To: Fellow List Members! From: BILYEU/WORKMAN/OREGON TRAIL Mail Lists MOM IMPORTANT! I MUST pass along this message with a full description on the new virus W32.BadTrans.B@MM which showed up for me when I received 8 emails in the past 2 DAYS from this example email address: "John Doe" <_johndoe@wherever.com> The underscore tipped me off! Some of the people I received the virus from are SUBSRIBERS on our BILYEU/WORKMAN/OREGON TRAIL Mail Lists! I received a good explaination below from a ListOwner on the [NJ-SOM-RARITAN] Mail List so wanted to pass it along to my lists. PLEASE READ! This is NO joke... it's a BAD one, and it's running rapid TODAY! Rose Terry @>,--'--- BILYEU/WORKMAN/OREGON TRAIL Mail Lists MOM \\\|/// \\ ~ ~ // Give your children these two things - One is roots, ( @ @ ) the other, wings. -oOOo-(_)-oOOo- Rose CAUDLE TERRY, Washington state @>,--'--- BILYEU, WORKMAN & OREGON TRAIL Listmom (genealogical) Proud RootsWeb Sponsor RMTerry@prodigy.net http://www.genealogy.bilyeu.com/ --------------------------------------------------------------------- Hi everyone, You know the saying, "Forewarned is forearmed?" Well, here's your opportunity to "get smart" with regard to this insidious and dangerous virus that's going through all of us right now. I've been doing some heavy research for the past two days in addition to communicating with a lot of you. Hopefully, this message will clear up a lot of the confusion that's been going around. It's also probably going to be a "longie," so you might want to grab your coffee cups, tea glasses, or soda cans and sit back to have a rather extensive read. I won't do another update unless this virus mutates again and does something drastically weird. I'm sure everyone knows by know that the current virus we're all dealing with is a SECOND strain to the original Bad Trans worm we had to weather through. If you'll remember, the first Bad Trans warned us by way of double extensions on an attachment plus the giveaway instruction, "Take a look to the attachment." Not completely so with this second strain! This insidious little mutant has so many people confused that they're unwittingly opening messages and getting infected. Rather than go into it all again, please read my warning message of the night before. From there I'll update here... This section is a composite of information found at <http://www.symantec.com>, <http://www.mcafee.com>, and <http://www.viruslist.com>. After this section I'll pass along some comments from the field (us)... The W32.BadTrans.B@MM is a worm that spreads under Win32 systems. The virus sends email messages with infected files attached, as well as installs a spying Trojan component to steal information from infected systems. The worm itself is a Win32 executable file (PE EXE file). Unopened, it's about 29-30Kb in size, but decompressed the worm file length becomes about 60Kb in size. The worm consists of two main components, the Worm itself and a Trojan. The "Worm" component sends infected messages, and the "Trojan" component sends out information (user's info, remote access service data, cached passwords, keyboard log) from infected computers to a specified e-mail address. It also keeps a keystroke-log program body in its code, and installs it into the system while infecting a new machine. INFECTING THE SYSTEM When a user clicks on an attached file and activates the code, the worm gains access to the computer. First of all, it installs its components to the system and registers in the system registry. Once running, the Trojan attempts to mail the victim's IP address to the author. Once this information is obtained, the author can connect to the infected system via the Internet and steal personal information such as user names, and passwords. In addition, the Trojan also contains a keystroke-log program which is capable of capturing other vital information such as credit card and bank account numbers and passwords. The worm also drops an additional keyboard hooker (Win32 DLL file) to the system, and then uses this to spy on text entered by a keyboard. If programmed by the hacker to do so, the worm may delete the original, infected file once installation is complete. SPREADING McAfee reports, "If the attachment is opened, the worm displays a message box entitled, "Install error" which reads, "File data corrupt: probably due to a bad data transmission or bad disk access." But this isn't happening to me, or a lot of other people (at least not that I've seen, anyway). What IS happening follows: When a user becomes infected, the next time s/he reboots the computer, the virus goes through the user's email program and looks for unread messages in all the mailboxes. To send infected messages, the worm uses a direct connection to an SMTP server. A victim's email address is obtained in two different ways: 1. through your