 2004 at 7:49PM EST
Added to referencefile 252 (01R252 27.01.2004)
Also Known As: W32.Novarg.A@mm, W32.Mydoom@MM, W32.Shimg, WORM_MIMAIL.R
Worm emails itself to datamined email addresses. The recipient will receive an email with various headings, including:
Hi
Hello
Error
MAIL DELIVERY SYSTEM
Mail Transaction Failed
Returned Mail: Response Error
Server Report
Test
An attachment (the worm) is included using the file extension .exe, .pif, .zip, and .scr. Filenames include body, document, file, message, test, and text.
Upon execution, it will drop taskmon.exe and shimgapi.dll in the %system% folder, and set taskmon.exe to autostart in the HKLM\Software\Microsoft\Windows\CurrentVersion\Run subkey.
If you receive this email, do not open it. Immediately delete the email, download the latest referencefile (01R252 27.01.2004 at the time of this writing) and perform a full system scan as shown by the settings here:
Lavasoft Help & Support
How To: Perform a "Full Scan" with Ad-aware
http://www.lavahelp.com/howto/fullscan/
We will continue to monitor for new variants. Remember to keep anti-virus software and Ad-aware updated, and practice caution when opening email from any recipient.
Please be careful
HB
