Skip to comments.
VIRUS ALERT! W32/Badtrans.B
Private Email ^
| Now
| Private Email
Posted on 11/29/2001 11:40:41 AM PST by -No Way-
VIRUS ALERT! W32/Badtrans.B -----Original Message-----
- The W32/Badtrans.B virus continues to spread - Oxygen3 24h-365d, by Panda Software (
http://www.pandasoftware.com
Madrid, November 29 2001 -- The number of infections being caused by W32/Badtrans is reaching epidemic proportions in some countries. The areas hardest hit by the virus so far are the United States, France, Portugal, Germany, the United Kingdom, and Scandinavia.
Panda Software offers Gdogs the PQREMOVE(*) utility, free of charge. This tool automatically eliminates W32/Badtrans.B from infected systems. This application can be downloaded from:http://updates.pandasoftware.com/pqremove/pqremove.com
. To prevent infection from W32/Badtrans.B, Panda Software advises all Gdogs to update their antiviruses, immediately, from the Customer Area on the website at
http://www.pandasoftware.com. As Oxygen3 24h-365d recently reported, W32/Badtrans.B is a dangerous worm that spreads rapidly via e-mail. The file it is contained in has a variable name, which it makes up from three separate word lists. It also installs a
Trojan designed to steal confidential data (passwords etc.) from the infected machine. Oxygen3 24h-365d reminds you that W32/Badtrans.b exploits a known vulnerability in versions 5.01 and 5.5 of Microsoft Internet Explorer. This vulnerability allows an attached file to be run through the message preview pane in Outlook e-mail clients. Gdogs with these versions are advised to download the corresponding patch from:
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp
. <----------IF YOU ARE NOT INFECTED GET THIS NOW! More information about W32/Badtrans.B is available in Panda Software's Virus Encyclopedia at:
http://service.pandasoftware.es/library/virusCard.jsp?Virus=W32/Badtrans.B
(*) If you are using Netscape Navigator, follow these steps to download the PQREMOVE utility: First, right-click the corresponding link, then select the 'Save Link as...' option. Finally, indicate the directory to which you want to save the file.
NOTE: The addresses above may not show up on your screen as single lines. This would prevent you from using the links to access the web pages. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL.
------------------------------------------------------------
TOPICS: Announcements; News/Current Events
KEYWORDS:
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-43 next last
To: upchuck
Run Outlook 2000. It uses the security settings from Explorer to keep unsigned active-x scripts from running. Problem solved.
To: upchuck
Just a note regarding Norton A/V 2000. I had a customer who used and updated NAV religiously on a peer-to-peer network. I installed a network server with Trend Micro's OfficeScan & ScanMail for Exchange Server and it picked up some 100 various trojans from a handfull of PCs that NAV did not detect. This was the first time I had seen first hand that NAV was not all I thought it was. Trend Micro's products are excellent.
To: ASA Vet
My Norton has nailed this virus on several received e-mails in the last three days. It's not a problem, other than a few minutes to tell my Norton what to do with it. Congrats - That means your Norton AV software is relatively up to date - many treat AV like backups - they don't do anything about it before its too late.
To: Tunehead54
Thank you.
24
posted on
11/29/2001 2:33:32 PM PST
by
mercy
To: Pearls Before Swine
Thanks. I never open anything unless it's from a close personal friend (about 3 people). I delete them all and empty my trash all the time.
25
posted on
11/29/2001 2:35:31 PM PST
by
mercy
To: Texas_Jarhead
Maybe you can help me with a question.
I have received about 12 of these e-mails, all from different sources. I know better than to open them but my question is this:
out of the 12 that I have received, I only recognized 1 sender. I don't have a clue who the other 11 are. If I have never received an e-mail from any of these 11 (except for the virus), why would I be in their address book? Could this virus be picking up addresses from somewhere else or is it maybe just dispicable people picking up addresses off of the net and mailing the virus to anyone?
To: Tunehead54
My Norton is setup to notify me of updates. I download them as soon as possible.
I once had to scrub the whole system in my pre Norton days due to viruses.
I've had no problem since.
I also always have the Zone Alarm Pro, and AdSubtract program running.
27
posted on
11/29/2001 7:34:20 PM PST
by
ASA Vet
To: Tunehead54
$3.95/year for LiveUpdate subscription from Symantec is correct. They try to keep it reasonable, unlike McAffee.
