Note: The Rootsweb Mailing Lists will be shut down on April 6, 2023. (More info)
RootsWeb.com Mailing Lists
Home

Results for list 'folklore'

Total: 1/1
    1. [FOLKLORE FAMILY] Bad-Trans.B Virus going around

    3. This is a copy of the email I just sent to the Candyman Lists. So far I've received three infected emails within 4 hours. Please be careful. Linda Bee Those of you on the Genie-Angels list know that several of us received the Bad-Trans.B virus today. Please check your email subject line before you open it and if it has an attachment check below to see if it might be part of the Bad-Trans.B virus. You can tell if it is a Bad-Trans.B virus because there is an underline before the return address in your inbox. As an example, instead of being from "[email protected]" the email would be from "[email protected]" with the underline first. Delete it immediately, then empty your trash folder. Update your virus definitions and run a scan to be sure you are clean. This virus was discovered yesterday in Europe. I tried to update my Norton and it is insisting that I'm up to date. I'm running a virus scan anyway. When that is done I'll check Trend Micro's 'House Call'. If that includes Bad-Trans.B, I'll run that. If not, I'll go to F-Secure and run their program. Almost all of the anti-virus programs will let you try their product for a free trial. Note: House Call is a free anti-virus program. It has also caught virus's on my computer that Norton missed. <A HREF="http://www.antivirus.com/pc-cillin/">Trend Micro PC-cillin, antivirus software</A> http://www.antivirus.com/pc-cillin/ Under "Purchase Software" there is a line called 'try before you buy'. <A HREF="http://www.fsecure.com/">Welcome to F-Secure, Securing the Mobile Enterprise</A> http://www.fsecure.com/ I'm paraphrasing the information I've included below from F-Secure....The Bad-Trans.B virus will take the addresses from all your unread email and send it out with the worm attached. It doesn't start working until your computer is shut down and then restarted. It then takes 5 minutes before it starts to send email. If the Bad.Trans.B worm is sent to a computer that has an unread email with "Reply" it will send that out. If the reply is to you, your computer will be reinfected if you open that attachment. I received two infected emails today, both from the same person. They had different subject lines but both had attachments. The attachment names are in three parts which are listed below. The first one I received was PICS.DOC.scf. I don't know what the second one had..I never opened it, just deleted it and emptied my trash folder. Linda Bee Note: I just received another one from someone else on the lists. With all three infected emails that I received I believe that almost all the lists have someone on them who is infected. I'm sure the people involved realized it now. Just in case, I sent an email to the one who was just infected; the other happened this afternoon so I'm sure they know. Name of the attachment: FUN HUMOR DOC SS3M SONG Sorry_about_yesterday ME_NUDE CARD SETUP SEARCHURL YOU_ARE_FAT! HAMSTER NEWS_DOC New_Napster_Site README IMAGES PICS First extension: DOC MP3ZIP Second extension: pif scr <A HREF="http://www.datafellows.com/v-descs/badtrans.shtml">F-Secure Computer Virus Information Pages: BadTrans</A> http://www.datafellows.com/v-descs/badtrans.shtml <A HREF="http://www.datafellows.com/v-descs/info/variant.shtml">VARIANT:</A> Badtrans.B <A HREF="http://www.datafellows.com/v-descs/info/alias.shtml">ALIAS:</A> BadtransII, I-Worm.BadtransII Badtrans.B e-mail worm has been found from several locations in Europe on 24th of November 2001. This worm sends e-mail messages without message text. The attachments are variably named and with double extensions: Name of the attachment: FUN HUMOR DOC SS3M SONG Sorry_about_yesterday ME_NUDE CARD SETUP SEARCHURL YOU_ARE_FAT! HAMSTER NEWS_DOC New_Napster_Site README IMAGES PICS First extension: DOC MP3ZIP Second extinction: pif scr The attachment might execute automatically when the emails are viewed. To do this Badtrans.B uses a known vulnerability in IE that allows execution of an email attachment. This vulnerability is fixed and a patch for it is available on Microsoft site: <A HREF="http://www.microsoft.com/windows/ie/downloads/critical/q290108/default.asp"> http://www.microsoft.com/windows/ie/downloads/critical/q290108/default.asp</A> The worm also drops a password stealing trogan KDLL.DLL detected by F-Secure Anti-Virus as Trojan.PSW.Hooker. F-Secure Anti-Virus detects both variants of Badtrans worm and trojan components with the updates published on November 24, 2001 / 23:29 GMT. [F-Secure Corporation and Kaspersky Lab, November 24, 2001]

    11/25/2001 02:14:11