Thanks Pauli.
For those who use qwest/uswest as a server they do offer for only 3 dollars
a month to scan your emails for viruses before you receive them. I do this.
They send me a notification of when they detected one and deleted it out.
This is WELL worth having when you do what we do. Especially when your
email address is listed on several county pages, and projects and so on and
anyone that feels mischief that day can just send it off to you!!
I am not sure if there other servers out there that do this? But it would be
worth looking into!
Sundee
----- Original Message -----
From: pauli <paulismith(a)qwest.net>
To: <COGEN-L(a)rootsweb.com>
Sent: Saturday, April 28, 2001 7:31 AM
Subject: [COGEN] Information on the current Virus Going Around
I never send out virus warnings and alerts - sorry Dawn - but already
this
morning I have received several e-mails with this virus attached all sent
to
my new email addy. I have no idea how many are infected or where the
virus
came from. I know for a fact that most of the email lists I belong to do
not
allow attachments, but if someone on the list has the virus, this one
will
send itself out to everyone in their addy book and also attempt to reply
to
any unanswered emails.
Below is the information on this virus and how to get rid of it. PLEASE
NOTE!!!! when you attempt to open the attachment you will get an error
message that says: "File data corrupt: probably due to a bad data
transmission or bad disk access." Despite your feelings otherwise, YOU
ARE
NOW INFECTED!
Pauli
http://www.mcafee.com/anti-virus/viruses/badtrans/?cid=2208
W32/Badtrans@MM Help Center
DESCRIPTION - What virus is this?
W32/Badtrans@MM is a Medium Risk mass-mailing worm that drops a remote
access Trojan. The virus arrives via email in Microsoft Outlook and
attempts
to send itself by replying to unread email messages. The email may
contain
the text "Take a look to the attachment" in the message body and will
contain an attachment that is 13,312 bytes in length and uses one of the
following names:
Card.pif
docs.scr
fun.pif
hamster.ZIP.scr
Humor.TXT.pif
images.pif
New_Napster_Site.DOC.scr
news_doc.scr Me_nude.AVI.pif
Pics.ZIP.scr
README.TXT.pif
s3msong.MP3.pif
searchURL.scr
SETUP.pif
Sorry_about_yesterday.DOC.pif
YOU_are_FAT!.TXT.pif
PAYLOAD - What can this virus do?
If the attachment is opened, the worm displays a message box entitled,
"Install error" which reads, "File data corrupt: probably due to a bad
data
transmission or bad disk access." A copy is saved into the
WINDOWS
directory
as INETD.EXE and an entry is entered into the WIN.INI file to run
INETD.EXE
at startup. KERN32.EXE (a backdoor Trojan), and HKSDLL.DLL (a valid
keylogger DLL) are written to the WINDOWS SYSTEM directory, and a registry
entry is created to load the Trojan upon system startup.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
RunOnce\kernel32=kern32.exe
Once running, the Trojan attempts to mail the victim's IP Address to the
author. Once this information is obtained, the author can connect to the
infected system via the Internet and steal personal information such as
usernames, and passwords. In addition, the Trojan also contains a
keylogger
program which is capable of capturing other vital information such as
credit
card and bank account numbers and passwords.
==== COGEN Mailing List ====
This list is for the discussion of topics related to the COGenWeb
project.
It's primary audience is the county coordinators, state
coordinator and
other volunteers for the project.