ESSEX-UK-L ArchivesArchiver > ESSEX-UK > 2001-05 > 0988985608
From: "Rigby" <>
Date: Fri, 4 May 2001 10:17:27 -0400
Sorry folks! I just got this virus from Jeffrey. Please don't open any
attachments from me. Below is the email with instructions, should you get
Jean Rigby (researching Gargrave, Hull, Warren, Lodge, Little)
----- Original Message -----
From: "Jeffrey jones" <>
Sent: Thursday, May 03, 2001 8:40 AM
> Hi Everyone
> I am sorry to say my computer has been infected with a virus. If you
receive an email from me and it has an attachment please don't open it. I
will send another email when I am sure everything is ok again.
> I will also unsubscribe from the list.
> Below is an email I received to help me.
> Sorry, Kim
> It was a virus. I got the same thing the same way. Following is
> instructions on how to remove it which I received:
> Your computer is infected with the Badtrans Virus.
> Below are instructions for removing it from your computer.
> The virus concerned is (according to the McAfee Virus Information Library)
> W32/Badtrans @MM.
> The virus is not transmitted via the list, but attaches itself to replies
> generates from unread incoming messages. That means that if you have
> messages from the list in your mailbox, it will send itself out to the
> originators of those messages.
> If you receive a message with some of the text of a message which you have
> sent to somebody, or the list, with an additional line reading: 'Take a
> to the attachment', and which has an attachment with any of the following
> names (or anything else you are suspicious of), do not open the
> The virus is very crafty in that if you do run the file in the attachment
> attempting to open it, it will give an error message which makes it appear
> that the file is corrupt. If you do see, or have seen this message in the
> last few days (the virus was discovered around the 11th of this month),
> computer is infected and will start sending out messages to other people.
> The best way to get rid of it is to use one of the virus scanning packages
> that others have mentioned. Make sure that you download a new copy of your
> package or its data files though as this is a new virus and old scanners
> not detect it.
> If you want to do the job manually, you have to use Regedit to delete
> registry keys which have 'kern32.exe' as the value (if you search using
> Regedit, it will find about three entries for this but two of them are for
> the search itself).
> You will then need to edit WIN.INI and remove the entry for running
> INETD.EXE at startup. Then restart your computer and find and delete the
> INETD.EXE file from your Windows directory, and the files KERN32.EXE and
> HKSDLL.DLL from your Windows\System directory. You cannot delete these
> without removing the key and .ini file entry first and restarting the
> computer as you will be told that the files are in use by Windows if you
> If any of the above instructions are in any way unclear to you, use an
> anti-virus package instead as it is possible to cause a lot of damage if
> are not sure what you are doing in the system registry or system folders.
> Kim Jones
> Kim Jones