Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

VIRUS ALERT! W32/Badtrans.B
Private Email ^ | Now | Private Email

Posted on 11/29/2001 11:40:41 AM PST by -No Way-

VIRUS ALERT! W32/Badtrans.B

-----Original Message-----

- The W32/Badtrans.B virus continues to spread - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com

Madrid, November 29 2001 -- The number of infections being caused by W32/Badtrans is reaching epidemic proportions in some countries. The areas hardest hit by the virus so far are the United States, France, Portugal, Germany, the United Kingdom, and Scandinavia.

Panda Software offers Gdogs the PQREMOVE(*) utility, free of charge. This tool automatically eliminates W32/Badtrans.B from infected systems. This application can be downloaded from:

http://updates.pandasoftware.com/pqremove/pqremove.com.

To prevent infection from W32/Badtrans.B, Panda Software advises all Gdogs to update their antiviruses, immediately, from the Customer Area on the website at http://www.pandasoftware.com.

As Oxygen3 24h-365d recently reported, W32/Badtrans.B is a dangerous worm that spreads rapidly via e-mail. The file it is contained in has a variable name, which it makes up from three separate word lists. It also installs a

Trojan designed to steal confidential data (passwords etc.) from the infected machine. Oxygen3 24h-365d reminds you that W32/Badtrans.b exploits a known vulnerability in versions 5.01 and 5.5 of Microsoft Internet Explorer. This vulnerability allows an attached file to be run through the message preview pane in Outlook e-mail clients. Gdogs with these versions are advised to download the corresponding patch from:

http://www.microsoft.com/technet/security/bulletin/MS01-020.asp.    <----------IF YOU ARE NOT INFECTED GET THIS NOW!

More information about W32/Badtrans.B is available in Panda Software's Virus Encyclopedia at:

http://service.pandasoftware.es/library/virusCard.jsp?Virus=W32/Badtrans.B

(*) If you are using Netscape Navigator, follow these steps to download the PQREMOVE utility: First, right-click the corresponding link, then select the 'Save Link as...' option. Finally, indicate the directory to which you want to save the file.

NOTE: The addresses above may not show up on your screen as single lines. This would prevent you from using the links to access the web pages. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL. ------------------------------------------------------------


TOPICS: Announcements; News/Current Events
KEYWORDS:
Navigation: use the links below to view more comments.
first previous 1-2021-4041-43 next last
To: upchuck
Run Outlook 2000. It uses the security settings from Explorer to keep unsigned active-x scripts from running. Problem solved.
21 posted on 11/29/2001 1:38:51 PM PST by Not_Who_U_Think
[ Post Reply | Private Reply | To 20 | View Replies]

To: upchuck
Just a note regarding Norton A/V 2000. I had a customer who used and updated NAV religiously on a peer-to-peer network. I installed a network server with Trend Micro's OfficeScan & ScanMail for Exchange Server and it picked up some 100 various trojans from a handfull of PCs that NAV did not detect. This was the first time I had seen first hand that NAV was not all I thought it was. Trend Micro's products are excellent.
22 posted on 11/29/2001 1:39:58 PM PST by Texas_Jarhead
[ Post Reply | Private Reply | To 20 | View Replies]

To: ASA Vet
My Norton has nailed this virus on several received e-mails in the last three days. It's not a problem, other than a few minutes to tell my Norton what to do with it.

Congrats - That means your Norton AV software is relatively up to date - many treat AV like backups - they don't do anything about it before its too late.

23 posted on 11/29/2001 2:32:14 PM PST by Tunehead54
[ Post Reply | Private Reply | To 15 | View Replies]

To: Tunehead54
Thank you.
24 posted on 11/29/2001 2:33:32 PM PST by mercy
[ Post Reply | Private Reply | To 12 | View Replies]

To: Pearls Before Swine
Thanks. I never open anything unless it's from a close personal friend (about 3 people). I delete them all and empty my trash all the time.
25 posted on 11/29/2001 2:35:31 PM PST by mercy
[ Post Reply | Private Reply | To 14 | View Replies]

To: Texas_Jarhead
Maybe you can help me with a question.

I have received about 12 of these e-mails, all from different sources. I know better than to open them but my question is this:
out of the 12 that I have received, I only recognized 1 sender. I don't have a clue who the other 11 are. If I have never received an e-mail from any of these 11 (except for the virus), why would I be in their address book? Could this virus be picking up addresses from somewhere else or is it maybe just dispicable people picking up addresses off of the net and mailing the virus to anyone?

26 posted on 11/29/2001 3:07:39 PM PST by Texas Tea
[ Post Reply | Private Reply | To 22 | View Replies]

To: Tunehead54
My Norton is setup to notify me of updates. I download them as soon as possible.
I once had to scrub the whole system in my pre Norton days due to viruses.
I've had no problem since.

I also always have the Zone Alarm Pro, and AdSubtract program running.

27 posted on 11/29/2001 7:34:20 PM PST by ASA Vet
[ Post Reply | Private Reply | To 23 | View Replies]

To: Tunehead54
$3.95/year for LiveUpdate subscription from Symantec is correct. They try to keep it reasonable, unlike McAffee.
28 posted on 12/01/2001 12:00:19 PM PST by Excuse_Me
[ Post Reply | Private Reply | To 12 | View Replies]

To: Texas Tea
I have received about 12 of these e-mails, all from different sources. I know better than to open them but my question is this: out of the 12 that I have received, I only recognized 1 sender. I don't have a clue who the other 11 are. If I have never received an e-mail from any of these 11 (except for the virus), why would I be in their address book? Could this virus be picking up addresses from somewhere else or is it maybe just dispicable people picking up addresses off of the net and mailing the virus to anyone?

