This version of Badtrans does more than just e-mail itself out to addresses collected from un-opened mail, the temporary Internet cache, and other sources on the infected system (but not from the address book). It also plants a trojan on the infected system and the hacker can then access the system and steal passwords, credit card numbers etc. It is not necessary to open an attachment for this virus to take effect ...it is embedded in the (usually blank) email's body, and will go into action as soon as the message is opened or even viewed in the pre-view pane! :o( I am extremely surprised that Vet says it doesn't do much harm. McAfee, Symantec (Norton) and Trend (HouseCall & PCillian) all warn of the dangers of this vile thing and many sites now have special tools to ensure that all traces of it are removed from infected systems. This subject has been discussed at great length on the Virus-discussion group at RootsWeb for the past week. Everyone should ensure that the definitions for their anti-virus programs are dated as being no older than 24 November, preferably more recent. Lyndall Canberra ----- Original Message ----- > How cute is the timing! > > A message from Jill Kealey McRae has an attachemnt which, as received by me was New_Napster_Site.MP3.pif. > > This is a fairly annoying worm called Badtrans.29020. It attaches itself to all email for despatch when the attachment is opened but does not do any other damage according to the description at www.vet.com.au - the latest version was released into the wild on 27/11/01. > > One problem is thatit modifies the email senders address so that reply to warn 'you appear to have an infection' is not possible. > > Jim Mackay >

"BadTransB", a virus which started in Europe on the 24th of Nov. and hit here on the 27th. sends emails to all, not in your address book but in your list of emails, it never contacts the same person twice and does little harm to your computer butttttttt The internet states: It creates a log file " KDLL.DLL " and a file "CP_25389.NLS" The actual file that runs is "KERNEL32.EXE" You should now do a search or find to see if any of these files are resident on your computer and delete them if you find them. Internet sites inform me that the first two files can log your passwords etc. and send them back to the producer of this virus so change any bank or sensitive passwords now! There is more work that that. I went many places for answers, but used the info at www.Europe.f-secure.com/v-descs/badtrs_b.shtml as the best place for answers that you can act on. Not all who got blank messages got bitten, I hope this applies to you but take the time to at least search for those *** files for your own sake. Sorry for any inconvenience Lawrence Nicoll PS (after doing what it said, installing the new version of my anti-virus, all seems ok) ----- Original Message ----- From: "Lyndall" <[email protected]> To: <[email protected]> Sent: Sunday, December 02, 2001 2:03 PM Subject: Re: [RossGen] Virus Warning - Urgent > This version of Badtrans does more than just e-mail itself out to addresses > collected from un-opened mail, the temporary Internet cache, and other > sources on the infected system (but not from the address book). It also > plants a trojan on the infected system and the hacker can then access the > system and steal passwords, credit card numbers etc. > > It is not necessary to open an attachment for this virus to take effect > ...it is embedded in the (usually blank) email's body, and will go into > action as soon as the message is opened or even viewed in the pre-view pane! > :o( > > I am extremely surprised that Vet says it doesn't do much harm. McAfee, > Symantec (Norton) and Trend (HouseCall & PCillian) all warn of the dangers > of this vile thing and many sites now have special tools to ensure that all > traces of it are removed from infected systems. > > This subject has been discussed at great length on the Virus-discussion > group at RootsWeb for the past week. > > Everyone should ensure that the definitions for their anti-virus programs > are dated as being no older than 24 November, preferably more recent. > > Lyndall > Canberra > > ----- Original Message ----- > > > How cute is the timing! > > > > A message from Jill Kealey McRae has an attachemnt which, as received by > me was New_Napster_Site.MP3.pif. > > > > This is a fairly annoying worm called Badtrans.29020. It attaches itself > to all email for despatch when the attachment is opened but does not do any > other damage according to the description at www.vet.com.au - the latest > version was released into the wild on 27/11/01. > > > > One problem is thatit modifies the email senders address so that reply to > warn 'you appear to have an infection' is not possible. > > > > Jim Mackay > > > > > ==== ROSSGEN Mailing List ==== > To remove your email address from this list, visit this url: http://homepages.rootsweb.com/~cheps/maillist.htm