Thank you for sending this message. Elaine ----- Original Message ----- From: "jreece" <jreece@icx.net> To: <TNMEIGS-L@rootsweb.com> Sent: Friday, July 13, 2001 6:26 PM Subject: [{Meigs Co., TN}] Fw: Computer Virus Information from a Friend! > > Joyce G. Reece, Rootsweb Listminder for > South East Tennessee, North East Tennessee, > Meigs County Tennessee and the surnames of > Raper, Gilbreath, Knuckles and Hembree > ----- Original Message ----- > From: <TNMeigs-admin@rootsweb.com> > To: <TNMeigs@rootsweb.com> > Sent: Friday, July 13, 2001 4:29 PM > Subject: Computer Virus Information from a Friend! > > > > Greetings, TNMeigs@rootsweb.com > > > > I thought you would be interested in knowing about this computer Virus... > > > > Name: W32/Badtrans@MM > > > > Characteristics: > > This mass mailing worm attempts to send itself using Microsoft Outlook by > > replying to unread email messages. It also drops a remote access trojan > > (detected as Backdoor-NK.svr with the 4134 DATs; <I>detected heuristically > > as New Backdoor prior to the 4134 DAT release</I>). > > When run, the worm displays a message box entitled, "Install error" which > > reads, "File data corrupt: probably due to a bad data transmission or bad > > disk access." A copy is saved into the WINDOWS directory as INETD.EXE and > > an entry is entered into the WIN.INI file to run INETD.EXE at startup. > > KERN32.EXE (a backdoor trojan), and HKSDLL.DLL (a keylogger DLL detected > > as DUNpws.av) are written to the WINDOWS SYSTEM directory, and a registry > > entry is created to load the trojan upon system startup. > > HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kernel32=kern32.exe > > <I>Note: Under WinNT/2K, an additional registry key value is entered > > instead of a WIN.INI entry: > > HKEY_USERS\Software\Microsoft\Windows > > NT\CurrentVersion\Windows\RUN=%WinDir%\INETD.EXE </I> > > Once running, the trojan attempts to mail the victim's IP Address to the > > author. Once this information is obtained, the author can connect to the > > infected system via the Internet and steal personal information such as > > usernames, and passwords. In addition, the trojan also contains a > > keylogger program which is capable of capturing other vital information > > such as credit card and bank account numbers and passwords. > > The next time Windows is loaded, the worm attempts to email itself by > > replying to unread messages in Microsoft Outlook folders. The worm will be > > attached to these messages using one of the following filenames (note that > > some of these filenames are also associated with other threats, such as <A > > target=_blank > > href="http://vil.nai.com/vil/dispVirus.asp?virus_k=98797">W95/MTX.gen@M</A > > >): > > Card.pif docs.scr fun.pif hamster.ZIP.scr Humor.TXT.pif images.pif > > New_Napster_Site.DOC.scr news_doc.scr Me_nude.AVI.pif Pics.ZIP.scr > > README.TXT.pif s3msong.MP3.pif searchURL.scr SETUP.pif > > Sorry_about_yesterday.DOC.pif YOU_are_FAT!.TXT.pif > > The message body may contain the text:Take a look to the > > attachment.<I>AVERT first received an intended version of this worm > > (10,623 bytes) on April 11 from a company in New Zealand.</I> > > > > To check your system for this Virus, and to learn how to protect yourself > > from computer viruses, visit the McAfee.com Clinic at > > http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2103. > > > > For complete information on this Virus, view McAfee.com's Virus > > Information Library listing at > > http://vil.mcafee.com/dispVirus.asp?virus_k=99069. > > > > This email was sent to you by Joyce Reece > > > > > > > > > ============================== > Add as many as 10 Good Years To Your Life > If you know how to reduce these risks. > http://www.thirdage.com/health/wecare/hearthealth/index.html > > >
