Dear Family, Friends and Fellow Researcher, First let me appoligise to those of you who will be getting this more then once. Unfortunatly, I have gotten this virus going around, and I know some of you don't know how to get rid of it, as I didn't. I have written to the virus doctor at Trend Micro and this is the responce I recieved to get rid of it. I felt this would be the easies way to let you know how to rid yourself of this virus if you don't know how. This is the answer I recieved. I hope it helps someone, and if I have been responsiable for any of you recieving this I am sorry. Unfortunatly I tried to open the file I recieved from George on the Campbell list and that is how I got it. Pam Hart -----Original Message----- From: Virus Doctor at US <Virus_Doctor@trendmicro.com> To: 'Pam Hart' <pshart1@voyager.net> Date: Tuesday, April 17, 2001 10:20 PM Subject: RE: [0418.94.mary] TROJ_BADTRANS.A help! >Dear Customer, > >Greetings of peace. > >Please delete the following: > >inetd.exe found in the win.ini file or in the registry. > >hksdll.dll in the windows\system directory. > >KERN32.EXE is also detected as TROJ_BADTRANS.A. > >If you can't delete the detected file/s please follow the steps below: > >1. Take note of the location of the detected file >2. Reboot your system to DOS prompt. If you can't find this option you may >restart your system then before the Windows logo appear, immediately press >F8. >3. You will be seeing the Windows Startup Menu. >4. Choose the Command prompt only option. This will take you to a command >prompt. >5. from c:\ prompt delete the file > >syntax: in c:\ prompt type DEL <file location><filename> hit ENTER key >example DEL c:\windows\system\GDI32.exe > >6. Reboot the machine normally. > >This memory resident Internet worm propagates via email clients that use >Windows sockets, such as Microsoft Outlook and Outlook Express. It replies >to all unread email messages with itself attached to the email. The email >sent by the worm has the same subject header and message body as the >original email. The name of the sender will be the name of the user who is >currently logged on to the infected computer. This worm also modifies >WIN.INI so that it is executed at the next re-boot. > >Below is the hyperlink which describes TROJ_BADTRANS.A and how to remove it. > ><http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BADTRA N >S.A> > >Scan your system again and delete all file/s detected as TROJ_BADTRANS.A. > >A Trojan horse is a program that performs some unexpected or unauthorized, >usually malicious, actions, such as displaying messages, erasing files or >formatting a disk. A Trojan horse doesn't infect other host files, thus >cleaning is not necessary. To get rid of a Trojan, simply delete the >program. > >Please update your pattern file and scan engine regularly to keep you safe >from virus attack. >Download the latest pattern at this site: ><http://www.antivirus.com/download/pattern.asp> >Download the latest scan engine at this site: ><http://www.antivirus.com/download/engines> > >If you have any other inquiries, please feel free to contact us. Thank you >and have a nice day! > >-----Original Message----- >From: Pam Hart [mailto:pshart1@voyager.net] >Sent: Tuesday, April 17, 2001 12:09 AM >To: Virus Doctor at US >Subject: TROJ_BADTRANS.A help! > > >Dear Doc, > >I recieved this virus, Sat. and found out from your site that it is in 3 >files. >C:\windows\system\kern32 >C:\system\hksdll.dll >C:\INETD.EXE