Join the largest consumer electronics community in the world! Register now and join 452,474 other members (1384 online now)
BadTrans virus bites Windows users hard
Posted on 26/11/01 15:33 by Guest
BadTrans.B is spreading rapidly. BadTrans.B is a variant of a virus which first appeared in April. It usually arrives as an email with either the subject line Re: (name of file attachment) or Re: (the subject line of a previous message thread). The email contains a double attachment and a name made up of a series of elements which "alternate like a fruit machine", according to Mark Sumner, CTO of MessageLabs. BadTrans.B uses a known exploit, related to the processing of certain unusual MIME types, in certain versions of Outlook Express 5 so as to launch an attachment automatically. The trick, which was also used by the authors of the Nimda worm, means simply previewing an infected email is enough to get infected. Users who double click on an infected attachment also risk infection. BadTrans.B uses MAPI to spread and gets target addresses from unread messages in a user's email client. The worm also drops a file named kdll.dll, which is the password stealing Trojan PWS-AV , on an infected user's PC. |
read the full story Here
Source: TheRegister
more cdfreaks.com news
2
23:28
2
23:16
1
22:22
5
21:01
2
20:25
7
04:10
5
00:49
Reactions
Discuss this article with your fellow community members! We appreciate your valuable input, but please keep the reaction policy in mind and make sure your reaction is constructive.
By
Guest,
Mon 26 Nov 2001 16:21
Your account isn't activated yet, before your comment will be shown to others you need to activate first, please check your email for your activationcode
Damn I have the kdll.dll file... Should I be alarmed? Let's see what NAV2002 finds...
By
Guest,
Mon 26 Nov 2001 16:40
Your account isn't activated yet, before your comment will be shown to others you need to activate first, please check your email for your activationcode
Hmm it did find the virus but said 'Can't repair it' 
Well that's big help...
By
theEye
Member since: 11 Jul 2001
Reactions: 120
Forumposts: 353
Karma: 5970 , Mon 26 Nov 2001 17:26
Reactions: 120
Forumposts: 353
Karma: 5970 , Mon 26 Nov 2001 17:26
Sorry GAM3FR3AK, but NAV200x simply SUX 
Better get the scanner from www.avp.ch
Better get the scanner from www.avp.ch
I know it sucks ...All the viruses NAV has found for me it doesn't repair
By
Guest,
Mon 26 Nov 2001 19:21
Your account isn't activated yet, before your comment will be shown to others you need to activate first, please check your email for your activationcode
To GAM3FR3AK
Be sure it's really kdll.dll (trojan) and not skdll.dll (Micro$oft)... if it's the trojan, try to quanrantine the file.
By
Guest,
Tue 27 Nov 2001 04:43
Your account isn't activated yet, before your comment will be shown to others you need to activate first, please check your email for your activationcode
When are they going to hunt down those virus makers and hang them?
And while they're at it, why not hang Bill 'security hole' Gates.
I get about 20 virusses each day in my mailbox.
By
Guest,
Tue 27 Nov 2001 05:27
Your account isn't activated yet, before your comment will be shown to others you need to activate first, please check your email for your activationcode
GAM3FR3AK:
If NAV says it can't fix it, it's usually because the file is resident in memory and the file is locked by the OS for writing/deletion. Just reboot into dos and delete the file manually and rerun your NAV to be sure you got it all...
By
Guest,
Tue 27 Nov 2001 11:19
Your account isn't activated yet, before your comment will be shown to others you need to activate first, please check your email for your activationcode
Thanks all for the help... I'll try some things and see if it works. I got 10 more copies today of the virus via e-mail. Really irritating because the subject line is mostly 'Re:' and I get a lot of mail each day so I usually just open it. Now when I open such an e-mail NAV pops up "You have a virus ... can't repair, blablabla" but Outlook Express (6) does warn me if I want to open the mail because it might contain a virus (and indeed it does). I've always selected No so I wonder if I'm really infected. I do have a proper firewall installed (ZoneAlarm Pro) and no app has tried to connect thus far nor did my mail program send out messages containing the virus (at least none I know of).
1. don't use outlook. it is worse than the virus. if no one used outlook there would be very few virus. MS should be fined every time a virus came out, then maybe they fix their program.
2. anti-virus programs don't help in situations like this. new virus just slip by as the anti-virus programs don't look for new virus.
3. gamefr3ak: firewall won't help. unless it is like the nimda virus which looks for web servers, and again only MS IIS, anyone seeing a patern here??
