Seems like a few people on this list may have become lucky recipients of the badtrans virus, which is doing the rounds at the moment. I thought my computer had been infected with it last week. As it turned out, it hadn't been - I'd stopped the virus code running, more by luck than by judgement. But at least it made me do some research on finding/recognising and getting rid of badtrans. Thought it might be useful to post up the info I've been sent by a more computer-literate friend, especially as badtrans can run automatically even if you don't open the attachment (a nasty trick!). The good news is that it's relatively easy to deal with. Hope this helps.
Philip Kane Badtrans.B is widespread at the moment. It is spread via an attachment that runs automatically on mahcines that don't have a critical update* from Microsoft installed (in this case you don't have to open the attachment for the virus code to run). On infected machines the virus can e-mail itself to addresses taken from post in your inbox. Below are disinfection instructions and below that links to some anti-virus site descriptions of this virus. * see below for getting all these updates or for this specific vunerability see: http://www.microsoft.com/technet/security/bulletin/MS01-020.asp A) Disinfection instructions in brief (more detailed version below): ================================================== 1. Delete infected mail on your machine. 2. Start up or reboot computer into Safe Mode. 3. Find and delete files with the names kdll.dll, kern32.exe, kern.exe, inetd.exe. 4. Restart computer. 5. (Optional) Remove registry start-up entry. 6. Check your virus checker is up to date - run it and check all files. 7. Check Microsoft critical updates are installed. 8. Windows Millenium users should clean System Restore. B) Disinfection instructions In more detail: ================================ 1. This depends on the software you are using. Any e-mails with two extensions should be deleted (e.g. look similar to CARD.Doc.pif or NEWS_DOC.mp3.scr). Remember to empty your Deleted Items or Trash folder afterwards. 2. To restart in Safe Mode, close your machine down, press and hold down the F8 key immediately as you start it up again. You should see a menu select Safe Mode from the menu. 3. To use Find (Search in Windows ME). Click on Start button. Select Find (Search) and Files or Folders... . In the dialog type in the name of the file you are searching for e.g. kdll.dll and make sure the search is on the hard drive(s) of your machine (usually drive C:). Right click on any incidents of these files and select delete. Delete all files named kdll.dll, kernel32.exe, kern.exe, inetd.exe. Remember to empty your Recycle bin afterwards. 4. Restart computer in normal mode 5. Optional. CAUTION: This step should only be carried out by people who know how to back up and restore the registry. It is not an essential step and incorrect changes made to the registry could cause serious problems - so if you don't know how to do this then don't try. Otherwise, using Run on the Start , run regedit. This is the Registry Editor. Find the key "HKEY_LOCAL_MACHINE>Software>Microsoft >Windows>CurrentVersion>RunOnce". In the right pane delete the value kernel32 kernel32.exe. Close it down when finished. 6. The virus should now be removed. Update your virus checker with the most up todate anti-virus virus definitions and run your virus checker to check the virus has been fully removed from your machine. If any infected files show then remove them - if need be repeat steps above. 7. Install the various critical updates from Microsoft. The virus exploits vulnerabilities in Internet Explorer/Windows - the updates stop this. Go here: http://windowsupdate.microsoft.com/ click on the PRODUCT UPDATES link. It will run a quick check on your system and tell you which updates you need to install. Follow the instructions. It may take a while to download updates - depends how many there are. 8. Windows Millennium has a back up and restore facility. It is necessary to ensure that this hasn't also been infected. In short: First Disable System Restore, restart the computer in Safe Mode, run your virus checker and remove any viruses, restart the computer normally, then re-enable the Restore Utility. In detail to disable system restore : Right click My Computer on desktop, Click Properties, Select Performance Tab, Click on File System... button, click on Troubleshooting, put a checkmark next to "Disable System Restore", Close the dialogs. Now restart in safe mode and run virus checker. Restart the computer and re-enable restore by following the above procedure and removing the checkmark next to Disable System restore. C) Useful anti-virus links: =================== McAfee Antivirus site http://vil.nai.com/vil/virusSummary.asp?virus_k=99069 Norton AntiVirus: http:[EMAIL PROTECTED] Trend Micro Anti-virus http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_BADTRANS .B If you don't have anti-virus software you can use this on-line virus checker (takes ages to run but it does work): http://housecall.antivirus.com/
