I have just returned and had over 4,000 messages waiting for me. I have not
been on the net for over two months. Please tell me what I am suppose to be
looking out for in regard to this virus.
Beth
-----Original Message-----
From: Pam Hart <pshart1(a)voyager.net>
To: CAMPBELL-L(a)rootsweb.com <CAMPBELL-L(a)rootsweb.com>
Date: Tuesday, April 17, 2001 4:17 PM
Subject: Fw: [0418.94.mary] TROJ_BADTRANS.A help!
Dear Family, Friends and Fellow Researcher,
First let me appoligise to those of you who will be getting this more then
once. Unfortunatly, I have gotten this virus going around, and I know some
of you don't know how to get rid of it, as I didn't. I have written to the
virus doctor at Trend Micro and this is the responce I recieved to get rid
of it. I felt this would be the easies way to let you know how to rid
yourself of this virus if you don't know how. This is the answer I
recieved.
I hope it helps someone, and if I have been responsiable for any of
you
recieving this I am sorry. Unfortunatly I tried to open the file I recieved
from George on the Campbell list and that is how I got it. Pam Hart
-----Original Message-----
From: Virus Doctor at US <Virus_Doctor(a)trendmicro.com>
To: 'Pam Hart' <pshart1(a)voyager.net>
Date: Tuesday, April 17, 2001 10:20 PM
Subject: RE: [0418.94.mary] TROJ_BADTRANS.A help!
>Dear Customer,
>
>Greetings of peace.
>
>Please delete the following:
>
>inetd.exe found in the win.ini file or in the registry.
>
>hksdll.dll in the windows\system directory.
>
>KERN32.EXE is also detected as TROJ_BADTRANS.A.
>
>If you can't delete the detected file/s please follow the steps below:
>
>1. Take note of the location of the detected file
>2. Reboot your system to DOS prompt. If you can't find this option you may
>restart your system then before the Windows logo appear, immediately press
>F8.
>3. You will be seeing the Windows Startup Menu.
>4. Choose the Command prompt only option. This will take you to a command
>prompt.
>5. from c:\ prompt delete the file
>
>syntax: in c:\ prompt type DEL <file location><filename> hit ENTER key
>example DEL c:\windows\system\GDI32.exe
>
>6. Reboot the machine normally.
>
>This memory resident Internet worm propagates via email clients that use
>Windows sockets, such as Microsoft Outlook and Outlook Express. It replies
>to all unread email messages with itself attached to the email. The email
>sent by the worm has the same subject header and message body as the
>original email. The name of the sender will be the name of the user who is
>currently logged on to the infected computer. This worm also modifies
>WIN.INI so that it is executed at the next re-boot.
>
>Below is the hyperlink which describes TROJ_BADTRANS.A and how to remove
it.
>
><http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BADTR
A
N
>S.A>
>
>Scan your system again and delete all file/s detected as TROJ_BADTRANS.A.
>
>A Trojan horse is a program that performs some unexpected or unauthorized,
>usually malicious, actions, such as displaying messages, erasing files or
>formatting a disk. A Trojan horse doesn't infect other host files, thus
>cleaning is not necessary. To get rid of a Trojan, simply delete the
>program.
>
>Please update your pattern file and scan engine regularly to keep you safe
>from virus attack.
>Download the latest pattern at this site:
><http://www.antivirus.com/download/pattern.asp>
>Download the latest scan engine at this site:
><http://www.antivirus.com/download/engines>
>
>If you have any other inquiries, please feel free to contact us. Thank
you
>and have a nice day!
>
>-----Original Message-----
>From: Pam Hart [mailto:pshart1@voyager.net]
>Sent: Tuesday, April 17, 2001 12:09 AM
>To: Virus Doctor at US
>Subject: TROJ_BADTRANS.A help!
>
>
>Dear Doc,
>
>I recieved this virus, Sat. and found out from your site that it is in 3
>files.
>C:\windows\system\kern32
>C:\system\hksdll.dll
>C:\INETD.EXE
==============================
Search over 1 Billion names at
Ancestry.com!
http://www.ancestry.com/rd/rwlist1.asp