Name : Svchost32.exe
Path : %WINDOWS%\svchost32.exe
[ C:\Windows\svchost32.exe ]
type : Internet
Alias : I-Worm/Mimail.J,
W32/Mimail-J, W32/Mimail.J@mm, WORM_MIMAIL.J,
level : Low
Svchost32.exe is the main
component dropped by Mimail.J. It is a modified
variant of Mimail.I worm. It attempts to steal
credit card and personal information from the
infected user. Mimail.J worm arrives as an e-mail
attachment. It collects e-mail addresses stored
in the local hard disk to distribute infected
attachment name will be "www.paypal.com.pif"
or "InfoUpdate.exe". The
infected mail sample is given below.
Subject: IMPORTANT <random
characters> or Problems with your
Dear PayPal member,
We regret to inform you that your account is
about to be expired in next five business days.
To avoid suspension of your account you have to
reactivate it by providing us with your personal
To update your personal profile and continue
using PayPal services you have to run the
attached application to this email. Just run it
and follow the instructions.
IMPORTANT! If you ignore this alert, your account
will be suspended in next five business days and
you will not be able to use PayPal anymore.
Thank you for using PayPal.
When the infected
attachment is executed, it copies itself to svchost32.exe
in Windows folder. It also drops pp.gif, pp.hta
in C:\ folder. Mimail.J collects e-mail addresses
in the local system and stores it in a file el388.tmp.
After checking the Internet connection, Mimail.J
sends infected messages to all the e-mail
addresses stored in el388.tmp. The worm uses its
own SMTP engine to send infected messages.
registry run section to load automatically on the
next startup. The registry modification is given
Mimail.j displays fake
paypal window and requests the user to enter
Credit card number, pin number, social security
number and personal details in the window. When
the user typed and confirmed the information, it
stores it in a file PPINFO.SYS. Then it
attempts to send the information to predefined e-mail
addresses given in the worm. Mimail.J variant
appeared on 17th November 2003.
How can I protect my
Solo has incorporated
svchost32.exe in its signature file to protect
users from this Worm attack. Solo antivirus
registered users are already protected from this
Worm. Make sure that you have installed
registered version of Solo Antivirus to protect
your system from all virus threats.
to remove this Worm?
you are already infected with svchost32.exe process,
you can remove it from your computer using Solo
Antivirus software. Use the
following link to Download 30 day trial
version of Solo antivirus to remove
viruses from your computer.
Solo anti-virus not only
scans for all viruses, it contains a unique System
Integrity Checker to protect you from
New Internet Worms, Backdoors and
malicious VB, Java Scripts. It also
effectively removes all existing Internet Worms,
File viruses, malicious VB, Java scripts, Trojans,
Backdoors, boot sector, partition table and macro
purchase Solo antivirus using the link