McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• Exploit-MIME

• Exploit-MIME.gen.exe

Characteristics

-- Update March 11, 2004 --
The risk assessment of this threat was lowered to Low-Profiled due to a decrease in prevalence.

-- Update September 20, 2003 --
AVERT has received serveral submissions of emails which are generically detected as Exploit-MIME.gen.c. On examination these files have been found to be emails sent by W32/Swen@MM , which attempts to use this exploit in some cases. These emails are normally detected as Exploit-MIME.gen.exe. However if the email has passed through an email based Anti-Virus scanner the attachment will have been removed resulting in an email that just contains the exploit code but no attachment, and this is triggering the Exploit-MIME.gen.c detection.

This generic detection covers email message files which exploit the Microsoft Incorrect MIME Header vulnerability. This vulnerability allows attached executable files to be run when a message is simply viewed. Several common viruses make use of this exploit, including W32/Badtrans@MM, W32/Nimda.gen@MM, and W32/Klez.gen@MM.

For more information on this exploit and a patch, visit http://www.microsoft.com/technet/security/bulletin/MS01-020.mspx

As this is a generic detection which may cover many different trojans and viruses, it is not possible to specify any further details or symptoms of this threat.

Symptoms

Varies

Method of Infection

Viewing/reading an infected email message causes an executable file to run on your system.

Removal

All Windows Users :
Use current engine and DAT files for detection and removal.

If you have Internet Explorer 5.01 or 5.5, ensure that you have installed the Microsoft Security Bulletin (MS01-020) patch

Additional Windows ME/XP removal considerations

Variants

Variants

• Exploit-MIME.gen.c application
• Exploit-MIME.gen.b

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• Exploit-MIME

• Exploit-MIME.gen.exe

Characteristics

Characteristics -

-- Update March 11, 2004 --
The risk assessment of this threat was lowered to Low-Profiled due to a decrease in prevalence.

-- Update September 20, 2003 --
AVERT has received serveral submissions of emails which are generically detected as Exploit-MIME.gen.c. On examination these files have been found to be emails sent by W32/Swen@MM , which attempts to use this exploit in some cases. These emails are normally detected as Exploit-MIME.gen.exe. However if the email has passed through an email based Anti-Virus scanner the attachment will have been removed resulting in an email that just contains the exploit code but no attachment, and this is triggering the Exploit-MIME.gen.c detection.

This generic detection covers email message files which exploit the Microsoft Incorrect MIME Header vulnerability. This vulnerability allows attached executable files to be run when a message is simply viewed. Several common viruses make use of this exploit, including W32/Badtrans@MM, W32/Nimda.gen@MM, and W32/Klez.gen@MM.

For more information on this exploit and a patch, visit http://www.microsoft.com/technet/security/bulletin/MS01-020.mspx

As this is a generic detection which may cover many different trojans and viruses, it is not possible to specify any further details or symptoms of this threat.

Symptoms

Symptoms -

Varies

Method of Infection

Method of Infection -

Viewing/reading an infected email message causes an executable file to run on your system.

Removal -

Removal -

All Windows Users :
Use current engine and DAT files for detection and removal.

If you have Internet Explorer 5.01 or 5.5, ensure that you have installed the Microsoft Security Bulletin (MS01-020) patch

Additional Windows ME/XP removal considerations

Variants

Variants -

• Exploit-MIME.gen.c application
• Exploit-MIME.gen.b