Dear Brooks.... I hope there is another Joanne on this list that you are corresponding with. I have not sent you a private e-mail since July 2. Also I never send an attachment without letting someone know I am sending one.
I hope you did not get whatever you got from me because that would mean I might be sending out a virus and I don't want to do that. I am a little confused unless there are two of us although I have not seen another post with Joanne on it...If it is me let me know....... Sincerely Joanne........ [email protected] ----- Original Message ----- From: "BROOKS BRADLEY" <[email protected]> To: <[email protected]> Sent: Monday, April 23, 2001 5:23 PM Subject: Re: CS>VIRUS > Dear Hanan, > I received a private email from Joanne > yesterday and attempted to open the attachement.....my internal protection > programs intercepted the attachment, but merely said there was a corrupted file > or program. Upon receipt of your email just a while ago, I searched my hard > drive and found the INETD.exe virus file----but none of the others. My problem > is that I am unable to delete the INETD.exe program ....no matter what trick I > try. I always get the "windows is using the program" prompt when I try to > Delete, move it to Recycle Bin, or the ADD/Remove programs utility. The virus > must have some built-in item to foil such attempts. Do you know of any method > whereby I can eliminate this program? I am not very virus literate---when it > comes to eliminating their embedded programs. If you know of some maneuver > for overcoming my problem I would be ever-so-grateful. I am at home and away > from any help from the office personnel tonight. I can get some assistance > tomorrow, but would certainly like to reconcile this now---if possible. > Sincerely, Brooks. > [email protected] wrote: > > > This was just posted on the beck rife list...same problem there. Directions > > how to fix. > > ~Hanan > > > > <FWD> > > > > I was targeted by a worm sent via an attachment from someone on a > > > > yahoo list I am on. The thing was very sneaky in that it quoted bits > > > > from one of my posts to the list, as thought this gal were replying > > > > to me privately. > > > > After that I couldn't access the list homepage, but luckily I had > > > > some digests to read -- and lo and behold, there were several posts > > > > about this very thing. And even more luckily, one of the members of > > > > the list is an expert in computer security, who posted a description > > > > and fix. I don't think I sent the worm to any of you because I > > > > didn't re-boot between the time I downloaded the file and the time I > > > > did the fix, but I post it in case any of you were hit elsewhere. > > > > <<Subject: The attachment is a worm. > > > > Win32.Badtrans.13312 > > > > Badtrans is a worm spreading via e-mail. The worm replies to all > > > > unread messages and attaches itself using one of the following 16 > > > > names: > > > > fun.pif > > > > Humor.TXT.pif > > > > docs.scr > > > > s3msong.MP3.pif > > > > Sorry_about_yesterday.DOC.pif > > > > Me_nude.AVI.pif > > > > Card.pif > > > > SETUP.pif > > > > searchURL.scr > > > > YOU_are_FAT!.TXT.pif > > > > hamster.ZIP.scr > > > > news_doc.scr > > > > New_Napster_Site.DOC.scr > > > > README.TXT.pif > > > > images.pif > > > > Pics.ZIP.scr > > > > When a user opens the attachment, the worm copies itself to the > > > > Windows directory as: > > > > inetd.exe > > > > and modifies the file win.ini by including the line executing that > > > > program. > > > > Additionally, the Badtrans worm, drops a backdoor trojan > > > > (Win32.Badtrans.21882 Trojan). The worm creates and executes a 21882- > > > > byte file in the Windows System directory: > > > > kern32.exe > > > > and modifies the registry in order to run it on the next reboot: > > > > HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\kernel32=kern32 > > > > .exe > > > > The Trojan, which is in fact a backdoor server also uses its own > > > > library: > > > > hksdll.dll (a 5632-byte file created in the same directory). > > > > To fix: > > > > First: > > > > search your hard drive for the files named INETD.EXE, KERN32.EXE and > > > > CP_23421.NLS. Delete them. > > > > Then: > > > > Run SYSEDIT by clicking START-RUN. On RUN Window type SYSEDIT then > > > > click OK. > > > > In SYSTEM CONFIGURATION EDITOR select the window C:\WINDOWS\WIN.INI > > > > then delete the entry "C:\WINDOWS\INETD.EXE" under RUN key. > > > > All done.>> > > > > -- > > The silver-list is a moderated forum for discussion of colloidal silver. > > > > To join or quit silver-list or silver-digest send an e-mail message to: > > [email protected] -or- [email protected] > > with the word subscribe or unsubscribe in the SUBJECT line. > > > > To post, address your message to: [email protected] > > Silver-list archive: http://escribe.com/health/thesilverlist/index.html > > List maintainer: Mike Devour <[email protected]> > >
