Hi All: I received a virus yesterday. If you have received an email from me with an attachment I pray your virus detector caught it before any problems occurred. The email was a reference to an LDS transcription. I believe it steals subject lines from your inbox and then remails itself. The big thing is I DID NOT OPEN the attachment but the virus loaded itself anyway. To quickly for me to stop it! My virus detector did not catch it until I rebooted. However, today I have received many emails with the virus. All caught by my virus detector. This thing is stealing subject lines from emails in your inbox. Please be careful and I want to offer my apologies to anyone who may have become infected as a result of my email. Alma The following is instructions for purging your machine of the virus: > 32/[email protected] Removal Instructions > Windows 95/98/2000/NT users Change the Folder View Options Double-click on the My Computer icon on the desktop. Double-click on the C: drive. Click on the View pull-down menu then click on Options (or Folder Options). The Folder Options dialog box will then appear. Click on the View tab. Select the 'Show all files' option. Uncheck 'Hide file extensions for known file types'. Click the Apply button followed by the OK button. Close the remaining open windows until you are back on the desktop. Backup the Registry Click on the Start button. Click on Run. Type in REGEDIT then click the OK button. The Registry Editor will then appear. Click on the Registry pull-down menu then click on Export Registry File. The Export Registry File dialog box will then appear. The top of this dialog box contains an option entitled Save In. Make sure Desktop is selected for the Save In option. If it is not, click the pull-down arrow and select Desktop from the menu. In the File Name field type "Backup" (without the quotation marks). In the Export Range group box make sure All is selected. Click on the Save button. You have now created a backup of your registry. Close the Registry Editor by clicking the X in the top right corner. NOTE: If you need to restore the registry you can double-click on the backup file you created and it will be restored. The backup file will be located on your desktop. Once you have finished these instructions and are certain everything is working properly it is important to delete the "backup" file you created. Do this by right-clicking on the Backup file on the desktop then left-clicking on Delete from the pop-up menu that appears. This will ensure that the old registry is not accidentally restored once this process is complete. Edit the Registry Click on the Start button. Click on Run. Type in REGEDIT then click the OK button. The Registry Editor will then appear. On the left side of the screen double-click on HKEY_LOCAL_MACHINE. Double-click on Software. Double-click on Microsoft. Double-click on Windows. Double-click on CurrentVersion. Single-click on the RunOnce folder so it is highlighted. You will notice the right-side of the screen has a Name column and a Data column. On the right side of the screen, single-click on the word "Kernel32" under the Name column so it is highlighted. Press the Delete key on the keyboard to remove the highlighted Windows entry. Close the Registry Editor by clicking the X in the top right corner. Editing the WIN.INI (Windows NT users are not affected) Click on the Start button. Click on Run. Type in WIN.INI and then click the OK button. The C:\WINDOWS\WIN.INI window will appear. Scroll all the way over to the right in this window and next to RUN= there will be this reference: c:\windows\inetd.exe. Remove this reference. If you do not see the reference it may be off the screen. Remember to scroll all the way over to the right. Click on the X in the top right corner to close the WIN.INI window. You will be asked if you wish to save changes. Answer Yes. Delete the Virus Files Click on the Start button. Highlight Find then click on Files or Folders. The Find Files dialog box will then appear. Make sure the C: drive is selected for the Look In option. In the Named field type in INETD.EXE then click the Find Now button. The computer will then search for this file. When the file is found the file's name will be displayed towards the bottom of the dialog box. Once the file is found right-click on the small icon that appears to the left of the file's name. A pop-up menu will appear. Left-click on Delete to remove this file. Repeat steps 4 - 7 for the for the following file names: KERN32.EXE HKSDLL.DLL HKK32.EXE CP_23421.NLS Once all three files have been deleted close the Find Files dialog box by clicking the X in the top right corner. Empty your recycle bin by right-clicking on the Recycle Bin icon on the desktop and left-clicking on Empty Recycle Bin. Restart your computer. The Trojan has now been removed.