Sharechat Logo

Forum Archive Index - November 2001

Please note usage of the Forum is subject to the Terms & Conditions.

 
Messages by Date [ Next by Date Previous by Date ]
Messages by Thread [ Next by Thread Previous by Thread ]
Post to the Forum [ New message Reply to this message ]
Printable version
  

Re: [sharechat] Nicks readme file has a virus in it dont open

From: Chris Tse <christse@internet.co.nz>
Date: Tue, 27 Nov 2001 11:18:10 +1300

I'm no expert, but my anti-virus software (Trend Micro's PC-cillin) picked it up and they offer the following info (btw, Will Bryant, I also use Eudora Pro but was still infected by this worm (?)) :

************************************************
WORM_BADTRANS.B
Risk rating:
Virus type:Worm
Destructive:No
Aliases:
W32/Badtrans-B, BADTRANS.B, W32/Badtrans@MM, W32.Badtrans.B@mm
Description:
This memory-resident Internet worm is a variant of WORM_BADTRANS.A. It propagates via MAPI32, has a Key Logger component, and arrives with randomly selected double-extension filenames.
It does not require the email receiver to open the attachment for it to execute. It uses a known vulnerability in Internet Explorer-based email clients (Microsoft Outlook and Microsoft Outlook Express) to automatically execute the file attachment. This is also known as Automatic Execution of Embedded MIME type.
Solution:
Delete the %System%\CP_25389.NLS file.
Click Start>Run, type Regedit then hit the Enter key.
Double click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft
>Windows>CurrentVersion>RunOnce
In the right panel, look for following registry value:
kernel32
Click the registry value and then Delete it.
Restart your system.
Scan your system with Trend Micro antivirus and delete all files detected as WORM_BADTRANS.B. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner.
Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network or home PC.
Technical details...

**********************************************
The above info came from this web page :
http://www.antivirus.com/pc-cillin/vinfo/virusencyclo/default5.asp?VName=WORM_BADTRANS.B

Hope this helps,
Chris

At 10:58 AM 27/11/2001, you wrote:
Virus - W32 Badtrans.B@mm
Note this automatically downloaded WITHOUT the ability to CANCEL as soon as clicking on the email - not the attachment!
 
Nortons has been unable to repair or quarantine it.
Can any experts help with what to do now?
 
Can file c/windows/system/kernel32.exe be deleted without stuffing the system? ie. how important is it?
 
Cheers in advance

References

 
Messages by Date [ Next by Date: [sharechat] British Investment Trusts -- Historic data G Stolwyk
Previous by Date: RE: [sharechat] Nicks readme file has a virus in it dont open D & C . Adams ]
Messages by Thread [ Next by Thread: Re: [sharechat] Nicks readme file has a virus in it dont open Will Bryant
Previous by Thread: RE: [sharechat] Nicks readme file has a virus in it dont open D & C . Adams ]
Post to the Forum [ New message Reply to this message ]

© Copyright 1997-2024 MoneyOnline Ltd - All Rights Reserved

IRG See IRG research reports