VIRUS ALERT! W32/Badtrans.B

Private Email ^ | Now | Private Email

[-No Way-]

VIRUS ALERT! W32/Badtrans.B

-----Original Message-----

- The W32/Badtrans.B virus continues to spread - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com

Madrid, November 29 2001 -- The number of infections being caused by W32/Badtrans is reaching epidemic proportions in some countries. The areas hardest hit by the virus so far are the United States, France, Portugal, Germany, the United Kingdom, and Scandinavia.

Panda Software offers Gdogs the PQREMOVE(*) utility, free of charge. This tool automatically eliminates W32/Badtrans.B from infected systems. This application can be downloaded from:

http://updates.pandasoftware.com/pqremove/pqremove.com.

To prevent infection from W32/Badtrans.B, Panda Software advises all Gdogs to update their antiviruses, immediately, from the Customer Area on the website at http://www.pandasoftware.com.

As Oxygen3 24h-365d recently reported, W32/Badtrans.B is a dangerous worm that spreads rapidly via e-mail. The file it is contained in has a variable name, which it makes up from three separate word lists. It also installs a

Trojan designed to steal confidential data (passwords etc.) from the infected machine. Oxygen3 24h-365d reminds you that W32/Badtrans.b exploits a known vulnerability in versions 5.01 and 5.5 of Microsoft Internet Explorer. This vulnerability allows an attached file to be run through the message preview pane in Outlook e-mail clients. Gdogs with these versions are advised to download the corresponding patch from:

http://www.microsoft.com/technet/security/bulletin/MS01-020.asp.    <----------IF YOU ARE NOT INFECTED GET THIS NOW!

More information about W32/Badtrans.B is available in Panda Software's Virus Encyclopedia at:

http://service.pandasoftware.es/library/virusCard.jsp?Virus=W32/Badtrans.B

(*) If you are using Netscape Navigator, follow these steps to download the PQREMOVE utility: First, right-click the corresponding link, then select the 'Save Link as...' option. Finally, indicate the directory to which you want to save the file.

NOTE: The addresses above may not show up on your screen as single lines. This would prevent you from using the links to access the web pages. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL. ------------------------------------------------------------

[-No Way-]

Check yer' machines! Especially if you use MS Outlook!!

[asneditor]

This is a real booger of a virus folks!!!! We have been battling it with our users for two days now. Heads Up!
Bit of advice, use Eudora email program. This will prevent you from opening attachments automatically.

[mercy]

Somebody help this ole techno-illiterati out. I'm using Windows 3.1 (I think, circa 1996), and Netscape 4.7. I have a Dell XPS P200 machine and a crappy dial up connecton. Can I even get this virus?

[Arthalion]

Agreed. If anyone's running Outlook at this point, you NEED to have a real-time virus scanner installed...AND MAKE SURE YOUR VIRUS DATA FILES ARE UPDATED!

[Constitution Day]

It hit our office yesterday.

The IT manager has been having one hell of a time!

[Rodney King]

So what you are saying is that just by receiving the email you can get this even if you don't open the attachment?

[Publius]

It hit me last night. I downloaded the latest stuff from McAfee, ran a scan and found the infection. McAfee told me to delete KERNEL32.EXE which I did. Now where can I get an uninfected copy of that file, and what folder does it belong in?

[TomGuy]

Another good way to prevent most infections:

Use a pre-screening program, such as MailWasher or ScanMail to see mail headers on the server. Then delete those that look suspicious; after scanning, you can preview them through the pre-scan or open your regular email program.

MailWasher
ScanMail

[TomGuy]

You should be able to get it from your Windows Installation disk.
What version of Windows are you running?

[mercy]

Can you answer my question in #3? Would really appreciate it.

[fteuph]

KERNEL32.EXE is not a Windows file. There is no need to replace it.

The worm also drops a file called KDLL.DLL which should be deleted. Check any of the anti-virus software vendor sites for further information.

[Tunehead54]

YES.

Even using Netscape mail if you open the attachment it will infect your system. Since you're not an Outlook user the virus can't send itself to people in your address book BUT the virus installs a backdoor which sends your IP address to the author and may allow the author to "control" your PC right down to formatting your hard drive.

