You know I would never post a virus warning to my mailing list's unless I thought it was important. I hope you all remember around the middle of last year or so when the Badtrans32 virus was making it's rounds? Well, it's back as a different strain this time. Due to the nature and the way it was spread, this particular virus hit the Rootsweb mailing list pretty hard, so I am passing information on to my lists that was sent to me in the hope that it can be prevented from spreading. I have personally received this virus at least four times so far over the holiday, and I can tell you that your best defense is NOT TO OPEN ANY ATTACHMENTS, even from people you know unless you can verify that they sent you an attachment. This virus is not spread THROUGH Rootsweb's mailing lists, but attaches itself to unread mail in an infected computer's inbox, and sends itself back out. Thus, some of the messages MAY have subject lines that are pertinent to the Rootsweb mailing list that you may be subscribed to. It also alters the person's e-mail address by adding a slash so that it bounces back to you and you can't notify the person that they are sending a virus. Removing the slash from the e-mail addy fixes the address so that it no longer bounces. Info as follows: Dear All: The message below is from Sue on the TSL list and she states the situation quite clearly. The difficulty is that the attachment may not show or there is a false extension. It appears to have xxx.doc or xx.txt but the real extension ( .scr.or .exe) is 59 spaces to the right. So even if you get a email from a trusted source ( me or others) and there is no message etc, be very careful. It will also show about 29 or 30k as the size of the message. So that is a dead giveaway in that there is 30 k of message and it doesn't show up anyway . Many of you will remember the "badtrans" virus last August. People seemed to wise-up about that one, but now there is another _strain_ of the badtrans virus called W32.Badtrans.B@mm and I have received quite a few of them ... some from current list members. I am Bcc'ing those list members whose computers are infected, so if you receive a copy of this message without the [TSL] prepend, please quickly go to the link below to learn how to clean the virus out of your computer. You will NEVER receive a virus through the list, but if listmembers get infected, their computer may send you the virus, which _may_ have a list subject line. My Norton "anti-virus" program is doing a very good job of detecting, but Norton doesn't seem to have a complete write-up about this one. They do mention the file extensions etc., but they don't mention how the email will appear or whether there is a message or not. My experience has been that only one has arrived with a subject line from a list post, the others simply have a "Re:" in the subject line. I have seen no message (but maybe Norton is deleting that too) Most of those I have received have come from Australian or New Zealand email addresses, so they must have gotten it first. Also, I don't know whether my Norton is doing this (the write-up doesn't say) but the email addresses of the sending computers is altered by having an underline character preceeding the address, such as <_emailaddress@optusnet.com.au> PLEASE remember to make sure you have up-to-date Anti Virus software, AND remember to update the Virus definitions regularly. There are a lot of good Anti Virus programs out there (I use Norton) but they aren't any good unless you update them. You can read about this virus and how to remove it from your system on the Norton Symantec site ... http://www.symantec.com/avcenter/ http://www.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html