I received this from another rootsweb maillist. Just before I received this notice, I received 3 emails with infected files. One from this list. I felt the need to pass it along! Nora Hi Everyone, This virus has a very high penetration rate and is successful in the payload.  The virus is undetectable in some instances because it is embedded in HTML. It appears there's a new strain of the Bad Trans virus running rampant through the maillist subscribers.   This one is the <W32.Badtrans.B@mm>.  For benefit of you newbies, the BadTrans is a nasty little worm that gets into your computer and mails out messages without your knowledge.  This new version of the worm also drops a backdoor trojan that logs keystrokes.  Those messages contain an attachment with the virus. A quick lesson here for those of you who don't know ... 1.  You should ALWAYS be extremely cautious when it comes to opening attachments.  If you receive one that you didn't expect, before opening it write back to the sender to see if s/he mailed something to you and find out what it is. 2.  You will NEVER receive a virus through a RootsWeb maillist, but if listmembers get infected, their computer may send you the virus, which *may* have a list subject line. 3.  This new strain of BadTrans is going to make life difficult for a LOT of people.  Note the differences: The first wave of BadTrans virus messages always had a standard "Take a look to the attachment." at the end of the message but above the attachment.  Also, those messages had double extensions (for example: filename.exe.pif OR filename.doc.scr OR filename.txt.exe OR any other combination of extensions), know immediately that your message is holding a virus.  Do not open the attachment, but delete it immediately. According to people who have already received infected messages this newer strain of BadTrans virus is even nastier than the first because it is undetectable in some instances because it is embedded in HTML, the attachment may not show or there is a false (second) extension.   It appears to have filename.doc or filename.txt BUT THE REAL EXTENSION (.scr or .exe) IS 59 SPACES TO THE RIGHT.  Also, the message size will be around 29 or 30k even if no words shows up.  Many of the messages are blank.  One other clue, the email addresses of the sending computers is altered by having an underline character preceeding the address <_ComputerUser@isp.com>. You are strongly encouraged to keep your virus protects updated on a daily basis ~ or at least every other day. You can read about this virus and how to remove it from your system on the Norton Symantec site ... http://www.symantec.com/avcenter/ http://www.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html From: mmcmanness@mindspring.com