address book 2. by the worm reading all your e-mail in your inbox, and obtains e-mail addresses from here. Next, the worm generates replies and sends infected messages. The message body contains HTML format, and uses a system breach to spawn an infected attachment on vulnerable machines. The worm uses the infected computer owner's email address as the sender, BUT it adds "_" (underscore) before the real address. The subject line may OR MAY NOT have a subject line of nothing but "RE:" (nothing else). For most of us, the body of the email is completely blank. There are no attachments, so there is nothing to click. That's because the virus is embedded in the body, with code that hides it. The recipient receives what appears to be a totally blank message. It's actually 29-30K long. Are you a list manager who's receiving reports that <_aperson@thisisp.com> has been sending out infected messages to your membership? Let's see if I can explain this one for you ... A SCENARIO TO EXPLAIN MOST OF IT You're a listowner of the ABC-l list. In your membership is Ima Doe. She uses Microsoft Outlook and has a HUGE address book filled with peers doing genealogy from all the lists she belongs to. In real life, Ima has a daughter, Sheeza. :) Sheeza isn't part of any list, nor does she do genealogy. However, Sheeza's computer is infected. Her infected machine emails Mom (Ima), and Mom seeing a message from her beloved daughter Sheeza, immediately opens the message! That's all she wrote! Ima's computer is now infected. You, the listowner of the abc-l list, and anyone else in Ima's address book, is now vulnerable to receiving the infection. List members start reporting that Sheeza Doe <_sheeza@isp.com> is sending out virus messages! Being a terrific list manager (and you are, aren't you?) you head for your utilities page to unsub this poor woman till she gets her machine cleaned up, but alas!... there is NO sheeza in the membership, nor is there anyone from isp! The message everyone received said it's from Sheeza Doe <_sheeza@isp.com> simply because Sheeza was in Ima's computer! Get that??? <g> (I've been working at this for a while folks, and am feeling a little uhm... "creative" here! If the Ima's and Sheeza's get you all fouled up, change the Ima to Jane and the Sheeza to son, John.) Symantec reports: If SMTP (user) information can be found on the current computer, then it will be used for the From: field. Otherwise, the From: field will be one of: "Mary L. Adams" <mary@c-com.net> "Monika Prado" <monika@telia.com> <--- I've had this one several times "Support" <support@cyberramp.net> "Admin" <admin@gte.net> "Administrator" <administrator@border.net> "JESSICA BENAVIDES" <jessica@aol.com> "Joanna" <joanna@mail.utexas.edu> "Mon S" <spiderroll@hotmail.com> "Linda" <lgonzal@hotmail.com> "Andy" <andy@hweb-media.com> "Kelly Andersen" <Gravity49@aol.com> "Tina" <tina0828@yahoo.com> "Rita Tulliani" <powerpuff@videotron.ca> "JUDY" <JUJUB271@AOL.COM> "Anna" <aizzo@home.com> However, we're all receiving messages from a host of other names, including those we don't know (like <_sheeza@isp.com>?). >From a message in the field: "I just discovered a problem when searching for FROM: addresses that start with <"_">. There is a problem with people who have their email program set to show both their name and email address in the FROM: header. If such a person is infected, mail from him/her will show, in the header, something like the following: "John Doe" <_johndoe@wherever.com> "The FROM: element in the header you see before you open the email will show only "John Doe". That's a problem. Either set up a filter to divert infected emails to a separate mailbox, or make sure your system is COMPLETELY protected before you open or preview any more emails.)" To notify the person who has the infected machine, simply remove the leading '_' from their email address. WHAT CAN YOU DO? 1.) Insure that your antivirus software has been updated since November 25, 2001. Anything before that will not give you the protection you need from this strain of BadTrans. Because of the mutations this strain appears to be doing, most people are updating DAILY now. 2.) Keep your antivirus program running at all times. You just never know when you'll be the next "recipient." 