If you are on a mail list for some group or other, and anyone has received a message posted by you to the mail list but not read it, it will be sent out. It sends the worm (it's a worm and trojan horse, not a virus) to all the unread messages in Outlook.

29 posted on 12/01/2001 12:04:59 PM PST by Excuse_Me
[ Post Reply | Private Reply | To 26 | View Replies]

To: Excuse_Me
Belated thanks for your answer. $3.95 is very reasonable for annual updates from Norton. They're aslo the PC Mag recommendation for best Anti-Virus program with the least overhead/drag on the PC.

McAfee does offer free updates for their AV 5.0 but they do a very good job of hiding its availabilty and try to suck you into online updates of numerous programs - way more than Symantec/Norton's $3.95/year.

One last thing - unless you're experienced - enabling McAfee email scan is difficult - for Outlook, Netscape and Act! I used to hate Symantec and Norton but their AV is OK.

30 posted on 12/02/2001 10:17:21 AM PST by Tunehead54
[ Post Reply | Private Reply | To 28 | View Replies]

To: -No Way-
Bump. I got hit with it(Friend's email)

Cleaned it out. What a pain.

31 posted on 12/02/2001 3:54:42 PM PST by Dan from Michigan
[ Post Reply | Private Reply | To 1 | View Replies]

To: -No Way-
One thing that I want to add to this discussion is that when you run disk defragmenter or scandisk. During those operations it lets you know when the contents of your dsk drive change

Under normal circumstances it would change every ten minutes. After I had the first virus,(W32VBSKakworm), The disk contents changed every 30 seconds. This second worm,(W32Badtrans.B@mm). Even though I cleaned my computer of it, the disk contents keep changing every two minutes. The more often the disk contents change, the more difficult it is to run disk defragmenter and Scandisk.

I cuaght this worm on Thursday and immediately deleted it.

32 posted on 12/03/2001 2:47:29 AM PST by E.G.C.
[ Post Reply | Private Reply | To 1 | View Replies]

To: Arthalion
I had this virus today and got rid of it over at HOUSECALL. Free online scan and virus detection. They detected and cleared the virus. Be sure to check this once or twice a day. Apparently this is the most widespread virus yet.
33 posted on 12/03/2001 9:44:50 AM PST by PJ-Comix
[ Post Reply | Private Reply | To 4 | View Replies]

To: E.G.C.
BTTT. Caught a couple of nights ago. Someone was nice enough to send it to my home computer on purpose
34 posted on 12/03/2001 9:48:34 AM PST by billbears
[ Post Reply | Private Reply | To 32 | View Replies]

To: billbears
I'll bet it might have been some FR detractor. There's a number of e-mail addresses listed in the list where all the keyboards logs from the infected computers go to.
35 posted on 12/03/2001 10:32:02 AM PST by E.G.C.
[ Post Reply | Private Reply | To 34 | View Replies]

To: TomGuy
Your Mail Washer link doesn't work.
36 posted on 12/03/2001 10:36:34 AM PST by my_pointy_head_is_sharp
[ Post Reply | Private Reply | To 8 | View Replies]

To: TomGuy
I tried to download ScanMail. It says I need Adobe reader to open the instructions. I tried at least half a dozen times to download that, with no luck.
37 posted on 12/03/2001 10:53:02 AM PST by my_pointy_head_is_sharp
[ Post Reply | Private Reply | To 8 | View Replies]

To: my_pointy_head_is_sharp
This virus must be VERY widespread. I picked it up 3 times already today from e-mails. You don't have to open your e-mail to get it either. When you click on the message to delete it, the virus is downloaded into your 'puter at that point. Fortunately I was able to get rid of it at HOUSECALL but everybody in my address book was forwarded the virus. Free scan and virus elimination there.

Could this latest virus attack have something to do with Al-Qaeda trying to disrupt the Net?????

38 posted on 12/03/2001 12:45:32 PM PST by PJ-Comix
[ Post Reply | Private Reply | To 37 | View Replies]

To: -No Way-
I have been getting a couple a day. They all are 40k with no message in the body. This is all in my yahoo inbox. I have been deleting them as they come in. The first couple I opened (that is how I found out there was no message) and cut and pasted the emails to let the people know they might have a virus. All of these have re: in the subject line with no subject. The email addys have a _ in front so you can't just hit reply and send.
Anyway since these are coming through my yahoo mail can they do any damage??
In outlook I have gotten a couple that I ignored because I didn't know how to delete them. Something happened to the Norton that was installed and I can't find it now. It went missing about the same time the driver to my cd rom left. Don't know where they went or if they are connected.
I ran the panda scan last night and it found a kak and got rid of it.
I agree with the poster who said it can be spread through mailing lists. I am on several rootsweb lists and the virus isn't coming through the list itself but through members that are on the same lists as I am. That seems to be where mine are coming from. I haven't seen any coming from members of any yahoo groups lists I am on. All the rootsweb lists I am on have had alot of problems.
ps...does anyone know how I can find my cd-rom driver??
39 posted on 12/03/2001 1:44:41 PM PST by imjustme
[ Post Reply | Private Reply | To 1 | View Replies]

To: my_pointy_head_is_sharp
I apology, it's a .net instead of a .com.
MailWasher.Net
40 posted on 12/03/2001 1:49:04 PM PST by TomGuy
[ Post Reply | Private Reply | To 36 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-43 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson