Dear Hanan,
I received a private email from Joanne
yesterday and attempted to open the attachement.....my internal protection
programs intercepted the attachment, but merely said there was a corrupted file
or program. Upon receipt of your email just a while ago, I searched my hard
drive and found the INETD.exe virus file----but none of the others. My problem
is that I am unable to delete the INETD.exe program ....no matter what trick I
try. I always get the "windows is using the program" prompt when I try to
Delete, move it to Recycle Bin, or the ADD/Remove programs utility. The virus
must have some built-in item to foil such attempts. Do you know of any method
whereby I can eliminate this program? I am not very virus literate---when it
comes to eliminating their embedded programs. If you know of some maneuver
for overcoming my problem I would be ever-so-grateful. I am at home and away
from any help from the office personnel tonight. I can get some assistance
tomorrow, but would certainly like to reconcile this now---if possible.
Sincerely, Brooks.
[email protected] wrote:
> This was just posted on the beck rife list...same problem there. Directions
> how to fix.
> ~Hanan
>
> <FWD>
>
> I was targeted by a worm sent via an attachment from someone on a
>
> yahoo list I am on. The thing was very sneaky in that it quoted bits
>
> from one of my posts to the list, as thought this gal were replying
>
> to me privately.
>
> After that I couldn't access the list homepage, but luckily I had
>
> some digests to read -- and lo and behold, there were several posts
>
> about this very thing. And even more luckily, one of the members of
>
> the list is an expert in computer security, who posted a description
>
> and fix. I don't think I sent the worm to any of you because I
>
> didn't re-boot between the time I downloaded the file and the time I
>
> did the fix, but I post it in case any of you were hit elsewhere.
>
> <<Subject: The attachment is a worm.
>
> Win32.Badtrans.13312
>
> Badtrans is a worm spreading via e-mail. The worm replies to all
>
> unread messages and attaches itself using one of the following 16
>
> names:
>
> fun.pif
>
> Humor.TXT.pif
>
> docs.scr
>
> s3msong.MP3.pif
>
> Sorry_about_yesterday.DOC.pif
>
> Me_nude.AVI.pif
>
> Card.pif
>
> SETUP.pif
>
> searchURL.scr
>
> YOU_are_FAT!.TXT.pif
>
> hamster.ZIP.scr
>
> news_doc.scr
>
> New_Napster_Site.DOC.scr
>
> README.TXT.pif
>
> images.pif
>
> Pics.ZIP.scr
>
> When a user opens the attachment, the worm copies itself to the
>
> Windows directory as:
>
> inetd.exe
>
> and modifies the file win.ini by including the line executing that
>
> program.
>
> Additionally, the Badtrans worm, drops a backdoor trojan
>
> (Win32.Badtrans.21882 Trojan). The worm creates and executes a 21882-
>
> byte file in the Windows System directory:
>
> kern32.exe
>
> and modifies the registry in order to run it on the next reboot:
>
> HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\kernel32=kern32
>
> .exe
>
> The Trojan, which is in fact a backdoor server also uses its own
>
> library:
>
> hksdll.dll (a 5632-byte file created in the same directory).
>
> To fix:
>
> First:
>
> search your hard drive for the files named INETD.EXE, KERN32.EXE and
>
> CP_23421.NLS. Delete them.
>
> Then:
>
> Run SYSEDIT by clicking START-RUN. On RUN Window type SYSEDIT then
>
> click OK.
>
> In SYSTEM CONFIGURATION EDITOR select the window C:\WINDOWS\WIN.INI
>
> then delete the entry "C:\WINDOWS\INETD.EXE" under RUN key.
>
> All done.>>
>
> --
> The silver-list is a moderated forum for discussion of colloidal silver.
>
> To join or quit silver-list or silver-digest send an e-mail message to:
> [email protected] -or- [email protected]
> with the word subscribe or unsubscribe in the SUBJECT line.
>
> To post, address your message to: [email protected]
> Silver-list archive: http://escribe.com/health/thesilverlist/index.html
> List maintainer: Mike Devour <[email protected]>