No problem, Elayne, Hope it helps. Joyce G. Reece, Rootsweb Listminder for South East Tennessee, North East Tennessee, Meigs County Tennessee and the surnames of Raper, Gilbreath, Knuckles and Hembree ----- Original Message ----- From: "Elaine and Bob McDowell" <elainej@arn.net> To: <TNMEIGS-L@rootsweb.com> Sent: Friday, July 13, 2001 7:58 PM Subject: Re: [{Meigs Co., TN}] Fw: Computer Virus Information from a Friend! > Thank you for sending this message. > Elaine > ----- Original Message ----- > From: "jreece" <jreece@icx.net> > To: <TNMEIGS-L@rootsweb.com> > Sent: Friday, July 13, 2001 6:26 PM > Subject: [{Meigs Co., TN}] Fw: Computer Virus Information from a Friend! > > > > > > Joyce G. Reece, Rootsweb Listminder for > > South East Tennessee, North East Tennessee, > > Meigs County Tennessee and the surnames of > > Raper, Gilbreath, Knuckles and Hembree > > ----- Original Message ----- > > From: <TNMeigs-admin@rootsweb.com> > > To: <TNMeigs@rootsweb.com> > > Sent: Friday, July 13, 2001 4:29 PM > > Subject: Computer Virus Information from a Friend! > > > > > > > Greetings, TNMeigs@rootsweb.com > > > > > > I thought you would be interested in knowing about this computer > Virus... > > > > > > Name: W32/Badtrans@MM > > > > > > Characteristics: > > > This mass mailing worm attempts to send itself using Microsoft Outlook > by > > > replying to unread email messages. It also drops a remote access trojan > > > (detected as Backdoor-NK.svr with the 4134 DATs; <I>detected > heuristically > > > as New Backdoor prior to the 4134 DAT release</I>). > > > When run, the worm displays a message box entitled, "Install error" > which > > > reads, "File data corrupt: probably due to a bad data transmission or > bad > > > disk access." A copy is saved into the WINDOWS directory as INETD.EXE > and > > > an entry is entered into the WIN.INI file to run INETD.EXE at startup. > > > KERN32.EXE (a backdoor trojan), and HKSDLL.DLL (a keylogger DLL detected > > > as DUNpws.av) are written to the WINDOWS SYSTEM directory, and a > registry > > > entry is created to load the trojan upon system startup. > > > > HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kernel32=kern32.exe > > > <I>Note: Under WinNT/2K, an additional registry key value is entered > > > instead of a WIN.INI entry: > > > HKEY_USERS\Software\Microsoft\Windows > > > NT\CurrentVersion\Windows\RUN=%WinDir%\INETD.EXE </I> > > > Once running, the trojan attempts to mail the victim's IP Address to the > > > author. Once this information is obtained, the author can connect to the > > > infected system via the Internet and steal personal information such as > > > usernames, and passwords. In addition, the trojan also contains a > > > keylogger program which is capable of capturing other vital information > > > such as credit card and bank account numbers and passwords. > > > The next time Windows is loaded, the worm attempts to email itself by > > > replying to unread messages in Microsoft Outlook folders. The worm will > be > > > attached to these messages using one of the following filenames (note > that > > > some of these filenames are also associated with other threats, such as > <A > > > target=_blank > > > > href="http://vil.nai.com/vil/dispVirus.asp?virus_k=98797">W95/MTX.gen@M</A > > > >): > > > Card.pif docs.scr fun.pif hamster.ZIP.scr Humor.TXT.pif images.pif > > > New_Napster_Site.DOC.scr news_doc.scr Me_nude.AVI.pif Pics.ZIP.scr > > > README.TXT.pif s3msong.MP3.pif searchURL.scr SETUP.pif > > > Sorry_about_yesterday.DOC.pif YOU_are_FAT!.TXT.pif > > > The message body may contain the text:Take a look to the > > > attachment.<I>AVERT first received an intended version of this worm > > > (10,623 bytes) on April 11 from a company in New Zealand.</I> > > > > > > To check your system for this Virus, and to learn how to protect > yourself > > > from computer viruses, visit the McAfee.com Clinic at > > > http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2103. > > > > > > For complete information on this Virus, view McAfee.com's Virus > > > Information Library listing at > > > http://vil.mcafee.com/dispVirus.asp?virus_k=99069. > > > > > > This email was sent to you by Joyce Reece > > > > > > > > > > > > > > > ============================== > > Add as many as 10 Good Years To Your Life > > If you know how to reduce these risks. > > http://www.thirdage.com/health/wecare/hearthealth/index.html > > > > > > > > > ============================== > Visit Ancestry.com for a FREE 14-Day Trial and enjoy access to the #1 > Source for Family History Online. Go to: > http://www.ancestry.com/subscribe/subscribetrial1y.asp?sourcecode=F11HB >