Hello to all my listers, hope this email finds you happy and preparing for the Holidays. This email is to inform you (if you dont already know) that virus's are running rampant again. People continue to download attachments even though they arent expecting anything....and they get a virus. That virus picks up every old email in your file cabinet and sends it to every email address that it finds. Below is information about getting rid of these virus's, and on the virus's themselves. I am begging you all, please be suspicious any time you receive an email with an attachment. Pretend you got home from work and found a pretty wrapped box on your porch unexpectedly...that was ticking. Kathy -aka Firstmom http://khuish.tripod.com/ >>From: ingen@migrations.org (Patrick Hays) To: ingen@ingenweb.net Well, it's that time again... >From http://www.symantec.com/avcenter/venc/data/pf/w32.badtrans.b@mm.html Symantec Security Response http://securityresponse.symantec.com W32.Badtrans.B@mm Discovered on: November 24, 2001 Last Updated on: November 24, 2001 at 12:19:48 PM PST W32.Badtrans.B@mm is a MAPI worm that emails itself out as one of several different file names. This worm also drops a backdoor trojan that logs keystrokes. Type: Worm Virus Definitions: November 24, 2001 Threat Assessment: Wild: Medium Damage: Low Distribution: High Wild: Number of infections: 50 - 999 Number of sites: 3 - 9 Geographical distribution: Medium Threat containment: Easy Removal: Easy Damage: Payload: Large scale e-mailing: Sends email from addresses found in the default MAPI program. Compromises security settings: Installs keystroke logging Trojan. Technical description: This worm arrives as an email with one of several attachment names and a combination of two appended extensions. The list of possible file names is: HUMOR DOCS S3MSONG ME_NUDE CARD SEARCHURL YOU_ARE_FAT! NEWS_DOC IMAGES PICS The first extension that is appended to the file name is one of the following: .DOC .MP3 .ZIP The second extension that is appended to the file name is one of the following: .pif .scr The resulting file name would look something like this: CARD.DOC.PIF NEWS_DOC.MP3.SCR etc. When executed, this worm copies itself as kernel32.exe in the "\windows\system" directory. It then adds the following registry value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Kernel32= kernel32.exe. Prevention methods: 1. Corporate email filtering systems should block all email that have attachments with the extensions .scr and .pif. 2. Users should not open any emails with an attachment that matches the names listed above. Any email that has such an attachment should be deleted. Removal instructions: 1. Run LiveUpdate to make sure that you have the most recent virus definitions. 2. Start Norton AntiVirus (NAV), and make sure that NAV is configured to scan all files. For instructions on how to do this, read the document How to configure Norton AntiVirus to scan all files. 3. Run a full system scan. 4. Delete all files that are detected as W32.Badtrans.B@mm. 5. Remove the registry value listed above. Write-up by: Patrick Martin I have gotten a literal ton of e-mails with this virus. No matter how many times you say it people just don't listen. DO NOT OPEN ATTACHMENTS!!!! DUH!!!!! Patrick> >I have to agree with Patrick here! I am getting at least 12 virus emails a day for the past week or so, with subject lines dating back 2 years! Yes, mail I sent a group of people 2 years ago...I am now getting replies to with the .mp3.scr file attached. Please....if you are not expecting something...do not download it! Look at the file names, if it has 2 file extensions (filename.mp3.scr)....do not download it! If it says "I send this to you for your advice...do not download it! Virus's are running rampant right now, so please be careful if you see an email with anything attached. Kathy Firstmom's Genealogy Resources http://khuish.tripod.com/ < ==== INNEWTON Mailing List ====