Looks like my comp has got a virus. Its one of those ones that sends itself from outlook express to everyone in my address book. If any of you get a dodgy mail from me then please delete it asap.

Thanks

Graham

 

I've been sent a few via the RSOC BB. But in all fairness they probably did'nt know they done it....

Nath

 

Got that one from you - thanks!
Well, I didn't get it, my AV stuff did instead.

If anyone's 'worried' they might have caught it, it has the catchy name W32/Badtrans@MM and there's some info on it here:
http://vil.nai.com/vil/virusSummary.asp?virus_k=99069
There's 'how to remove' info in there as well although it doesn't look much fun

 

I got a mail earlier via webmail, contained an attachment something like new_napster_software.MP3.pif.

Deleted it.

Mole...

 

Its an interesting way of finding whose address book you've made it into... Thanks for the attachments Mr Beal and several others. Sorry, I just binned them rather than replying.

 

Yup, look out for something.something.something files - that's the way that they do stuff. Normally .pif at the end, I think! But two dots rather than the usual one means BAD

 

W32/Badtrans-B is a worm which uses MAPI to spread. The worm
arrives in an email message with no message text. The attachment
filename is randomly generated from three parts. The first part
is taken from the list:

FUN
HUMOR
DOCS
S3MSONG
Sorry_about_yesterday
ME_NUDE
CARD
SETUP
SEARCHURL
YOU_ARE_FAT!
HAMSTER NEWS_DOC
New_Napster_Site
README
IMAGES
PICS

The second from the list:

.DOC.
.MP3.
.ZIP.

and the last from:

pif
scr

If the attached file is run, it copies itself into the Windows
system directory with the filename KERNEL32.EXE and changes the
registry key
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once so that
the worm runs the next time Windows is started. The worm also
drops a file named kdll.dll, which is the password stealing
Trojan Troj/PWS-AV.


Enjoy

 

If anyone's interested, I happened across this program yesterday - full-blown anti-virus suite (including e-mail scanner) as freeware:

http://www.grisoft.com/

I've only had a brief look at it so far but seems pretty good.

Thanks

Gavin

 

Gavin, good detection rates, bit of a pain to look after, techie tool realy.

 

Aye, somebody kindling sent me BadTrans this morning.

VirusScan killed it off for me.

Chris.

{Cheque to the usual place please Mr Clark )

 

I have finally rid my system of that virus. Appologys to all those who got sent it, it wasnt intentional. If anyone is having difficulty removing i then look at

http://www.symantec.com/avcenter/venc/data/w32.badtrans.13312@mm.html

that shows you how to get rid of it.

Graham

 

I can help over in Non Scooby Related if anyone's in real trouble.

 

Hmmmm... just got it in the mail (ta Harj ). Strange this is that upon opening the mail, OE 5.5 immediately asks if you want to run or save the file (without actually clicking on the attachment). First time I see it do that.

Could this be because the message title & body are empty ?

Anyway, it makes this virus a bit more dangerous than others.

Theo

 

when I got it this morning it automatically opened itself before I clicked on the attachment. Damn thing!!

 

i got it last night i am now getting emials off allsorts of people i have never heard of .

will norton anti virus killl it off??

 

lumby
i recieved 2 today, both from people ive never heard of. norton weeded 'em out straight away

 

LOL@Theo

I got it from H too and Skippy and Graham and a few more, looks like it spread a bit

Si

 

Got the basta*d tonight. Will post for help if I can't sort it.

Norton AntiVirus does not pick it up unless you have the very latest live update

David

 

Got notification of mine yesterday. Came from Andy Ewings. Corporate virus checker got it first

 

I had it too. Had to fork out £40 on Norton 2002, did the job though didnt know i had it till too late.
sorry if i passed it on to anyone.
Hel

 

This is spreading INCREDIBLY FAST !!!

I checked our mailservers to see how many they've stripped the virus from..JEEZ !!

Make sure you update those definitions !! or use a host who scans your email for viruses

 

I got it as well, fortunately Norton 2001 got to it first. Just upgraded to Norton after getting the loveletter virus [img]images/smilies/mad.gif[/img]

 

I got 2 today, one off my dad (he probably got it off the EVO list) and one from somebody I'd never heard of.

Haven't got any anti virus stuff, but was suspicous with them both because they didn't have any content so deleted both.

I take it that they will only corrupt your computer if you opened the attachments i.e save to disk.


Muddy

 

I have also been infected, but have since been to the doctors and been cleared.........

I must point out though......

THE VIRUS WILL AFFECT YOUR PC, EVEN IF YOU DONT VIEW/DETACH THE ATTACHMENT. ALL IT TAKES IS FOR YOU TO VIEW THE EMAIL CONTENT, EITHER IN THE PREVIEWER OR BY DOUBLE CLICKING ON THE EMAIL TITLE!!!!!!!

Make sure your email previewer is switched off!!!!

Regards,
Shaun.

[Edited by Shaun - 11/27/2001 1:11:28 AM]

 

i got the b45tard as well

emails were from darius and had no subject [img]images/smilies/mad.gif[/img]

hotmail picked it up no problem

john.
www.jon44w.com

 

I'm glad I'm not the only one, I've received blank emails from a number of Scoobynetters and with an attachment called "Unknown".

I hope we can track the source of this as I've never emailed any of the people I've got Emails from so how can they have my details in their address book ??????

 

Yes, I've had it too, it opened automatically yesterday morning. Apologies to all of you that it e-mailed automatically, Moray thanks for the warning!!, I got rid of the thing this morning, unfortunately it's corrupted the operating system which is going to take a little longer to sort out

[Edited by JGRIFF - 11/27/2001 9:09:56 AM]

 

Ive just recieved three emails with no subject.
one had three attatchments! deleted all three emails.saved one to disk and checked with norton and no virus was detected in the scan!i should have subscribed for their updates!
One came from a guy off the lancer register.