Hi List:--Kathy Hudson, AFHA list owner, suggested I send this to all of you. It's what I sent to her at 1:45 this morning after I'd *finally* cleaned the virus from my system. It's a little jumbled (sorry about that - I was dog tired), but hopefully some little thing will be helpful to someone out there. Oh, by the way. Throughout the entire ordeal, my virus scan never once recognized the infection. It insisted "no virus found." As a way to check the various things I'd tried, I sent myself an email every now and then. When it instantly repeated itself in my outbox *with the attachment* I had *not* attached, I knew I still had it. Y'all may want to try this as a safety measure. And please, please delete every email you receive until you're absolutely sure you're not infected. If you want to save the message, print a hard copy. And be sure to empty these deleted emails from your trash bin (or wherever your system puts deletions). If you have trouble deleting the various files the virus has created in your directories, get professional help. I'm serious. And, if you have no earthly idea where to find these directories, get professional help. At the very least, contact your anti-virus program's support team for help. They'll guide you thru the necessary steps. That's what they're there for. Hope some of this is helpful. Happy virus killing <grin> Mysty shakerag@mtnhome.com ****************************************************** ----- Original Message ----- From: Mysty McPherson To: Kathy Hudson Sent: Wednesday, April 18, 2001 1:43 AM Subject: Latest virus Hey!!! I'm clean!!!! *Finally!!!* <BBBBBBG> I'm a bit chicken about deleting things I don't know much about in case they're "attached" to something I need to run this blamed machine. But I finally "bit the bullet" and here's what I've learned. Apparently McAfee has all the info - just doesn't yet have the DAT files to download so no way to "catch" it nor to remove it. So - I had to do it manually. The virus is a mass mailing worm. It's name is W32Badtrans@MM. It changes/adds to all sorts of things. McAfee has a good explanation - but assumes a bunch of things. Basically, the file INETD.EXE in the Windows Directory runs the whole shooting match. However, when you try to delete it while in Windows, it tells you the file can't be deleted 'cuz Windows needs it. So - I got brave and went into DOS and deleted it from C:\Windows. It worked!!!! The info about it can be found at http://vil.mcafee.com/dispVirus.asp?virus_k=99069& When they talk about a "registry entry," they're referring to the long thing following that reference: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kernel32=kern32.exe. I found out you find it by clicking on Start, click on Run, ask for regedit (registry edit). Takes a while to figure that one out, but once you've found it, all you have to do is delete "RunOnce." DO NOT touch anything else. Emails have been piling up madly. Would suggest you advise *everyone* to quit sending emails about "funny files" etc 'cuz all they're doing is spreading this monster around. (I never opened either attachment I told you about last night, but got it anyway. Like I tell folks repeatedly - "I *don't* do *attachments* - period!) Nearly every email I've received has repeated itself - with the dratted attachment - in my out box the very instant the received email opened. What I've done is delete each incoming email, each email in my outbox, and then deleted them all from my deleted box. And, oh, yes. I do not do "automatic send" - I send each email manually. Otherwise everything I'd received would have been on the airways in a heartbeat or less. From what I've been getting, it really seems to be coming from Rootsweb - or at least via a bunch of folks who use Rootsweb. I can hardly believe this, but when the stuff comes in from AFHA-D and ARMARION-D and isn't caught, it ma! kes me wonder a bit. Hope at least some of this is helpful. I've been at it off and on for over 24 hours - and it's about exhausted my last few viable brain cells <groan> I'm off to take about a jillion aspirin to get rid of this gawd-awful headache and get some much-needed sleep. If I can help, just holler. Mysty shakerag@mtnhome.com