VIRUS ALERT! W32/Badtrans.B

Private Email ^ | Now | Private Email

[-No Way-]

VIRUS ALERT! W32/Badtrans.B

-----Original Message-----

- The W32/Badtrans.B virus continues to spread - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com

Madrid, November 29 2001 -- The number of infections being caused by W32/Badtrans is reaching epidemic proportions in some countries. The areas hardest hit by the virus so far are the United States, France, Portugal, Germany, the United Kingdom, and Scandinavia.

Panda Software offers Gdogs the PQREMOVE(*) utility, free of charge. This tool automatically eliminates W32/Badtrans.B from infected systems. This application can be downloaded from:

http://updates.pandasoftware.com/pqremove/pqremove.com.

To prevent infection from W32/Badtrans.B, Panda Software advises all Gdogs to update their antiviruses, immediately, from the Customer Area on the website at http://www.pandasoftware.com.

As Oxygen3 24h-365d recently reported, W32/Badtrans.B is a dangerous worm that spreads rapidly via e-mail. The file it is contained in has a variable name, which it makes up from three separate word lists. It also installs a

Trojan designed to steal confidential data (passwords etc.) from the infected machine. Oxygen3 24h-365d reminds you that W32/Badtrans.b exploits a known vulnerability in versions 5.01 and 5.5 of Microsoft Internet Explorer. This vulnerability allows an attached file to be run through the message preview pane in Outlook e-mail clients. Gdogs with these versions are advised to download the corresponding patch from:

http://www.microsoft.com/technet/security/bulletin/MS01-020.asp.    <----------IF YOU ARE NOT INFECTED GET THIS NOW!

More information about W32/Badtrans.B is available in Panda Software's Virus Encyclopedia at:

http://service.pandasoftware.es/library/virusCard.jsp?Virus=W32/Badtrans.B

(*) If you are using Netscape Navigator, follow these steps to download the PQREMOVE utility: First, right-click the corresponding link, then select the 'Save Link as...' option. Finally, indicate the directory to which you want to save the file.

NOTE: The addresses above may not show up on your screen as single lines. This would prevent you from using the links to access the web pages. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL. ------------------------------------------------------------

[OnAMission]

Yep...it's a bugger for sure! Norton caught it on my system only after I did the live update. It had already infected 3 files. It didn't get to the server, luckily.

Norton AV couldn't fix the files as of yesterday, and could only quarantine. I'll try the "panda" site to see if they can be fixed. If not, my computer guy says a re-format may be needed! Ugh!

[PJ-Comix]

I just got that virus for the FOURTH time today. Fortunately I cleaned it out over at HouseCall. I am wondering if this virus is part of some sort of terrorist Internet Attack. I heard that a lot of BellSouth users couldn't get online today.

[OnAMission]

Annoying! I finally got it cleaned out by doing it manually (directions on PANDA). There is a file that didn't show up on Norton AV that also had to be deleted.

Every one should be sure to change their passwords after getting rid of the nasty thing.

I will never understand the reasoning that some very smart people use, to develop these things.

BTW...I enjoy your stuff.