I got an email from Andy with a virus...
- Thread starter Burke
- Start date
edmoses
Usual Suspect
- Joined
- Apr 28, 2000
- Messages
- 1,095
What you guys only got one virus each? That will teach me to talk to Andy from both my e-mail addresses.
On a serious note - anybody that has exchanged email with Andy and who has recived an email in the past 24 hours - you are proberbly infected, if your AV software did not get it.
I would just take a Hawk to your PC now.....
Regards,
Ed
On a serious note - anybody that has exchanged email with Andy and who has recived an email in the past 24 hours - you are proberbly infected, if your AV software did not get it.
I would just take a Hawk to your PC now.....
Regards,
Ed
- Joined
- Dec 23, 2000
- Messages
- 786
Got it myslef, no problems though cause it did look strange with 3 file extensions and the last one being a .pif. Hope Andy's hard-drive isn't completely hosed.
Stay Safe,
Clyde
Stay Safe,
Clyde
Bobby Branton
Moderator
- Joined
- Dec 12, 1998
- Messages
- 2,966
I just got off of the phone with Andy and he is in full Battle mode trying to get things cleaned up. He said to tell everyone that he is sorry and is trying to get his computer cleaned up as soon as possible. I just got an email from Ryan Johnson that looks strange , so if any of you are dealing with him be careful. I'm going to call him in a minute to see if he is ok.
Bobby
Bobby
- Joined
- Dec 29, 1999
- Messages
- 932
Got one too!!!!
I hope I deleted it in time!!!
I hope I deleted it in time!!!
- Joined
- Jul 2, 1999
- Messages
- 1,347
ARRGGHHH!
I guess I am the only DUMMY that downloaded it. When I tried to open it it dissapeared. I ran norton virus scan and it did not find any viruses. I searched my files and folders for it also and could not find it anymore. What is gonna happen to my pc? Does anyone know what I can do or what is gonna happen to my pc??? Any help would be greately appreciated!
I guess I am the only DUMMY that downloaded it. When I tried to open it it dissapeared. I ran norton virus scan and it did not find any viruses. I searched my files and folders for it also and could not find it anymore. What is gonna happen to my pc? Does anyone know what I can do or what is gonna happen to my pc??? Any help would be greately appreciated!
Here's the information from Computer Associates regarding this virus:
"Win32.Badtrans.29020
Virus Alert
Computer Associates International, Inc.
November 25, 2001
Also known as W32.Badtrans.B@mm and W32.Badtrans@MM
Win32.Badtrans.29020 is a worm spreading via e-mail. The worm replies to all unread messages and attaches itself using a name constructed from three parts. The first part is one of the following strings:
fun
Humor
docs
info
Sorry_about_yesterday
Me_nude
Card
SETUP
stuff
YOU_are_FAT!
HAMSTER
news_doc
New_Napster_Site
README
images
Pics
The second part is chosesn from the following list:
MP3
ZIP
DOC
The virus adds another extension to the attachment and selects it from two
possible types:
pif
scr
When a user opens the attachment, the worm copies itself to the Windows System directory as:
Kernel32.exe
and modifies the registry in order to execute it at the next reboot:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\RunOnce\Kernel32 = kernel32.exe
Additionally, Win32.Badtrans.29020 worm drops a 5632-bit file KDLL.DLL in the Windows System directory.
Detection for this worm has been added to Computer Associates antivirus solutions. Install the latest relevant update to ensure protection."
Good luck, all.
"Win32.Badtrans.29020
Virus Alert
Computer Associates International, Inc.
November 25, 2001
Also known as W32.Badtrans.B@mm and W32.Badtrans@MM
Win32.Badtrans.29020 is a worm spreading via e-mail. The worm replies to all unread messages and attaches itself using a name constructed from three parts. The first part is one of the following strings:
fun
Humor
docs
info
Sorry_about_yesterday
Me_nude
Card
SETUP
stuff
YOU_are_FAT!
HAMSTER
news_doc
New_Napster_Site
README
images
Pics
The second part is chosesn from the following list:
MP3
ZIP
DOC
The virus adds another extension to the attachment and selects it from two
possible types:
pif
scr
When a user opens the attachment, the worm copies itself to the Windows System directory as:
Kernel32.exe
and modifies the registry in order to execute it at the next reboot:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\RunOnce\Kernel32 = kernel32.exe
Additionally, Win32.Badtrans.29020 worm drops a 5632-bit file KDLL.DLL in the Windows System directory.
Detection for this worm has been added to Computer Associates antivirus solutions. Install the latest relevant update to ensure protection."
Good luck, all.
- Joined
- Dec 23, 2000
- Messages
- 786
If it is the WIN32.BADTRANS try the link below to the Mcafee site.
http://vil.mcafee.com/dispVirus.asp?virus_k=99069
Stay Safe,
Clyde
http://vil.mcafee.com/dispVirus.asp?virus_k=99069
Stay Safe,
Clyde
- Joined
- Jul 2, 1999
- Messages
- 1,347
Guys,
Thanks for the info, unfortunately when things get technical I am completely in the dark. I have no idea what to do. Is there something I am supposed to download from that site that will fix my pc? Can someone please give me a walkthrough of what I should do? Thanks a lot.
Thanks for the info, unfortunately when things get technical I am completely in the dark. I have no idea what to do. Is there something I am supposed to download from that site that will fix my pc? Can someone please give me a walkthrough of what I should do? Thanks a lot.
