Menu
Folks, I had received a couple of messages recently from different sources with
no content and no attachment (apparently deleted by anti-virus software, either
on my machine or the ISP server). Please be aware of this latest virus, and use
caution in opening ANY attachments (for those of you who don't know Sean Murphy,
he has a variety of guitar parts and obscure effects for sale, and is a very
nice guy).
Best regards, Dana Vincent
Sean Murphy wrote:
> Hi.... we just got infected with this worm, and if you got an empty e-mail
> containing an attachment but no note from me or Tania Casselle at our
> address, you may have it too, even if there are no symptoms yet. We're so
> sorry! Do not open such a message, and please delete immediately. They say
> it can spread even if you haven't opened the attachment, so it's imperative
> you update your virus protection immediately.
> The below alert came from our server -- you can visit their home page
> for free anti-virus info or run a search on the web for "free-antivirus". We
> actually received several different e-mails containing this worm. I shut my
> computer down when I saw the attachment come up, and thought I'd prevented
> it from loading on, but it goes underground and hides, then as much as
> several days later goes into your e-mail program -- in our case it seemed to
> go to the inbox (not until 36 hours after it loaded on) and replied to
> addresses in the inbox, or perhaps the outbox too. It definitely was not
> limited to our address book, as we know it went to people who are not in
> there. We're not sure how many got sent out before we managed to stop it...
> it's very insidious, although exactly what damage it causes, if any, is not
> clear. It's certainly a major nuisance however, if nothing else. We
> apologize if this has caused you any problems and wanted to let you know
> ASAP -- because of the lag time you may have a day or two to stop it.
>
> In general, of course, never open attachments unless you are expecting them
> and know exactly what they are. See details below:
>
> Computer Virus/Worm Alert
>
> A new variant of a mass-mailer Internet worm that
> installs a backdoor program that can allow access
> recipients' PCs is spreading on the Internet,
> according to virus alerts from a number of antivirus
> companies. The worm, called Badtrans.B, is a new
> variant of the older Badtrans virus, according to
> antivirus companies. It is spread with email messages
> from Windows systems, not Macintosh systems. It is
> executed when a user opens an infected e-mail, and
> does not require a user to click on an attachment, as
> many mass mailer worms do. The worm exploits a
> security vulnerability in Microsoft Outlook and
> Outlook Express e-mail clients to automatically
> execute the attachment when the e-mail is opened.
>
> The latest Badtrans virus arrives in the recipient's
> in-box with a "Re:" subject line to an e-mail
> actually sent by the user.
>
> What to do?
> UPDATE YOUR ANTI VIRUS SOFTWARE
> THEN SCAN YOUR COMPUTER
>
> If you have the worm, follow the removal instructions
> made available. It has to be fixed, not just found
> and forgotten about. If you are unable to follow the
> instructions, it may be a good idea to ask an
> experienced friend for assistance Do not wait.
>
> Due to our lack of personnel, we cannot provide
> individual assistance to users. You can contact James
> Triche, Mesa Computers at 758-5045 for help at a
> reasonable cost.
>
> The Symantec AntiVirus Research Center (SARC) has info
> and instructions on this at:
>
>
> Trend Micro has made available, in the Trend Micro
> Virus Information Center, instructions to
> remove Badtrans.B in case of infection. For more
> information and removal instructions, visit Trend
> Micro at:
>
> REMEMBER YOU SHOULD ON A REGULAR BASIS:
> 1. Update your virus protection. Symantec (Norton
> Anti-Virus) and McAfee
> have posted updates. If you do not
> have virus protection software on your computer, there
> is a free (for non-commercial use) antivirus program
> at (After updating, it might be a good
> idea to scan your whole system.)
>
> 2. Do a Windows Update on your computer. Go to the
> START button and select Windows Update. This will
> take you to the Microsoft page. Click on the link
> called Product Updates, it will tell you which updates
> you need on your computer.
>
> 3. Vist the La Plaza Computer Virus Alert
> () page on a
> regular basis to learn about any virus/worm. We offer
> a daily updated Virus Alert courtesy of Trend Micro
> Virus. We also provide you with various links to
> learn more about computer viruses and what you can do
> to protect yourself against them.
Two viruses have been making the rounds lately, Badtrans-B and Aliz.
What they do is fire off emails containing clones of themselves to
everyone in your outbox, without your mail program even being turned
on...as long as there's an internet connection available.
If you got it, here's how to get rid of it:
Restart Windows in Safe Mode (reboot your computer, as soon as you
see the text Starting Windows at the botton of the screen, hit the F5
key - F8 on some systems, CTRL on others).
Click START | RUN, type %WINDIR%\SYSTEM and hit ENTER
Delete the following files (if they exist):
KERN32.EXE
KERNEL32.EXE
KDLL.DLL
HKSDLL.DLL
Click START | RUN, type REGEDIT and hit ENTER
Now do this right...this is important:
Click the (+) next to HKEY_LOCAL_MACHINE
Click the (+) next to SOFTWARE
Click the (+) next to MICROSOFT
Click the (+) next to WINDOWS
Click the (+) next to CURRENTVERSION
Click the (+) next to RUNONCE
Click on KERNEL32 and hit DELETE on the keyboard
Restart the computer.
Keep your virus updates up-to-date
Just an FYI, I set up this list to reject all attachments out of
virii concerns. If you really want to send an attachment to the list,
you can upload it to the file area for this group.
