[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[pyrnet] I just received this RE: Virus

To: "Pyrnet-L@Pyrnet.Org" <pyrnet-l@pyrnet.org>
Subject: [pyrnet] I just received this RE: Virus
From: "Sariena" <s.foley@sympatico.ca>
Date: Tue, 8 Jan 2002 18:48:08 -0500
Importance: Normal
Reply-To: pyrnet-l@pyrnet.org
Sender: owner-pyrnet-l@pyrnet.org

> Subject: Trojan Virus.. NOT A HOAX
> 
> I have scanned my computer using 
> http://housecall.antivirus.com/housecall/start_corp.asp#top
> and have come up with the virus below.  As I use Microsoft 
> Outlook for all my list mail.. it might have come through on one 
> of the lists.  I suggest you run the web site listed above and 
> look into your machine.  I have to go through and crash out my 
> machine to delete this virus.  If you have it I suggest making a 
> back up of all your files you want to save as this virus infects 
> mostly system files and you cannot delete system files.
> 
> WORM_BADTRANS.A
>      Risk rating:    
>      Virus type:   Worm 
>      Destructive:   No 
>         
> Aliases:
> BADTRANS, BADTRANS.A, W32.Badtrans.13312@mm, I-WORM.BADTRANS 
> 
> Description:
> This memory-resident Internet Worm propagates via email clients 
> that use Windows sockets, such as Microsoft Outlook and Outlook 
> Express. It replies to all unread email messages with itself as 
> an attachment. The email sent by the worm has the same subject 
> header and message body as the original email. The name of the 
> sender will be the name of the user who is currently logged on to 
> the infected computer. This Worm also modifies WIN.INI so that it 
> is executed at the next re-boot. 
> 
> Solution:
> 
> 
>   1.. Click Start>Run, type REGEDIT.EXE then press the Enter key. 
>   2.. Press F3 to bring up the search window. 
>   3.. In the "Find What" text box, type the following then hit 
> the Enter key:
>   KERN32.EXE 
>   4.. If the "KERN32.EXE" entry is found, check if the status bar 
> at the bottom of the Regedit window reads as follows:
>   My Computer\HKEY_LOCAL_MACHINE\Software\
>   Microsoft\Windows\CurrentVersion\RunOnce 
>   5.. Right click the highlighted KERNEL32 key and then delete it. 
>   6.. Close the Regedit window. 
>   7.. Click Start>Run, type SYSEDIT then hit the Enter key to 
> open the System Editor window. 
>   8.. In the System Editor window, click the WIN.INI window. 
>   9.. In the WIN.INI window, look for and then delete the entry 
> as follows:
>   "C:\WINDOWS\INETD.EXE" 
>   10.. Save the changes and close the System Editor. 
>   11.. Scan your system with Trend Micro antivirus and delete all 
> files detected as WORM_BADTRANS.A. To do this, Trend Micro 
> customers must download the latest pattern file and scan their 
> system. Other email users may use HouseCall, Trend Micro's free 
> online virus scanner.
> Trend Micro offers best-of-breed antivirus and content-security 
> solutions for your corporate network or home PC. 
> 
> Technical details... 
>

Follow-Ups:
- Re: [pyrnet] I just received this RE: Virus
  - From: "Jan Chaplin" <ARIEGE@xtra.co.nz>
- Re: [pyrnet] I just received this RE: Virus
  - From: "Barb Bowes" <bamb@monmouth.com>

Prev by Date: RE: [pyrnet] Virus with Pyr topic (Warning)
Next by Date: Re: [pyrnet] I just received this RE: Virus
Prev by thread: [pyrnet] Re: pyrnet-l-digest.20020107
Next by thread: Re: [pyrnet] I just received this RE: Virus
Index(es):
- Date
- Thread