My son is a computer tech and I asked him about the virus. This is what he sent to me. Hope this is helpful.
Cheryl Bolton Van Winkle Portrait Cavaliers www.pets4you.com/pages/portrait.html www.nopuppymills.com www.ackcsc.org www.ckcsc.org Additional information: W32.Badtrans.B@mm is a MAPI worm that emails itself out as one of several different file names. This worm also creates a DLL in \Windows\System directory as a Kdll.dll. It uses functions from this DLL to log keystrokes. This worm arrives as an email with one of several attachment names and a combination of two appended extensions. The list of possible file names is: HUMOR DOCS S3MSONG ME_NUDE CARD SEARCHURL YOU_ARE_FAT! NEWS_DOC IMAGES PICS info Sorry_about_yesterday SETUP stuff HAMSTER New_Napster_Site README The first extension that is appended to the file name is one of the following: .DOC .MP3 .ZIP The second extension that is appended to the file name is one of the following: .pif .scr The resulting file name would look something like this: CARD.DOC.PIC NEWS_DOC.MP3.SCR etc. When executed, this worm copies itself as kernel32.exe in the "\windows\system" directory. It then adds the following registry value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Kernel3 2=kernel32.exe. Prevention methods: 1. Corporate email filtering systems should block all email that have attachments with the extensions .scr and .pif. 2. Users should not open any emails with an attachment that matches the names listed above. Any email that has such an attachment should be deleted. ========================================================= "Magic Commands": to stop receiving mail for awhile, click here and send the email: mailto:[EMAIL PROTECTED]?body=SET%20CKCS-L%20NOMAIL to start it up gain click here: mailto:[EMAIL PROTECTED]?body=SET%20CKCS-L%20MAIL E-mail [EMAIL PROTECTED] for assistance. Search the Archives... http://apple.ease.lsoft.com/archives/ckcs-l.html All e-mail sent through CKCS-L is Copyright 1999 by its original author.