3.) Stay calm. Realize and remember that N0 virus is currently capable of passing through a RootsWeb list. Rootsweb's filters are set to very high. However, BadTrans.B makes it *APPEAR* that this is happening, and uses list messages as a source for new targets. Unsubscribing from the list will do you no good if your email address is already in someone else's computer and that machine becomes infected. MICROSOFT OUTLOOK USERS BE SURE TO READ THIS! Particularly vulnerable to the BadTrans.B virus are those users of Outlook (not Outlook Express). It's imperative that Outlook users NOT open suspicious emails, or even preview them. Outlook users will infect their computers simply by opening or previewing infected email. Since these infected messages have no attachments to click on in order to activate the virus, just opening the message activates the virus through HTML coding embedded in the post. Again, the message size is 29-30K, but what you see is a blank message. At the point of seeing the blank message, the computer has been infected. Outlook users are advised to view the headers. If a header reports a sender's address as similar to <_somebody@someisp.com>, DO NOT OPEN IT! As stated above, opening or even previewing an infected message through Outlook will activate the virus and cause your system to become infected. Available since May 16, 2001 is a patch for Outlook versions 5.01 and 5.5 that should be downloaded and installed immediately. MSIE 6.0 appears not to be affected because the patches for previous versions have been incorporated into it. You can check to see which patches your system needs by going to <http://windowsupdate.microsoft.com/>. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ WINDOWS ME USERS READ THIS! Windows ME utilizes a backup utility that backs up selected files automatically to the C:\_Restore folder. This means that an infected file could be stored there as a backup file, and VirusScan will be unable to delete these files. I have the instructions on how to remove the infected files from the C:\_Restore folder if you need/want them. IDEAS AND COMMENTS FROM THE FIELD (US): 1. Are you concerned about even receiving infected messages? Here's an idea that _might_ work: Set up a special folder specifically for "Infected Mail." Then, use your email program's filter to watch and transfer all messages with the "_" in the header to that "Infected Mail" folder. Make sure this is the first of your filters. 2. Are you emailing people telling them their computer is infected and that person writes back that it's not? This is because of the virus sending out the infected messages without the PC owner's knowledge. The person's machine is "definitely infected, whatever they may say to the contrary. Keep in mind that the virus is only contained in the messages that their computer is sending without their knowledge - not the ones they are sending you legitimately. That is why you are receiving some virus infected messages and some virus free. Unless their virus definitions are up-to-date they could run a virus scan & find nothing. Norton only updated their definitions to include the latest Badtrans virus this weekend." It's important that you impress on these owners that their computer IS indeed, infected and they need to take care of it. 3. "In your address book ADD NEW Contact..... !0000 exactly like this. It puts this address first in your book and STOPS the virus from sending to your list..." This is a hoax, I'm afraid. It doesn't work. You'll find information about the "!0000" hoax at <http://antivirus.about.com/library/weekly/aa082801b.htm>. 4. Have you heard of MailWasher <http://www.mailwasher.net>? Though I haven't tried it, here's a user's comment regarding that FREE program: "I can view, identify and delete the viruses while they are still on the ISP server. They never get to my computer." Hmmm... perhaps it's worth checking out? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You've done it! You've made it to the end! Once again let's keep this off the list. If you have any questions you're welcome to email me <ladyaudris@earthlink.net>. I wish you a TERRIFIC Tuesday! :) Stay vigilant; stay alert ... keep your computer safe! -------------------------------------------------------------------- For even more info see; You can read about this virus and how to remove it from your system on the Norton Symantec site ... http://www.symantec.com/avcenter/ http://www.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html Also for more info; http://www.antivirus.com/vinfo/ ----------------------------------------------------------------------

List I am the List DAD here <G> Rule 1 = no vitus posts to this list When I see my members pop up on my system I will deal with this off list There is a virus help web page on my website for anyone who wants free virus control There is a help list on the bottom of that website for any one who wants to join my Computer help list that I use to help my members of all my lists Oregon-L = Orklamat = Shortridge = Applgate = Crockett = Matney = Mattingly = Mc Culley = Rogers = Rodgers = Roger = Cherokee-L = CherokeeGene-L = Webb-L = US Gen Web Co ord Kla Co. and a few other lists 22 on Yahoo and 99 message borards Thanks Dan = list admin Genealogy Community http://www.wvi.com/~wb/ By working together, with everyone contributing on topic we will all learn together Teach in Peace , Learn with respect.

