Aliases: Win32:Alcaul, Win32.HLLW.Alcaul.A, Win32/Alcaul.AU, Worm:Win32/Alcaul, WORM_ALCAUL.AU
Variants: Trojan.Alcaul, W32/Alcop-G, W32/Malware!b41a, Worm/Archmime.C

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: N/A
Removal: Hard
Platform: W32
Discovered: 17 Sep 2002
Damage: Low

Characteristics: According to some computer security experts, the W32.Archimime virus is capable of inserting its codes into email messages that are stored in the computer user's account. For computer systems in network environments or with multiple user accounts, the virus may spread its infection to other network clients or user accounts.

More details about W32.Archimime

An infection that is triggered by this malware usually begins with the extraction of the Mime.exe file into the local hard drive. This file serves as the main executable file of the W32.Archimime virus which is stored in the root directory. Execution of this virus allows it to scan for the presence of email files which normally make use of the EML file extension. Every EML file format found by the W32.Archimime program is modified to incorporate the base64 encoded commands of the Mime.exe file. The successful completion of this process creates the Clikme.exe file which is used as the file attachment for the spiked email messages associated with this malware. When the W32.Archimime program completes its payload delivery routine, every file using the EML file extension will have the Clikme.exe file attachment. The result is that the unwary computer user may accidentally forward the corrupted email message to other computer users causing the virus to spread to other computer networks.

Previous instances of infections from this malware failed to disclose whether this threat was written with its own SMTP engine allowing it to send email messages without launching the default email client of the infected computer system. Since the payload delivery and propagation routines of the W32.Archimime program were designed to remain complicated and hard to recognize, its manual removal is rarely recommended by computer security providers. The most common way of removing an infection from this computer virus is the use of a reliable antivirus application that is equipped with an updated database and engine.