Louis,
First, do not reboot -- that seems to be what activates the virus. Try searching your PC for the following files:
Kernel32.exe
KDLL.DLL
If you find them, you are probably infected. I can't give you detailed instruction of how to proceed, if you are, since we use different anti-virus programs. Go to the Norton Web site & see if you can find information there that will help you eliminate the virus.
If you don't find the files, you may have dodged a bullet -- your AV program may have caught them. Download and install the latest AV update. Good luck! Let us know how you make out.
What makes this virus so insidious is that it actually appears to be a reply to one of your own e-mails, rather than simply an unsolicited e-mail from someone you know. Fhuckers!
First, do not reboot -- that seems to be what activates the virus. Try searching your PC for the following files:
Kernel32.exe
KDLL.DLL
If you find them, you are probably infected. I can't give you detailed instruction of how to proceed, if you are, since we use different anti-virus programs. Go to the Norton Web site & see if you can find information there that will help you eliminate the virus.
If you don't find the files, you may have dodged a bullet -- your AV program may have caught them. Download and install the latest AV update. Good luck! Let us know how you make out.
What makes this virus so insidious is that it actually appears to be a reply to one of your own e-mails, rather than simply an unsolicited e-mail from someone you know. Fhuckers!
- Joined
- May 5, 2001
- Messages
- 919
I've been getting several yesterday and today. I accidentally downloaded as well and they disappeared when trying to retrieve. They looked like legitimate emails from people that I've corresponded with. My Anti-Virus thing may have knocked it out.
What's the deal and how can I find the person responsible? What's this virus trying to achieve? I get nuts when someone trys to "f" around with me. I think that it all started when I got cut from my summer camp traveling softball team.
What's the deal and how can I find the person responsible? What's this virus trying to achieve? I get nuts when someone trys to "f" around with me. I think that it all started when I got cut from my summer camp traveling softball team.
AnklePocket, who knows what this crap is? It's probably a pimply 13-year old boy in Hong Kong with no girlfriend and too much free time. You'll never find out who it is. I agree with your sentiments, though; viruses can be incredibly destructive, and there's nothing amusing about them.
BTW, sorry you got cut from the softball team. I used to get picked second-to-last for basketball.
BTW, sorry you got cut from the softball team. I used to get picked second-to-last for basketball.
edmoses
Usual Suspect
- Joined
- Apr 28, 2000
- Messages
- 1,095
Brian C,
Kernel32.exe is a normal important Windows file, I would worry more if I could not find it!! The other file you list is a signature.
Either way do not go onto the Internet without having an up to date Anti Virus program....to do so is just asking for trouble.
Regards,
Ed
Kernel32.exe is a normal important Windows file, I would worry more if I could not find it!! The other file you list is a signature.
Either way do not go onto the Internet without having an up to date Anti Virus program....to do so is just asking for trouble.
Regards,
Ed
- Joined
- Jan 7, 2000
- Messages
- 817
OK,
I got this stupid virus too. Norton's directions for fixing this thing simply suck. They say to run scan on all files, and delete the infected files. Sounds easy... except the files won't delete. If someone figures out how to fix this damn thing, please post or e-mail me instructions. By the way, I am using Win 98.
JR
I got this stupid virus too. Norton's directions for fixing this thing simply suck. They say to run scan on all files, and delete the infected files. Sounds easy... except the files won't delete. If someone figures out how to fix this damn thing, please post or e-mail me instructions. By the way, I am using Win 98.
JR
- Joined
- Aug 1, 1999
- Messages
- 746
I got it and hit it. That's when I realized something was wrong.
My firewall prevented me from spreading it.
It is the W32/Badtrans@MM virus like you read in previous posts.
My McAfee on-line scan located it and gave me instuctions on how to get rid of it. You have to restart your machine in DOS. I had to use a re-boot disk that took me to DOS on Drive A. Then I simply CD to C: and CD to C:WINDOWS/SYSTEM and used DIR/P until I located the KERNEL32.EXE file and the KDLL.DLL file. I deleted both of them in DOS and reran my Virus scan twice and came up clean.
This worm is all over the place. I have a friend that got it sent to her eight times yesterday. Lucky thing I had this firewall or I would had sent it out myself. We just have to watch each other's back.
I also have a 000000@000000 e-mail address in my address book. This is supposed to stop some viruses from spreading by coming up with an error in the first address in your address book. If that does work, I haven't found out yet. I keep anti-virus running and update all the time.
Andy, if I can help just let me know.
Melvin
My firewall prevented me from spreading it.
It is the W32/Badtrans@MM virus like you read in previous posts.
My McAfee on-line scan located it and gave me instuctions on how to get rid of it. You have to restart your machine in DOS. I had to use a re-boot disk that took me to DOS on Drive A. Then I simply CD to C: and CD to C:WINDOWS/SYSTEM and used DIR/P until I located the KERNEL32.EXE file and the KDLL.DLL file. I deleted both of them in DOS and reran my Virus scan twice and came up clean.
This worm is all over the place. I have a friend that got it sent to her eight times yesterday. Lucky thing I had this firewall or I would had sent it out myself. We just have to watch each other's back.
I also have a 000000@000000 e-mail address in my address book. This is supposed to stop some viruses from spreading by coming up with an error in the first address in your address book. If that does work, I haven't found out yet. I keep anti-virus running and update all the time.
Andy, if I can help just let me know.
Melvin
Ed, computers are like cars for me -- I can drive them very well, but you really don't want me as your mechanic.
I was simply quoting the information from Computer Associates about the files that are created. As to the Kernel32.exe file, I just checked two of my PCs (Windows 95) & I don't have the file on either. Should I be worried?