Guest guest Posted November 26, 2001 Report Share Posted November 26, 2001 Dear Alice, I believe I have cleared my system of the worm/virus. At any rate these things only send themselves to individuals in the afflicted address book. Lists are well protected as they don't accept attachments and the 'infection' is in the attachment. I have corresponded offlist with very few here (fa is one) And of those few have sent warnings to all, I believe. I will append the information from a computer expert of the Work Haiku Club just in case. Sorry for any inconvenience this has caused anyone. It was sent me (unknowingly, I'm sure) by a dear cousin. Thank you for your concern, Alice, and blessings on all. Subject Heading: If you received a 'no word' message with attachment from me DELETE IT November 25, 2001 Re: A new Computer Worm discovered on November 24, 2001: W32.Badtrans.B@mm Dear WHC Members and Poetry Friends, Please be aware that there is new virus/Worm which was discovered yesterday. Just moments ago, I received an infected e-mail, but Norton Anti-virus safely quarantined it and it was disposed of immediately. If you do not have an anti-virus program, you will not know you've received an infected e-mail. The infected e-mail may come from somebody you know. The one I received came from another poet, who I am sure has no knowledge of the infection. I have e-mailed that person with the information from Symantec, which I also copy for you, below. I have also included the URL to the information page on Symantec.com for that particular worm. If you have not " bookmarked " Symantec.com or another good anti-viral software's company's information/fixes website, you need to do so. While the distribution of the worm is high, it appear to be a very destructive worm, however it compromises the security settings of your computer. Sincerely, Development Advisor, World Haiku Club http://www.worldhaikuclub.org ___________ http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.bmm (DOT) ht ml W32.Badtrans.B@mm is a MAPI worm that emails itself out as one of several different file names. This worm also drops a backdoor trojan that logs keystrokes. Type: Worm Virus Definitions: November 24, 2001 Threat Assessment: Wild: Medium Damage: Low Distribution: High Wild: Number of infections: 50 - 999 Number of sites: 3 - 9 Geographical distribution: Medium Threat containment: Easy Removal: Easy Damage: Payload: Large scale e-mailing: Sends email from addresses found in the default MAPI program. Compromises security settings: Installs keystroke logging Trojan. Technical description: This worm arrives as an email with one of several attachment names and a combination of two appended extensions. The list of possible file names is: HUMOR DOCS S3MSONG ME_NUDE CARD SEARCHURL YOU_ARE_FAT! NEWS_DOC IMAGES PICS The first extension that is appended to the file name is one of the following: ..DOC ..MP3 ..ZIP The second extension that is appended to the file name is one of the following: ..pif ..scr The resulting file name would look something like this: CARD.DOC.PIF NEWS_DOC.MP3.SCR etc. When executed, this worm copies itself as kernel32.exe in the " \windows\system " directory. It then adds the following registry value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Ker nel32=kernel32.exe. Prevention methods: 1. Corporate email filtering systems should block all email that have attachments with the extensions .scr and .pif. 2. Users should not open any emails with an attachment that matches the names listed above. Any email that has such an attachment should be deleted. Removal instructions: 1. Run LiveUpdate to make sure that you have the most recent virus definitions. 2. Start Norton AntiVirus (NAV), and make sure that NAV is configured to scan all files. For instructions on how to do this, read the document How to configure Norton AntiVirus to scan all files. 3. Run a full system scan. 4. Delete all files that are detected as W32.Badtrans.Bmm (DOT) 5. Remove the registry value listed above. [jung-l] worm! > fa tel me here in usa to say that both she n nsmith have computer virus > worm that sends blank messages to address books. so they will be absent n > hope u guys have not been affected. > > concerned > > ao Quote Link to comment Share on other sites More sharing options...
Guest guest Posted November 27, 2001 Report Share Posted November 27, 2001 > Dear Alice, > I believe I have cleared my system of the worm/virus. At any > rate these things only send themselves to individuals in the > afflicted address book.... I recieved a message from fa fitting the description of suspect mail. After deleting it, I discovered my system was unaffected. I'm wondering if that's because I'm using the Netscaape e-mail manager, rather than MS Outlook, to process my messages. This is not a firm conclusion... but something you might consider.... > Thank you for your concern, Alice, and blessings on all. > Amen, to that! APMW Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You are posting as a guest. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.