I have read a lot of information on virus descriptions. Below is a completely confusing bunch of I don't know what. If you can't tell a person simply how to recognize the virus. Don't send a description at all. Three lines of the message below is all that is needed. Update your virus software Watchourt for any attachments that you weren't expecting! And Outlook User read special instructions. ----- Original Message ----- From: "Rose Terry" <RMTerry@prodigy.net> To: <OREGON-L@rootsweb.com> Sent: Wednesday, November 28, 2001 12:32 AM Subject: [OREGON] VIRUS Alert from ListMom - PLEASE READ!!! > To: Fellow List Members! > From: BILYEU/WORKMAN/OREGON TRAIL Mail Lists MOM > > IMPORTANT! > > I MUST pass along this message with a full description on the new virus > W32.BadTrans.B@MM which showed up for me when I received 8 emails in the > past 2 DAYS from this example email address: > "John Doe" <_johndoe@wherever.com> > > The underscore tipped me off! Some of the people I received the virus > from are SUBSRIBERS on our BILYEU/WORKMAN/OREGON TRAIL Mail Lists! > > I received a good explaination below from a ListOwner on the > [NJ-SOM-RARITAN] Mail List so wanted to pass it along to my lists. > > PLEASE READ! > This is NO joke... it's a BAD one, and it's running rapid TODAY! > > Rose Terry @>,--'--- > BILYEU/WORKMAN/OREGON TRAIL Mail Lists MOM > \\\|/// > \\ ~ ~ // Give your children these two things - One is roots, > ( @ @ ) the other, wings. > -oOOo-(_)-oOOo- Rose CAUDLE TERRY, Washington state @>,--'--- > BILYEU, WORKMAN & OREGON TRAIL Listmom (genealogical) > Proud RootsWeb Sponsor > RMTerry@prodigy.net http://www.genealogy.bilyeu.com/ > > > --------------------------------------------------------------------- > Hi everyone, > > You know the saying, "Forewarned is forearmed?" Well, here's your > opportunity to "get smart" with regard to this insidious and dangerous > virus that's going through all of us right now. I've been doing some > heavy research for the past two days in addition to communicating with a > lot of you. Hopefully, this message will clear up a lot of the > confusion that's been going around. It's also probably going to be a > "longie," so you might want to grab your coffee cups, tea glasses, or > soda cans and sit back to have a rather extensive read. I won't do > another update unless this virus mutates again and does something > drastically weird. > > I'm sure everyone knows by know that the current virus we're all dealing > with is a SECOND strain to the original Bad Trans worm we had to weather > through. If you'll remember, the first Bad Trans warned us by way of > double extensions on an attachment plus the giveaway instruction, "Take > a look to the attachment." Not completely so with this second strain! > > This insidious little mutant has so many people confused that they're > unwittingly opening messages and getting infected. Rather than go into > it all again, please read my warning message of the night before. From > there I'll update here... > > This section is a composite of information found at > <http://www.symantec.com>, <http://www.mcafee.com>, and > <http://www.viruslist.com>. After this section I'll pass along some > comments from the field (us)... > > The W32.BadTrans.B@MM is a worm that spreads under Win32 systems. The > virus sends email messages with infected files attached, as well as > installs a spying Trojan component to steal information from infected > systems. The worm itself is a Win32 executable file (PE EXE file). > Unopened, it's about 29-30Kb in size, but decompressed the worm file > length becomes about 60Kb in size. > > The worm consists of two main components, the Worm itself and a Trojan. > The "Worm" component sends infected messages, and the "Trojan" component > sends out information (user's info, remote access service data, cached > passwords, keyboard log) from infected computers to a specified e-mail > address. It also keeps a keystroke-log program body in its code, and > installs it into the system while infecting a new machine. > > INFECTING THE SYSTEM > > When a user clicks on an attached file and activates the code, the worm > gains access to the computer. First of all, it installs its components > to the system and registers in the system registry. > > Once running, the Trojan attempts to mail the victim's IP address to the > author. Once this information is obtained, the author can connect to the > infected system via the Internet and steal personal information such as > user names, and passwords. In addition, the Trojan also contains a > keystroke-log program which is capable of capturing other vital > information such as credit card and bank account numbers and passwords. > > The worm also drops an additional keyboard hooker (Win32 DLL file) to > the system, and then uses this to spy on text entered by a keyboard. > > If programmed by the hacker to do so, the worm may delete the original, > infected file once installation is complete. > > SPREADING > > McAfee reports, "If the attachment is opened, the worm displays a > message box entitled, "Install error" which reads, "File data corrupt: > probably due to a bad data transmission or bad disk access." But this > isn't happening to me, or a lot of other people (at least not that I've > seen, anyway). What IS happening follows: > > When a user becomes infected, the next time s/he reboots the computer, > the virus goes through the user's email program and looks for unread > messages in all the mailboxes. To send infected messages, the worm uses > a direct connection to an SMTP server. A victim's email address is > obtained in two different ways: > > 1. through your address book > 2. by the worm reading all your e-mail in your inbox, and obtains > e-mail addresses from here. > > Next, the worm generates replies and sends infected messages. The > message body contains HTML format, and uses a system breach to spawn an > infected attachment on vulnerable machines. > > The worm uses the infected computer owner's email address as the sender, > BUT it adds "_" (underscore) before the real address. The subject line > may OR MAY NOT have a subject line of nothing but "RE:" (nothing else). > For most of us, the body of the email is completely blank. There are no > attachments, so there is nothing to click. That's because the virus is > embedded in the body, with code that hides it. The recipient receives > what appears to be a totally blank message. It's actually 29-30K long. > > Are you a list manager who's receiving reports that > <_aperson@thisisp.com> has been sending out infected messages to your > membership? Let's see if I can explain this one for you ... > > A SCENARIO TO EXPLAIN MOST OF IT > > You're a listowner of the ABC-l list. In your membership is Ima Doe. > She uses Microsoft Outlook and has a HUGE address book filled with peers > doing genealogy from all the lists she belongs to. In real life, Ima > has a daughter, Sheeza. :) Sheeza isn't part of any list, nor does she > do genealogy. However, Sheeza's computer is infected. Her infected > machine emails Mom (Ima), and Mom seeing a message from her beloved > daughter Sheeza, immediately opens the message! That's all she wrote! > Ima's computer is now infected. You, the listowner of the abc-l list, > and anyone else in Ima's address book, is now vulnerable to receiving > the infection. List members start reporting that Sheeza Doe > <_sheeza@isp.com> is sending out virus messages! Being a terrific list > manager (and you are, aren't you?) you head for your utilities page to > unsub this poor woman till she gets her machine cleaned up, but alas!... > there is NO sheeza in the membership, nor is there anyone from isp! The > message everyone received said it's from Sheeza Doe <_sheeza@isp.com> > simply because Sheeza was in Ima's computer! Get that??? <g> (I've > been working at this for a while folks, and am feeling a little uhm... > "creative" here! If the Ima's and Sheeza's get you all fouled up, > change the Ima to Jane and the Sheeza to son, John.) > > Symantec reports: If SMTP (user) information can be found on the current > computer, then it will be used for the From: field. Otherwise, the From: > field will be one of: > > "Mary L. Adams" <mary@c-com.net> > "Monika Prado" <monika@telia.com> <--- I've had this one several times > "Support" <support@cyberramp.net> > "Admin" <admin@gte.net> > "Administrator" <administrator@border.net> > "JESSICA BENAVIDES" <jessica@aol.com> > "Joanna" <joanna@mail.utexas.edu> > "Mon S" <spiderroll@hotmail.com> > "Linda" <lgonzal@hotmail.com> > "Andy" <andy@hweb-media.com> > "Kelly Andersen" <Gravity49@aol.com> > "Tina" <tina0828@yahoo.com> > "Rita Tulliani" <powerpuff@videotron.ca> > "JUDY" <JUJUB271@AOL.COM> > "Anna" <aizzo@home.com> > > However, we're all receiving messages from a host of other names, > including those we don't know (like <_sheeza@isp.com>?). > > >From a message in the field: "I just discovered a problem when searching > for FROM: addresses that start with <"_">. There is a problem with > people who have their email program set to show both their name and > email address in the FROM: header. If such a person is infected, mail > from him/her will show, in the header, something like the following: > > "John Doe" <_johndoe@wherever.com> > > "The FROM: element in the header you see before you open the email will > show only "John Doe". That's a problem. Either set up a filter to > divert infected emails to a separate mailbox, or make sure your system > is COMPLETELY protected before you open or preview any more emails.)" > To notify the person who has the infected machine, simply remove the > leading '_' from their email address. > > WHAT CAN YOU DO? > > 1.) Insure that your antivirus software has been updated since November > 25, 2001. Anything before that will not give you the protection you > need from this strain of BadTrans. Because of the mutations this strain > appears to be doing, most people are updating DAILY now. > > 2.) Keep your antivirus program running at all times. You just never > know when you'll be the next "recipient." > > 3.) Stay calm. Realize and remember that N0 virus is currently capable > of passing through a RootsWeb list. Rootsweb's filters are set to very > high. However, BadTrans.B makes it *APPEAR* that this is happening, and > uses list messages as a source for new targets. Unsubscribing from the > list will do you no good if your email address is already in someone > else's computer and that machine becomes infected. > > MICROSOFT OUTLOOK USERS BE SURE TO READ THIS! > > Particularly vulnerable to the BadTrans.B virus are those users of > Outlook (not Outlook Express). It's imperative that Outlook users NOT > open suspicious emails, or even preview them. Outlook users will infect > their computers simply by opening or previewing infected email. Since > these infected messages have no attachments to click on in order to > activate the virus, just opening the message activates the virus through > HTML coding embedded in the post. Again, the message size is 29-30K, > but what you see is a blank message. At the point of seeing the blank > message, the computer has been infected. > > Outlook users are advised to view the headers. If a header reports a > sender's address as similar to <_somebody@someisp.com>, DO NOT OPEN IT! > As stated above, opening or even previewing an infected message through > Outlook will activate the virus and cause your system to become > infected. > > Available since May 16, 2001 is a patch for Outlook versions 5.01 and > 5.5 that should be downloaded and installed immediately. MSIE 6.0 > appears not to be affected because the patches for previous versions > have been incorporated into it. You can check to see which patches your > system needs by going to > <http://windowsupdate.microsoft.com/>. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > WINDOWS ME USERS READ THIS! > > Windows ME utilizes a backup utility that backs up selected files > automatically to the C:\_Restore folder. This means that an infected > file could be stored there as a backup file, and VirusScan will be > unable to > delete these files. I have the instructions on how to remove the > infected files from the C:\_Restore folder if you need/want them. > > IDEAS AND COMMENTS FROM THE FIELD (US): > > 1. Are you concerned about even receiving infected messages? Here's an > idea that _might_ work: > Set up a special folder specifically for "Infected Mail." > Then, use