Win32:MiMail-I [Wrm] How do I get rid of it?

[fusilero]

Hi;

I have been using Avast!4 Home Users, for the last 4 months or so.  It saved me from multiple hits of the WIN32:swen worm.
My e-mail software is: Microsoft Outlook part of Office XP SBE.  All my programs and Microsoft Windows are up to date.

VPS version: 0310-10, 14.11.2003

Today, I get e-mail and the alarm that "A Virus Was Found!".  A new virus to me the Win32:MiMail-I [Wrm]

BUT! Avast will not Move/Rename or delete or Repair or Move to chest.  It keeps repeating "avast!: the system cannot find the file specified"

What should I do?  any help is appreciated

[Pavel Baudis]

Hi,

try avast! cleaner.

It has been updated yesterday to cover this new virus...


Pavel

[fusilero]

Well after reading some posts,

It seemed the thing to do.  In the mean time, I went to the offending message in my inbox and tried permanently deleting it.  And so it vanished.

I then downloaded the lastes cleaner and let it run.  It found no infection.
BUT it did find some troubleing files that "could not be scanned".  They were:

All Users.NEWXP\Application Data\Microsoft\Network\Downloader\qmgr0.dat... file could not be scanned!

C:\Documents and Settings\All Users.NEWXP\Application Data\Microsoft\Network\Downloader\qmgr1.dat... file could not be scanned!

C:\Documents and Settings\Gregory.EDMANDLAND\Local Settings\Temp\Perflib_Perfdata_804.dat... file could not be scanned!

I found these files.  The first two were last accessed over 12 hours ago.  I could not manually delete them!  

Any suggestions?

[igor]

During the runtime of your operating system, it's perfectly normal that some files cannot be accessed. It's usual nothing to worry about (though, they are exceptions of course - as with the recent Sober worm).

The Cleaner doesn't report the most common unaccessible files (such as the usual registry files, swap file etc) - because as I said, it's perfectly OK. I don't know what are those 3 files you mention - but they don't look dangerous (and they are certainly not related to the MiMail-I worm).
I would suggest not to worry about them, they're probably just a part of your OS (therefore, it may not be the best idea to delete them!).

[Lisandro]

See review for Mimail I here

If you get an e-mail message warning you that your PayPal account is about to expire, don't open it. If you open it, don't double-click the attachment. If you double-click the attachment, don't complete the form asking for your credit card information. And if you do fill in the form, call your credit card company immediately.

[Pavel Baudis]

See review for Mimail I here

Well, both MiMail variants are described on our web as well, currently even with the links from the home page

[Thadius3]

I'm having the same problem with the Win32:Beagle-K [Wrm]
"C:\Documents and Settings\Admin\Local Settings\Temp\Perflib_Perfdata_600.dat"

No matter what I try, I cannot delete it. I even tried starting in safe mode, but the file does not exist there.

Does anyone know how to get rid of this thing? It may be harmless, but it keeps setting off virus warnings and it is very annoying.

[whocares]

Hi,

- did you try the avast Cleaner, running it as Admin ?

- delete the above file via:
control panel -> Internetoptions -> general -> delete Temp.Int.Files -> Check Offline files also -> OK
Do this for all different users on the PC


 

[Thadius3]

Yes, I have ran the Avast Cleaner, I get the responce file cannot be scanned.

I deleted all tem. int. fils from all users, the file still exists.

Any other suggestions?

[whocares]

Any other suggestions?

Yes... GOOGLE

-> http://www.abxzone.com/forums/showthread/t-18800.html

-> Most probably harmless, but locked system-files (as Igor said above):
"What are the ...Perflib_Perfdataxxx.dat files?

The ...\Perflib_Perfdataxxx.dat files are created by the System Monitor. When you shutdown normally, the file should be deleted.

If you have an abormal shutdown, these files can become orphaned, and accumulate on your computer.

Under some yet to be determined circumstances, these files can become orphaned during normal operation.
"