RootsWeb Mailing List Archives

RootsWeb.com Mailing Lists

Home

Results for list 'vawashin'

Sender

Subject

Content

Total: 1/1

1. [VAWASHIN] Re: list problems
2. Sheila Anderson-Lewis
3. PLEASE READ THE BELOW MESSAGE and the RESPONSE! The computers of these infected people are sending out the virus, they have no idea they have it! It is the BADTRANS virus. Cheryl and the others need to clean their computers and be very careful about attachments that may be coming in from people you know! Please read how to clean up your systems below. I apologize for the non-genealogy intrusion..but please, please read below! Sheila ----- Original Message ----- From: "Barb Norvell Sent: Sunday, June 17, 2001 6:15 AM Cheryl and list. Someone is really doing a thing on this list. I not only got an email with Cheryl's name as sender, I also received one with Barbara and Kevin Miller. This also had the same kind of attachment that I received in the name of Cheryl.. DO NOT OPEN ANY OF THESE ATTACHMENTS.I don't know who is doing this, but someone has invaded the genealogy lists and creating havoc. I like Cheryl apologize for sending this to the list, but I felt it very necessary. I have known and corresponded with Cheryl for several years, and she has sent me much information, so I know the virus did not come from her, and I am sure of the same with Barb and Kevin. A very mean spirted person is invading these lists. The same thing happened on another list, and some people lost all of the info on their harddrive. There was a discussion on another list, and I am going to try and find out the suggestions that were made there. There is a site to go to that you can use to find out if you have a virus. Barb > It is the BADTRANS VIRUS!!!!!!!!!!!! HERE IS SOME INFO: My friend Dan's virus help site http://www.angelfire.com/or/matney/page1.html Here is a little more info on this Virus. Good Luck. W32.Badtrans.13312@mm Discovered on: April 11, 2001 Last Updated on: May 4, 2001 at 01:43:06 PM PDT Due to an increase in the number of submissions, W32.Badtrans.13312@mm has been upgraded to a Category 4 threat. It is a MAPI worm that replies to all unread mails in your email message folders, and drops a backdoor Trojan. Also Known As: W32/Badtrans-A, W32/Badtrans@MM, BadTrans, IWorm_Badtrans, I-Worm.Badtrans, TROJ_BADTRANS.A Category: Worm Infection Length: 13312 Virus Definitions: April 11, 2001 Threat Assessment: Wild: High Damage: Medium Distribution: High Wild: Number of infections: 50 - 9999 Number of sites: More than 10 Geographical distribution: High Threat containment: Easy Removal: Easy Damage: Payload: Large scale e-mailing: It replies to all unread messages in the message folders within the default MAPI email program. Compromises security settings: It drops a backdoor Trojan. Technical description: When the worm is executed, it drops the backdoor Trojan Hkk32.exe in the \Windows folder, and then executes it. It then copies itself into the Windows folder as inetd.exe, adds a run= line to the Win.ini, and displays the following message: The next time that the computer is rebooted, the worm will wait for 5 minutes, then it will use MAPI to find all unread email messages and reply to all of them. The worm will attach itself to the email, using one of the following file names: Pics.ZIP.scr images.pif README.TXT.pif New_Napster_Site.DOC.scr news_doc.scr hamster.ZIP.scr YOU_are_FAT!.TXT.pif searchURL.scr SETUP.pif Card.pif Me_nude.AVI.pif Sorry_about_yesterday.DOC.pif s3msong.MP3.pif docs.scr Humor.TXT.pif fun.pif Removal instructions: Because W32.Badtrans.13312@mm affects different operating systems in different ways, how you remove this worm depends on your operating system. Follow the instructions in the order given. To remove the worm: 1. Run LiveUpdate to make sure that you have the most recent virus definitions. 2. Start Norton AntiVirus (NAV), and then run a full system scan, making sure that NAV is set to scan all files. 3. Delete any files detected as W32.Badtrans.13312@mm. What you do next depends on whether NAV was able to delete files that it detected as infected with W32.Badtrans.13312@mm: If NAV was able to delete all files that it detected as infected, do one of the following: If you are using Windows 95/98/Me, skip to the section To edit the Win.ini file. If you are using Windows NT/2000, and NAV was able to delete all infected files, you are finished. If NAV was not able to delete all files that it detected as infected, go on to the next section and see the instructions for your operating system: How to remove files that cannot be deleted by NAV Follow the instructions for your operating system only if NAV could not delete files that it detected as infected, W32.Badtrans.13312@mm. Windows 95/98/Me: 1. Restart the computer in Safe mode. For instructions on how to restart in Safe mode, see the document How to restart Windows 9x or Windows Me in Safe Mode. 2. Run the scan again and delete any files detected as W32.Badtrans.13312@mm. 3. When the scan is finished, go on to the section To edit the Win.ini file. Windows NT with FAT32/FAT16: 1. Restart the computer in VGA mode and run the scan again. 2. Delete any files detected as W32.Badtrans.13312@mm. 3. Restart the computer to complete the removal procedure. Windows 2000 with FAT32/FAT16: 1. Restart the computer in Safe mode. For instructions on how to restart in Safe mode, see the document How to start Windows 2000 in Safe Mode. 2. Run the scan again and delete any files detected as W32.Badtrans.13312@mm. 3. Restart the computer to complete the removal procedure. Windows NT/2000 with NTFS: Removal on Windows NT/2000 with NTFS is a bit more complex, as you first must edit the registry. CAUTION: We strongly recommend that you back up the system registry before making any changes. Incorrect changes to the registry could result in permanent data loss or corrupted files. Please make sure you modify only the keys specified. Please see the document How to back up the Windows registry before proceeding. This document is available from the Symantec Fax-on-Demand system. In the U.S. and Canada, call (541) 984-2490, select option 2, and then request document 927002. 1. Click Start, and then click Run. The Run dialog box appears. 2. Type regedit and then click OK. The Registry Editor opens. 3. Navigate to the following subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\RunOnce 4. In the right pane, delete the following value: Kernel32 KERN32.EXE 5. Navigate to the following subkey: HKEY_CURRENT_USER\Software\Microsoft\ Windows NT\CurrentVersion\Windows 6. In the right pane, delete the following value: run <path>\Inetd.exe 7. Exit the Registry editor. 8. Restart the computer. 9. Run the scan again and delete any files detected as W32.Badtrans.13312@mm. This completes the removal procedure for users of Windows NT/2000 with NTFS To edit the Win.ini file: If you are running Windows 95/98/Me, you must also do the following: 1. Click Start, and then click Run. 2. Type the following and then click OK: edit c:\windows\win.ini NOTE: If you have installed Windows to a different location, make the appropriate substitution. 3. In the [windows] section, locate the run= line. It will look similar to the following: run=c:\windows\inetd.exe 4. Remove the text to the right of the = sign, so that the line now reads: run= 5. Save your changes and exit the System Configuration Editor. Write-up by: Peter Ferrie
06/17/2001 04:56:02