ESSEX-UK-L Archives

From: "Rigby" <>
Subject: Virus
Date: Fri, 4 May 2001 10:17:27 -0400

Sorry folks! I just got this virus from Jeffrey. Please don't open any
attachments from me. Below is the email with instructions, should you get
the viris.

Jean Rigby (researching Gargrave, Hull, Warren, Lodge, Little)

----- Original Message -----
From: "Jeffrey jones" <>
To: <>
Sent: Thursday, May 03, 2001 8:40 AM
Subject: Virus


> Hi Everyone
>
> I am sorry to say my computer has been infected with a virus. If you
receive an email from me and it has an attachment please don't open it. I
will send another email when I am sure everything is ok again.
>
> I will also unsubscribe from the list.
>
> Below is an email I received to help me.
>
> Kim.
>
> Sorry, Kim
> It was a virus. I got the same thing the same way. Following is
> instructions on how to remove it which I received:
>
> Your computer is infected with the Badtrans Virus.
> Below are instructions for removing it from your computer.
> The virus concerned is (according to the McAfee Virus Information Library)
> W32/Badtrans @MM.
>
> The virus is not transmitted via the list, but attaches itself to replies
it
> generates from unread incoming messages. That means that if you have
unread
> messages from the list in your mailbox, it will send itself out to the
> originators of those messages.
>
> If you receive a message with some of the text of a message which you have
> sent to somebody, or the list, with an additional line reading: 'Take a
look
> to the attachment', and which has an attachment with any of the following
> names (or anything else you are suspicious of), do not open the
attachment:
>
> Card.pif
> docs.scr
> fun.pif
> hamster.ZIP.scr
> Humor.TXT.pif
> images.pif
> New_Napster_Site.DOC.scr
> news_doc.scr
> Me_nude.AVI.pif
> Pics.ZIP.scr
> README.TXT.pif
> s3msong.MP3.pif
> searchURL.scr
> SETUP.pif
> Sorry_about_yesterday.DOC.pif
> YOU_are_FAT!.TXT.pif
>
> The virus is very crafty in that if you do run the file in the attachment
by
> attempting to open it, it will give an error message which makes it appear
> that the file is corrupt. If you do see, or have seen this message in the
> last few days (the virus was discovered around the 11th of this month),
your
> computer is infected and will start sending out messages to other people.
>
> The best way to get rid of it is to use one of the virus scanning packages
> that others have mentioned. Make sure that you download a new copy of your
> package or its data files though as this is a new virus and old scanners
may
> not detect it.
>
> If you want to do the job manually, you have to use Regedit to delete
> registry keys which have 'kern32.exe' as the value (if you search using
> Regedit, it will find about three entries for this but two of them are for
> the search itself).
>
> You will then need to edit WIN.INI and remove the entry for running
> INETD.EXE at startup. Then restart your computer and find and delete the
> INETD.EXE file from your Windows directory, and the files KERN32.EXE and
> HKSDLL.DLL from your Windows\System directory. You cannot delete these
files
> without removing the key and .ini file entry first and restarting the
> computer as you will be told that the files are in use by Windows if you
> try.
>
> If any of the above instructions are in any way unclear to you, use an
> anti-virus package instead as it is possible to cause a lot of damage if
you
> are not sure what you are doing in the system registry or system folders.
>
>
> Kim Jones
>
> Kim Jones
>
>
>

This thread:

• Virus by "Jeffrey jones" <>

  • Virus by "Rigby" <>

  • Virus by "yvonne dale" <>
    • Re: Virus by "George Spooner" <>
  • Fw: Virus by "yvonne dale" <>
  • Re: Virus by myoffice <>
    • Re: Hamster Virus (Hoaxe) by Kevin Cole <>
      • Re: Hamster Virus (Hoaxe) by "George Spooner" <>