DRAFT OF A STANDARD REPLY TO AN INFECTED FRIEND... (Please add
any other sites you know of to the list that you see below. THANKS!)
***************************************************
It seems that you have a virus. I am so sorry to have to tell you
that. You may already know it, but I would hate to not tell you, if
you haven't found out yet.
This one is really nasty. I am told that it is able to infect without
the attachment being opened. The reason it is able to infect this way
is supposed to be due to the use of HTML formatted email. Most email
programs will accept and interpret HTML code. Apparently this virus is
contained somewhere in that code, so that when the email program
interprets it, the virus is activated.
Here are some links that have been sent to the various lists that I am
on. I have not checked any of these sites myself, because my Norton's
has caught all the infected messages for me.
BTW... I have my Norton's set to automatically check for updates
everytime I log on to the Internet, so my virus definitions stay
totally current. AND, I have chosen the option to have my email
filtered through the Symantec servers before it gets to me. You might
want to look into this service.
Here are the sites:
W32.Badtrans.B@mm
W32.Badtrans.B@mm is a MAPI worm that emails itself out as a file
with one of several different names. This worm also creates a .dll in
the \Windows\System directory as Kdll.dll. It uses functions from
this .dll to log keystrokes. Virus definitions dated November 24,
2001 will detect this worm. For additional information, point your
Web browser to:
http://www.symantec.com/techsupp/vURL.cgi/nav108
http://www.microsoft.com/windows/ie/downloads/critical/q290108/default.asp
http://securityresponse.symantec.com/avcenter/venc/data/w32.plage.worm.html
http://antivirus.about.com/library/weekly/aa112401a.htm
Other info:
...using a mail washing program. I won't get too
detailed but basically, this program checks your mail on the server,
and
allows you to delete e-mails directly off the server *and* bonus,
bounce
spammers so that your e-mail appears to be completely not valid.
Obviously, you'll want to still have your anti-virus program always
running
but the mail washing program is another line of defense.
The mail washer program we use is free but does have ads. We have paid
the
$20 to get the ads taken away and it is well worth the extra money.
The URL is http://www.mailwasher.net and I would recommend the program
to
anyone who gets e-mail. It's intuitive to use and makes going through
the
e-mail every day much easier - and (possibly) saves you from known
viruses.
This is information comes from http://www.centralcommand.com/
You can also scan your pc online free at their site.
Virus Warning: I-Worm.Badtrans.B
The worm arrives in the following e-mail format:
Attachment line: A randomly selected message...
The first extension selected will be either: *.doc or *.zip or *.MP3
Second extension selected will be either: *.scr or *.pif
These are a couple examples of possible choosen subject lines:
Me_nude.zip.scr
README.MP3.pif
stuff.zip.pif
Body: (Blank)
If executed, the worm copies itself in the \windows\%system%
directory under the filename "kernel32.exe". So that it gets run
each time a user restart their computer the following registry key
gets added:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnc
e\Kernel32 ="kernel32.exe"
Removal:
Step 1.) Run a deep scan of your PC and delete any files identified
as being infected with I-Worm.Badtrans.B
Step 2.) Delete the created registry key listed above
THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY.
Copyright (C) 2000, 2001 Central Command Inc. All rights reserved.