BadTrans virus alert & fix



[ Follow Ups ] [ Post Followup ] [ California Scuba Diving BBS ] [ FAQ ]

Posted by Ken Kurtis on November 29, 2001 at 17:50:28:

I sent the note below out the other day to our (Reef Seekers) e-mail list and reprint it here for your benenfit. I've actually gotten about 8 or 10 e-mails wit hte virus. The BIG things to watch out for are:

1. It usually starts with an underscore ( _ )
2. It's almost alway sa double file-extension (.mp3.pif)

- Ken
--------------------------
11/27/01

I got this alert (re-printed below) from my mom this morning and wish I'd gotten it a day earlier as I inadvertently infected my home computer with this virus (but my firewall seemingly prevented anything from going out and infecting others).

Anyhow, just thought I'd pass this along. It's more annoying than destructive and the easy way to test for it is to go to "Start/Find/Files"and then type in "kernel32.exe". If you've got that file (not to be confused with "kernel32.dll" which is a legitimate non-virus file), you've probably got the virus. But it's easy to get rid of and if you download the Norton update, it does it automatically. or just go to the website listed below and you can see how to isolate it manually.

The big things to look for are:

1. An e-mail address that begins with an underscore ( _ ).
2. Attachment that ends in a double file extension, usually ".mp3.pif". (Some are ".scr".)

Good luck and I hope this is a false alarm for you, but I've gotten four of these in the last 24 hours.

- Ken
---------------------------------------
(From my mom)

There is a worm that is sent as an attachment to email that is rapidly making its rounds around the Internet. I've gotten many, many emails today with the worm and have deleted the emails without reading them. Many of the email addresses begin with an underscore.

DO NOT DOWNLOAD attachments with the extensions pif or scr.

See "http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html" for information about the w32.badtrans worm. Or see the web site for your own virus software.

This is a password stealing virus. I don't believe that it affects Macintosh computers.



Follow Ups:



Post a Followup

Name:
E-Mail:

Subject:

Comments:


[ Follow Ups ] [ Post Followup ] [ California Scuba Diving BBS ] [ FAQ ]