To: Texas Tea
I have received about 12 of these e-mails, all from different sources. I know better than to open them but my question is this: out of the 12 that I have received, I only recognized 1 sender. I don't have a clue who the other 11 are. If I have never received an e-mail from any of these 11 (except for the virus), why would I be in their address book? Could this virus be picking up addresses from somewhere else or is it maybe just dispicable people picking up addresses off of the net and mailing the virus to anyone? If you are on a mail list for some group or other, and anyone has received a message posted by you to the mail list but not read it, it will be sent out. It sends the worm (it's a worm and trojan horse, not a virus) to all the unread messages in Outlook.
To: Excuse_Me
Belated thanks for your answer. $3.95 is very reasonable for annual updates from Norton. They're aslo the PC Mag recommendation for best Anti-Virus program with the least overhead/drag on the PC.
McAfee does offer free updates for their AV 5.0 but they do a very good job of hiding its availabilty and try to suck you into online updates of numerous programs - way more than Symantec/Norton's $3.95/year.
One last thing - unless you're experienced - enabling McAfee email scan is difficult - for Outlook, Netscape and Act! I used to hate Symantec and Norton but their AV is OK.
To: -No Way-
Bump. I got hit with it(Friend's email)
Cleaned it out. What a pain.
To: -No Way-
One thing that I want to add to this discussion is that when you run disk defragmenter or scandisk. During those operations it lets you know when the contents of your dsk drive change
Under normal circumstances it would change every ten minutes. After I had the first virus,(W32VBSKakworm), The disk contents changed every 30 seconds. This second worm,(W32Badtrans.B@mm). Even though I cleaned my computer of it, the disk contents keep changing every two minutes. The more often the disk contents change, the more difficult it is to run disk defragmenter and Scandisk.
I cuaght this worm on Thursday and immediately deleted it.
32
posted on
12/03/2001 2:47:29 AM PST
by
E.G.C.
To: Arthalion
I had this virus today and got rid of it over at
HOUSECALL. Free online scan and virus detection. They detected and cleared the virus. Be sure to check this once or twice a day. Apparently this is the most widespread virus yet.
33
posted on
12/03/2001 9:44:50 AM PST
by
PJ-Comix
To: E.G.C.
BTTT. Caught a couple of nights ago. Someone was nice enough to send it to my home computer on purpose
To: billbears
I'll bet it might have been some FR detractor. There's a number of e-mail addresses listed in the list where all the keyboards logs from the infected computers go to.
35
posted on
12/03/2001 10:32:02 AM PST
by
E.G.C.
To: TomGuy
Your Mail Washer link doesn't work.
To: TomGuy
I tried to download ScanMail. It says I need Adobe reader to open the instructions. I tried at least half a dozen times to download that, with no luck.
To: my_pointy_head_is_sharp
This virus must be VERY widespread. I picked it up 3 times already today from e-mails. You don't have to open your e-mail to get it either. When you click on the message to delete it, the virus is downloaded into your 'puter at that point. Fortunately I was able to get rid of it at
HOUSECALL but everybody in my address book was forwarded the virus. Free scan and virus elimination there.
Could this latest virus attack have something to do with Al-Qaeda trying to disrupt the Net?????
38
posted on
12/03/2001 12:45:32 PM PST
by
PJ-Comix
To: -No Way-
I have been getting a couple a day. They all are 40k with no message in the body. This is all in my yahoo inbox. I have been deleting them as they come in. The first couple I opened (that is how I found out there was no message) and cut and pasted the emails to let the people know they might have a virus. All of these have re: in the subject line with no subject. The email addys have a _ in front so you can't just hit reply and send.
Anyway since these are coming through my yahoo mail can they do any damage??
In outlook I have gotten a couple that I ignored because I didn't know how to delete them. Something happened to the Norton that was installed and I can't find it now. It went missing about the same time the driver to my cd rom left. Don't know where they went or if they are connected.
I ran the panda scan last night and it found a kak and got rid of it.
I agree with the poster who said it can be spread through mailing lists. I am on several rootsweb lists and the virus isn't coming through the list itself but through members that are on the same lists as I am. That seems to be where mine are coming from. I haven't seen any coming from members of any yahoo groups lists I am on. All the rootsweb lists I am on have had alot of problems.
ps...does anyone know how I can find my cd-rom driver??
39
posted on
12/03/2001 1:44:41 PM PST
by
imjustme
To: my_pointy_head_is_sharp
40
posted on
12/03/2001 1:49:04 PM PST
by
TomGuy
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-43 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson