RootsWeb.com Mailing Lists
Home

Results for list 'paelk'

Total: 1/1
    1. Re: [PAELK] I don't usually do this but....me either

    3. Sherry, I got nailed by it from a fellow researcher too. Thankfully I realized the minute I hit download, and got myself to McAfee and downloaded their VirusShield. Here is a more intimate description of the virus. Read it carefully because it changes names but the amount of bytes stays the same. I also received this 5 more times, but deleted them. It is running rampid in the genealogy communities. Good luck to all, Terry Fillows4@aol.com W32/Badtrans@MM Help Center DESCRIPTION - What virus is this? W32/Badtrans@MM is a Medium Risk mass-mailing worm that drops a remote access Trojan. The virus arrives via email in Microsoft Outlook and attempts to send itself by replying to unread email messages. The email may contain the text "Take a look to the attachment" in the message body and will contain an attachment that is 13,312 bytes in length and uses one of the following names: Card.pif docs.scr fun.pif hamster.ZIP.scr Humor.TXT.pif images.pif New_Napster_Site.DOC.scr news_doc.scr Me_nude.AVI.pif Pics.ZIP.scr README.TXT.pif s3msong.MP3.pif searchURL.scr SETUP.pif Sorry_about_yesterday.DOC.pif YOU_are_FAT!.TXT.pif PAYLOAD - What can this virus do? If the attachment is opened, the worm displays a message box entitled, "Install error" which reads, "File data corrupt: probably due to a bad data transmission or bad disk access." A copy is saved into the WINDOWS directory as INETD.EXE and an entry is entered into the WIN.INI file to run INETD.EXE at startup. KERN32.EXE (a backdoor Trojan), and HKSDLL.DLL (a valid keylogger DLL) are written to the WINDOWS SYSTEM directory, and a registry entry is created to load the Trojan upon system startup. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ RunOnce\kernel32=kern32.exe Once running, the Trojan attempts to mail the victim's IP Address to the author. Once this information is obtained, the author can connect to the infected system via the Internet and steal personal information such as usernames, and passwords. In addition, the Trojan also contains a keylogger program which is capable of capturing other vital information such as credit card and bank account numbers and passwords. www.McAfee.com

    05/05/2001 05:07:55