OT-Please add to the virus info

[Guest guest]

DRAFT OF A STANDARD REPLY TO AN INFECTED FRIEND... (Please add

any other sites you know of to the list that you see below. THANKS!)

***************************************************

It seems that you have a virus. I am so sorry to have to tell you

that. You may already know it, but I would hate to not tell you, if

you haven't found out yet.

This one is really nasty. I am told that it is able to infect without

the attachment being opened. The reason it is able to infect this way

is supposed to be due to the use of HTML formatted email. Most email

programs will accept and interpret HTML code. Apparently this virus is

contained somewhere in that code, so that when the email program

interprets it, the virus is activated.

Here are some links that have been sent to the various lists that I am

on. I have not checked any of these sites myself, because my Norton's

has caught all the infected messages for me.

BTW... I have my Norton's set to automatically check for updates

everytime I log on to the Internet, so my virus definitions stay

totally current. AND, I have chosen the option to have my email

filtered through the Symantec servers before it gets to me. You might

want to look into this service.

Here are the sites:

W32.Badtrans.B@mm

W32.Badtrans.B@mm is a MAPI worm that emails itself out as a file

with one of several different names. This worm also creates a .dll in

the \Windows\System directory as Kdll.dll. It uses functions from

this .dll to log keystrokes. Virus definitions dated November 24,

2001 will detect this worm. For additional information, point your

Web browser to:

http://www.symantec.com/techsupp/vURL.cgi/nav108

http://www.microsoft.com/windows/ie/downloads/critical/q290108/default.asp

http://securityresponse.symantec.com/avcenter/venc/data/w32.plage.worm.html

http://antivirus.about.com/library/weekly/aa112401a.htm

Other info:

>>>>

....using a mail washing program. I won't get too

detailed but basically, this program checks your mail on the server,

and

allows you to delete e-mails directly off the server *and* bonus,

bounce

spammers so that your e-mail appears to be completely not valid.

Obviously, you'll want to still have your anti-virus program always

running

but the mail washing program is another line of defense.

The mail washer program we use is free but does have ads. We have paid

the

$20 to get the ads taken away and it is well worth the extra money.

The URL is http://www.mailwasher.net and I would recommend the program

to

anyone who gets e-mail. It's intuitive to use and makes going through

the

e-mail every day much easier - and (possibly) saves you from known

viruses.

>>>>

This is information comes from http://www.centralcommand.com/

You can also scan your pc online free at their site.

Virus Warning: I-Worm.Badtrans.B

The worm arrives in the following e-mail format:

Attachment line: A randomly selected message...

The first extension selected will be either: *.doc or *.zip or *.MP3

Second extension selected will be either: *.scr or *.pif

These are a couple examples of possible choosen subject lines:

Me_nude.zip.scr

README.MP3.pif

stuff.zip.pif

Body: (Blank)

If executed, the worm copies itself in the \windows\%system%

directory under the filename " kernel32.exe " . So that it gets run

each time a user restart their computer the following registry key

gets added:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnc

e\Kernel32 = " kernel32.exe "

Removal:

Step 1.) Run a deep scan of your PC and delete any files identified

as being infected with I-Worm.Badtrans.B

Step 2.) Delete the created registry key listed above

THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY.

Copyright © 2000, 2001 Central Command Inc. All rights reserved.

>>>>