Graham Beal

Looks like my comp has got a virus. Its one of those ones that sends itself from outlook express to everyone in my address book. If any of you get a dodgy mail from me then please delete it asap.

Thanks

Graham

47 NAT

I've been sent a few via the RSOC BB. But in all fairness they probably did'nt know they done it....

Nath

nom

Got that one from you - thanks!
Well, I didn't get it, my AV stuff did instead.

If anyone's 'worried' they might have caught it, it has the catchy name W32/Badtrans@MM and there's some info on it here:
http://vil.nai.com/vil/virusSummary.asp?virus_k=99069
There's 'how to remove' info in there as well although it doesn't look much fun

mole

I got a mail earlier via webmail, contained an attachment something like new_napster_software.MP3.pif.

Deleted it.

Mole...

MorayMackenzie

Its an interesting way of finding whose address book you've made it into... Thanks for the attachments Mr Beal and several others. Sorry, I just binned them rather than replying.

nom

Yup, look out for something.something.something files - that's the way that they do stuff. Normally .pif at the end, I think! But two dots rather than the usual one means BAD

dingy

W32/Badtrans-B is a worm which uses MAPI to spread. The worm
arrives in an email message with no message text. The attachment
filename is randomly generated from three parts. The first part
is taken from the list:

FUN
HUMOR
DOCS
S3MSONG
Sorry_about_yesterday
ME_NUDE
CARD
SETUP
SEARCHURL
YOU_ARE_FAT!
HAMSTER NEWS_DOC
New_Napster_Site
README
IMAGES
PICS

The second from the list:

.DOC.
.MP3.
.ZIP.

and the last from:

pif
scr

If the attached file is run, it copies itself into the Windows
system directory with the filename KERNEL32.EXE and changes the
registry key
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once so that
the worm runs the next time Windows is started. The worm also
drops a file named kdll.dll, which is the password stealing
Trojan Troj/PWS-AV.


Enjoy

GavinP

If anyone's interested, I happened across this program yesterday - full-blown anti-virus suite (including e-mail scanner) as freeware:

http://www.grisoft.com/

I've only had a brief look at it so far but seems pretty good.

Thanks

Gavin

JackClark

Gavin, good detection rates, bit of a pain to look after, techie tool realy.

ChrisB

Aye, somebody kindling sent me BadTrans this morning.

VirusScan killed it off for me.

Chris.

{Cheque to the usual place please Mr Clark )

Graham Beal

I have finally rid my system of that virus. Appologys to all those who got sent it, it wasnt intentional. If anyone is having difficulty removing i then look at

http://www.symantec.com/avcenter/venc/data/w32.badtrans.13312@mm.html

that shows you how to get rid of it.

Graham

JackClark

I can help over in Non Scooby Related if anyone's in real trouble.

EvilBevel

Hmmmm... just got it in the mail (ta Harj ). Strange this is that upon opening the mail, OE 5.5 immediately asks if you want to run or save the file (without actually clicking on the attachment). First time I see it do that.

Could this be because the message title & body are empty ?

Anyway, it makes this virus a bit more dangerous than others.

Theo

Graham Beal

when I got it this morning it automatically opened itself before I clicked on the attachment. Damn thing!!

lumby

i got it last night i am now getting emials off allsorts of people i have never heard of .

will norton anti virus killl it off??

Spudgun GTR

lumby
i recieved 2 today, both from people ive never heard of. norton weeded 'em out straight away

Mr.Cookie

LOL@Theo

I got it from H too and Skippy and Graham and a few more, looks like it spread a bit

Si

Shark

Got the basta*d tonight. Will post for help if I can't sort it.

Norton AntiVirus does not pick it up unless you have the very latest live update

David

DavidLewis

Got notification of mine yesterday. Came from Andy Ewings. Corporate virus checker got it first

Hel

I had it too. Had to fork out £40 on Norton 2002, did the job though didnt know i had it till too late.
sorry if i passed it on to anyone.
Hel

Lee

This is spreading INCREDIBLY FAST !!!

I checked our mailservers to see how many they've stripped the virus from..JEEZ !!

Make sure you update those definitions !! or use a host who scans your email for viruses

adge

iTrader: (22)

I got it as well, fortunately Norton 2001 got to it first. Just upgraded to Norton after getting the loveletter virus [img]images/smilies/mad.gif[/img]

muddy

I got 2 today, one off my dad (he probably got it off the EVO list) and one from somebody I'd never heard of.

Haven't got any anti virus stuff, but was suspicous with them both because they didn't have any content so deleted both.

I take it that they will only corrupt your computer if you opened the attachments i.e save to disk.


Muddy

Shaun

I have also been infected, but have since been to the doctors and been cleared.........

I must point out though......

THE VIRUS WILL AFFECT YOUR PC, EVEN IF YOU DONT VIEW/DETACH THE ATTACHMENT. ALL IT TAKES IS FOR YOU TO VIEW THE EMAIL CONTENT, EITHER IN THE PREVIEWER OR BY DOUBLE CLICKING ON THE EMAIL TITLE!!!!!!!

Make sure your email previewer is switched off!!!!

Regards,
Shaun.

[Edited by Shaun - 11/27/2001 1:11:28 AM]

jon44w

i got the b45tard as well

emails were from darius and had no subject [img]images/smilies/mad.gif[/img]

hotmail picked it up no problem

john.
www.jon44w.com

Octane Man

I'm glad I'm not the only one, I've received blank emails from a number of Scoobynetters and with an attachment called "Unknown".

I hope we can track the source of this as I've never emailed any of the people I've got Emails from so how can they have my details in their address book ??????

JGRIFF

Yes, I've had it too, it opened automatically yesterday morning. Apologies to all of you that it e-mailed automatically, Moray thanks for the warning!!, I got rid of the thing this morning, unfortunately it's corrupted the operating system which is going to take a little longer to sort out

[Edited by JGRIFF - 11/27/2001 9:09:56 AM]

scooby nutter

Ive just recieved three emails with no subject.
one had three attatchments! deleted all three emails.saved one to disk and checked with norton and no virus was detected in the scan!i should have subscribed for their updates!
One came from a guy off the lancer register.