Here's some information about the virus that is infecting many of our computers. It has been suggested that I pass it on to you all. I appreciate the concern and hope this helps. Barb S. List Administrator Dear List Administrator: I am a subscriber to ______ and received an email tonight, seemingly from the List, containing the BadTrans Virus attachment, details below. My Norton caught and quarantined it, I have taken all the necessary steps, and I'm clean! Just thought you should be aware, and possibly advise our subscribers to be on the lookout for it. If you haven't heard of the new strain, I'm also including a copy of the info email from ______, our _____ list administrator, which provides all the info, as well as Symantec's site. Thanks -- ___________ > EVERYONE PLEASE READ AND KEEP THIS MESSAGE: DO *NOT* OPEN ANY > ATTACHMENTS RIGHT NOW > >Hi everyone, > >It appears there's a new strain of the Bad Trans virus running rampant >through the lists. This one is the <W32.Badtrans.B@mm>. For benefit >of you newbies, the BadTrans is a nasty little worm that gets into your >computer and mails out messages without your knowledge. This new >version of the worm also drops a backdoor trojan that logs keystrokes. >Those messages contain an attachment with the virus. > >A quick lesson here for those of you who don't know ... > >1. You should ALWAYS be extremely cautious when it comes to opening >opening attachments. If you receive one that you didn't expect, before >opening it write back to the sender to see if s/he mailed something to >you and find out what it is. > >2. You will NEVER receive a virus through the list, but if listmembers >get infected, their computer may send you the virus, which *may* have a >list subject line. > >3. This new strain of BadTrans is going to make life difficult for a >LOT of people. Note the differences: > >The first wave of BadTrans virus messages always had a standard "Take a >look to the attachment." at the end of the message but above the >attachment. Also, those messages had double extensions (for example: >filename.exe.pif OR filename.doc.scr OR filename.txt.exe OR any other >combination of extensions), know immediately that your message is >holding a virus. Do not open the attachment, but delete it immediately. > >According to people who have already received infected messages this >newer strain of BadTrans virus is even nastier than the first because >the attachment may not show or there is a false (second) extension. It >appears to have filename.doc or filename.txt BUT THE REAL EXTENSION ( >.scr or .exe) IS 59 SPACES TO THE RIGHT. Also, the message size will be >around 29 or 30k even if no words shows up. One other clue, the email >addresses of the sending computers is altered by having an underline >character preceeding the address <__xyz123@someisp.com>. > >You are strongly encouraged to keep your virus protects updated on a >daily basis ~ or at least every other day. > >If you receive an infected message please do two things: > >1. advise the family of the fact you've received an infected message and >from whom. >2. send me the name and email address of the person with the infected >computer as well as the list name > >If YOU have the infected computer I will unsubscribe you from the list >until you've cleaned your machine and let me know about it. This is for >protection of the cousins' computers. You can read about this virus and >how to remove it from your system on the Norton Symantec site ... >http://www.symantec.com/avcenter/ >http://www.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html > >Stay alert, everyone. >