your email program's filter to watch and transfer all messages > with the "_" in the header to that "Infected Mail" folder. Make sure > this is the first of your filters. > > 2. Are you emailing people telling them their computer is infected and > that person writes back that it's not? > This is because of the virus sending out the infected messages > without the PC owner's knowledge. The person's machine is "definitely > infected, whatever they may say to the contrary. Keep in mind that the > virus is only contained in the messages that their computer is sending > without their knowledge - not the ones they are sending you > legitimately. That is why you are receiving some virus infected > messages and some virus free. Unless their virus definitions are > up-to-date they could run a virus scan & find nothing. Norton only > updated their definitions to include the latest Badtrans virus this > weekend." It's important that you impress on these owners that their > computer IS indeed, infected and they need to take care of it. > > 3. "In your address book ADD NEW Contact..... !0000 exactly like this. > It puts this address first in your book and STOPS the virus from sending > to your list..." > This is a hoax, I'm afraid. It doesn't work. You'll find > information about the "!0000" hoax at > <http://antivirus.about.com/library/weekly/aa082801b.htm>. > > 4. Have you heard of MailWasher <http://www.mailwasher.net>? Though I > haven't tried it, here's a user's comment regarding that FREE program: > "I can view, identify and delete the viruses while they are > still on the ISP server. They never get to my computer." > Hmmm... perhaps it's worth checking out? > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > You've done it! You've made it to the end! > > Once again let's keep this off the list. If you have any questions > you're welcome to email me <ladyaudris@earthlink.net>. > > I wish you a TERRIFIC Tuesday! :) Stay vigilant; stay alert ... keep > your computer safe! > > -------------------------------------------------------------------- > > For even more info see; > > You can read about this virus and how to remove it from your system on > the Norton Symantec site ... > http://www.symantec.com/avcenter/ > http://www.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html > > Also for more info; > http://www.antivirus.com/vinfo/ > > ---------------------------------------------------------------------- > > > ==== OREGON Mailing List ==== > Welcome to the OREGON LIST > To Search the OREGON-L or leave the lists use this link to the Oregon-L > web site http://lists.rootsweb.com/index/usa/OR/misc.html > > ============================== > Visit Ancestry.com for a FREE 14-Day Trial and enjoy access to the #1 > Source for Family History Online. Go to: > http://www.ancestry.com/rd/redir.asp?targetid=702&sourceid=1237

Hi Linda This virus is not really using attachments. Lots of them do not use attachments, they are automatic as you read the message Other types of Virus do not use mail at all so I urge people to be more prepared for virus's there are just too many to evenmention a few are Macro,Bios,Boot sector, e-mail, attachments, spiders , Trojans , website etc: You can log on the net and not do any thing, and without AV and ZA you can get a virus . Some help on my site with links to places for help. Dan = list admin Genealogy Community http://www.wvi.com/~wb/ By working together, with everyone contributing on topic we will all learn together Teach in Peace , Learn with respect. ----- Original Message ----- From: Linda L Nichols <famtree51@yahoo.com> To: <OREGON-L@rootsweb.com> Sent: Wednesday, November 28, 2001 6:22 PM Subject: Re: [OREGON] VIRUS Alert from ListMom - PLEASE READ!!! > I have read a lot of information on virus descriptions. Below is a > completely confusing bunch of I don't know what. > If you can't tell a person simply how to recognize the virus. Don't send a > description at all. > > Three lines of the message below is all that is needed. > > Update your virus software > > Watchourt for any attachments that you weren't expecting! > > And Outlook User read special instructions. <<<snipped>>>