Hi Everyone, This virus has a very high penetration rate and is successful in the payload. The virus is undetectable in some instances because it is embedded in HTML. It appears there's a new strain of the Bad Trans virus running rampant through the maillist subscribers. This one is the <W32.Badtrans.B@mm>. For benefit of you newbies, the BadTrans is a nasty little worm that gets into your computer and mails out messages without your knowledge. This new version of the worm also drops a backdoor trojan that logs keystrokes. Those messages contain an attachment with the virus. A quick lesson here for those of you who don't know ... 1. You should ALWAYS be extremely cautious when it comes to opening attachments. If you receive one that you didn't expect, before opening it write back to the sender to see if s/he mailed something to you and find out what it is. 2. You will NEVER receive a virus through a RootsWeb maillist, but if listmembers get infected, their computer may send you the virus, which *may* have a list subject line. 3. This new strain of BadTrans is going to make life difficult for a LOT of people. Note the differences: The first wave of BadTrans virus messages always had a standard "Take a look to the attachment." at the end of the message but above the attachment. Also, those messages had double extensions (for example: filename.exe.pif OR filename.doc.scr OR filename.txt.exe OR any other combination of extensions), know immediately that your message is holding a virus. Do not open the attachment, but delete it immediately. According to people who have already received infected messages this newer strain of BadTrans virus is even nastier than the first because it is undetectable in some instances because it is embedded in HTML, the attachment may not show or there is a false (second) extension. It appears to have filename.doc or filename.txt BUT THE REAL EXTENSION (.scr or .exe) IS 59 SPACES TO THE RIGHT. Also, the message size will be around 29 or 30k even if no words shows up. Many of the messages are blank. One other clue, the email addresses of the sending computers is altered by having an underline character preceeding the address <_ComputerUser@isp.com>. You are strongly encouraged to keep your virus protects updated on a daily basis ~ or at least every other day. If you receive an infected message please do two things: 1. Advise the family of the fact you've received an infected message and from whom. 2. Send me the name and email address of the person with the infected computer as well as the list name If YOU have the infected computer I will unsubscribe you from the maillist until you've cleaned your machine and let me know about it. This is for protection of the other subscribers computers. You can read about this virus and how to remove it from your system on the Norton Symantec site ... http://www.symantec.com/avcenter/ http://www.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html If you have any questions or comments you're welcome to email me mmcmanness@mindspring.com. I hope this information helps. If you have problems or further questions please let me know. :-) Thanks, Mike ************************* Michael G. McManness, a Jayhawk through and through, eating, sleeping, breathing, and bleeding Crimson and Blue near the University of Kansas. Family genealogist and research historian. "Character may be manifested in the great moments, but it is made in the small ones." --- Phillip Brooks *************************