[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[pyrnet] I just received this RE: Virus
> Subject: Trojan Virus.. NOT A HOAX
>
> I have scanned my computer using
> http://housecall.antivirus.com/housecall/start_corp.asp#top
> and have come up with the virus below. As I use Microsoft
> Outlook for all my list mail.. it might have come through on one
> of the lists. I suggest you run the web site listed above and
> look into your machine. I have to go through and crash out my
> machine to delete this virus. If you have it I suggest making a
> back up of all your files you want to save as this virus infects
> mostly system files and you cannot delete system files.
>
> WORM_BADTRANS.A
> Risk rating:
> Virus type: Worm
> Destructive: No
>
> Aliases:
> BADTRANS, BADTRANS.A, W32.Badtrans.13312@mm, I-WORM.BADTRANS
>
> Description:
> This memory-resident Internet Worm propagates via email clients
> that use Windows sockets, such as Microsoft Outlook and Outlook
> Express. It replies to all unread email messages with itself as
> an attachment. The email sent by the worm has the same subject
> header and message body as the original email. The name of the
> sender will be the name of the user who is currently logged on to
> the infected computer. This Worm also modifies WIN.INI so that it
> is executed at the next re-boot.
>
> Solution:
>
>
> 1.. Click Start>Run, type REGEDIT.EXE then press the Enter key.
> 2.. Press F3 to bring up the search window.
> 3.. In the "Find What" text box, type the following then hit
> the Enter key:
> KERN32.EXE
> 4.. If the "KERN32.EXE" entry is found, check if the status bar
> at the bottom of the Regedit window reads as follows:
> My Computer\HKEY_LOCAL_MACHINE\Software\
> Microsoft\Windows\CurrentVersion\RunOnce
> 5.. Right click the highlighted KERNEL32 key and then delete it.
> 6.. Close the Regedit window.
> 7.. Click Start>Run, type SYSEDIT then hit the Enter key to
> open the System Editor window.
> 8.. In the System Editor window, click the WIN.INI window.
> 9.. In the WIN.INI window, look for and then delete the entry
> as follows:
> "C:\WINDOWS\INETD.EXE"
> 10.. Save the changes and close the System Editor.
> 11.. Scan your system with Trend Micro antivirus and delete all
> files detected as WORM_BADTRANS.A. To do this, Trend Micro
> customers must download the latest pattern file and scan their
> system. Other email users may use HouseCall, Trend Micro's free
> online virus scanner.
> Trend Micro offers best-of-breed antivirus and content-security
> solutions for your corporate network or home PC.
>
> Technical details...
>