Also note: A keystroke registry which will watch for passwords, credit cards numbers, etc. entered at the keyboard is installed and can send this info out over your web connection.

If you don't have virus protection regularly updated you're playing ruskie roulette.

You can get McAfee for 29.95 (Virus Scan) and updates are free via the web.

Symantec - Norton AntiVirus allows a year of "free" updates but then you have to pay for updates - which last time I looked were "3.950" per year. Frankly, I suspect its 39.50 a year as $3.95 annually seems hardly worth the processing costs - anyone want to help out?

Go here for the McAfee Info on this virus

[fteuph]

I believe it only infects through a security hole in MS Outlook and Outlook Express.

[Pearls Before Swine]

Re infection of W3.1 and Netscape 4.77. I doubt that you're vulnerable, at least not through automatic execution of the virus file. That seems to require Outlook or Interet Explorer 5.01 or 5.5. I'm not sure what happens if you get a mail with an attached executable, and then proceed to execute it to see what it does. Don't! I'm also assuming you are using Netscape as your mail program.

[ASA Vet]

My Norton has nailed this virus on several received e-mails in the last three days.
It's not a problem, other than a few minutes to tell my Norton what to do with it.

[Semper911]

Why does ANYone still use Outlook? It is beyond me. Microsoft knows about the open port problem, but they continue to ship version after version with the same goddamned problem. They could care less. Read their license agreement sometime.

Run Netscape 4.7x for browsing and mail (avoid v.6.x). To reduce your exposure to .exe attachments, buy a Mac. If you must run Windoze, Eudora is a fine e-mail app.

Anyone who uses Outlook for mail is just asking to be delivered to hell, and I find it hard to have sympathy for them. It's not like this is new and unheard of.

[Phantom Lord]

Warning! Warning! Warning! Dangerous bug around! Bad Times Virus!

If you receive an e-mail entitled "Bad Times," delete it immediately! Do not open it! Apparently this one is pretty nasty. It will not only erase everything on your hard drive, it will also delete anything on disks within 20 feet of your computer.

It demagnetizes the strips on all of your credit cards. It reprograms your ATM access code, screws up the tracking on your VCR, and uses subspace field harmonics to scratch any CDs you attempt to play. It will program your phone auto dial to call only 900 numbers. The virus will mix antifreeze into your fish tank. It will cause your toilet to flush while you are showering. It will drink all of your beer.

For God's sake, are you listening to me?

It will leave dirty underwear on the coffee table when you are expecting company. It will replace your shampoo with Nair and your Nair with Rogaine, all the while dating your current boy- or girlfriend behind your back and billing the hotel rendezvous to your Visa card, which has been wiped clean.

It will cause you to run with scissors and throw things in a way that is only fun till someone loses an eye. It will rewrite your backup files, change all of your active verbs to passive tense, and incorporate undetectable misspellings which will grossly change the interpretations of key sentences.

If the badness message is opened in a Windows 95 or 98 environment, it will leave the toilet seat up and leave your hair dryer plugged in dangerously close to a full bathtub. It will not only remove the forbidden tags from your mattress and pillows, it will also refill your skim milk with whole milk.

Warn as many people as you can! If you don't send this to 5,000 people within 20 seconds, you'll expel gas so hard your right leg will spasm and shoot straight out in front of you, sending sparks that will ignite the person next to you!

Be careful with this one.

[TomGuy]

Yes, you can still get a computer virus. Good news is that most new virii are designed to hit later versions of Windows. Some of the older virii that would affect Win 3.1 are still out there.

You should install some type of virus program designed for Win 3.1. Check this link for information about F-Prot for Dos/Win31.

[Chapita]

Ditto!

[upchuck]

Ahhh, the joys of running Netscape V4.74, Norton's Antivirus (updated at least once a week) and Zone Alarm Firewall. Receive an average of 3-4 viruses per week. Never been harmed by any of them.

You folks running Outlook or Outlook express are just inviting big trouble. I can understand your not liking Netscape, but Eudora has a swell email client and it is as free as Outlook and not nearly as prone to viruses. HEADS UP!