HiWAAY: Information/Internet Services
An FAQ is a Frequently Asked Question. We have listed here the question paired with
the appropriate answer. If you don't find the answer to your question, please visit
our customer support page or email support@HiWAAY.net.
XYZ - The Retired FAQ Archive
Busy Signal Report Form: Report a busy signal.
There are currently 249 FAQs in the database.
Old FAQs - We've kept these older FAQs in the archive just in case someone needs the information. These archived FAQs are no longer maintained and will certainly be out-of-date and contain errors.
Question: How do I protect my computer from the new Mimail worms? (W32.Mimail.C@mm, Mimail.D, Mimail.E, Mimail.F, Mimail.G and Mimail.H)
The Mimail worm has reappeared in several new variations. They are W32.Mimail.C@mm, W32.Mimail.D@mm, W32.Mimail.E@mm (also known as W32.Mimail.F@mm and W32.Mimail.G@mm) and W23.Mimail.H@mm. All are very similar and spread through email. The infected emails are usually the same and include an attached .zip file. The attached file is the worm. Opening the file will infect your computer.
Mimail scans the infected system for email addresses in all readable files and then spreads by sending email through its own built-in mail server to each of the addresses it found.
Mimail is consistent in the email it spews. (It's so consistent that HiWAAY's spam blocking services are trapping most of these coming into protected accounts.)
In all cases, the subject lines will either read:
Re: our private photos [random letters]
don't be late! [random letters]
The domains used in the from and reply-to addresses will usually be the same as the address the infected email was sent. For example: a Mimail infected message sent to email@example.com
will appear to have been sent from firstname.lastname@example.org
(for Mimail.C) or email@example.com
(for Mimail.D, E, F, H and H).
The attachments will either be named photos.zip
have discovered that Mimail uses infected computers to conduct DDoS (Distributed Denial of Service) attacks against a number of domains including:
The Mimail C variant email looks like this:
Subject: Re: our private photos [random letters]
Finally i've found possibility to right u, my lovely girl :)
All our photos which i've made at the beach (even when u're without ur bh:))
photos are great! This evening i'll come and we'll make the best SEX :)
Right now enjoy the photos.
The Mimail.D, E, F, G and H variant email looks like this:
More detailed information can be found at:
Subject: don't be late! [random letters]
Will meet tonight as we agreed, because on Wednesday I don't think I'll make it,
so don't be late. And yes, by the way here is the file you asked for.
It's all written there. See you.
Protection of Windows-based systems is easy (Non-Windows-based computers are not affected.
- Make certain your anti-virus software is up to date.
- Run a personal firewall like ZoneAlarm
- If you are using Microsoft Internet Explorer/Outlook Express go to Windows Updates then upgrade to latest version.
- Of course, it always bears repeating, don't open attachments!
Once Mimail infects a computer, it makes changes to the Windows registry file making it difficult to manually remove the worm. Fortunately, Symantec has released and automated removal tool to simplify the task of cleaning and infected computer. The tool can clean off all the new variants as well as the original W32.Mimail.A@mm.
If your computer is infected with Mimail you should immediately download and run the Symantec Mimail removal tool from:
You should also install up-to-date antivirus software and use it to scan your system.
Anti-Virus Software Update Sites:
We've included links below to some of the more popular anti-virus program update sites.
New definitions are released constantly. Please check with your antivirus vendor for the latest files.
HiWAAY does not warrant that any of the tools and patches listed above will protect or repair an infected computer, nor can we offer support on the complex task of manually removing worms and verifying system integrity.