I am also loaded with these messages. My ISP was down earlier today, got
on-line when I got home, suddenly, they are everywhere. They say I have it,
but Norton Anti-Virus says I don't have it.
Here's the link to what I found out about it at Symantec:
http://www.symantec.com/avcenter/venc/data/pf/w32.badtrans.b@mm.html
CAT
----- Original Message -----
From: "Tim Stowell" <tstowell(a)chattanooga.net>
To: <GAGEN-L(a)rootsweb.com>
Sent: Sunday, November 25, 2001 5:04 PM
Subject: [GAGEN] For what it's worth
A variation of the Badtrans virus is loose again - I've got about
40 of
them today.
As I saw them downloading - I deleted the attachments - .scr and .pif
but according to the info below, I'm not sure that that was enough.
>From a list I'm on:
'It's a variation of the badtran virus.
This one lauches itself through a blank email. You don't have to open the
attachment for it to run amuk. I don't see any updates on McAfee or
Symantec for it;
This virus eats up every available byte of memory you've got, and I'd
guess
would then crash your computer without utilities to recover memory.
I
know
it's a variation of the badtran, that much I've figured out.
It sends
itself out to everyone in your address book, not just unread mail as
previous versions of the badtran. It also launches itself by simply
reading
the email since the program is embedded into a blank email. I'd
suggest
that you set your email program NOT to show HTML emails, but only in .txt
format. I think that will stop it from launching (but I'm not sure).
When
it resends itself, it uses several different file extensions and file
names.
So don't count on it being the same as what David said earlier.
It won't
be. This one is not writing the "kern32" or "inetd" files onto your
root
directory, like the badtran virus did. I haven't figured out what files
were written, but I do know that the system registry was affected, just
like
the original badtran. It also seems to resend itself AGAIN everytime
you
get online. So, expect several copies of it from all us idiots who don't
want to waste disk space on anti-virus programs.'
Tim
==== GAGEN Mailing List ====
Do you have a suggestion to include in our taglines? If so, please write
GAGENWEB-L(a)rootsweb.com