From: Tim Stowell <>
Subject: Re: [WICRAWFO] For what it's worth
Date: Mon, 26 Nov 2001 00:52:30 -0500
References: <3.0.5.32.20011125170635.009e88a0@mail.chattanooga.net>
In-Reply-To: <4.2.0.58.20011125204957.00c1f100@pop3.norton.antivirus>
It appears I'm safe, crossing my fingers and toes...
I meant to send this earlier as well:
here is a place you can scan your computer for viruses for free:
http://housecall.antivirus.com/housecall/start_pcc.asp
Tim Stowell
who'll be updating his virus software tomorrow
At 08:56 PM 11/25/01 -0600, you wrote:
>Tim, did you open them? Unless you opened any of them, you are
>safe......but DO get an antivirus program, and have it scan messages as
>they come in. Having HTML come in isn't the problem.....having it opened
>automatically IS.
>See the Semantec page on this virus:
>
>http://www.symantec.com/avcenter/venc/data/ type="text/javascript">DisplayMail('mm.html','w32.badtrans.b');
>
>It explains the process as to how the virus acts, and what to do to protect
>yourself.
>
>Sorry this comes late. Just arrived home from a long weekend........I
>wasn't checking mail while gone.
>
>
>Mari
>List Admin
>
>At 04:06 PM 11/25/01 , Tim Stowell wrote:
>>A variation of the Badtrans virus is loose again - I've got about 40 of
>>them today.
>>As I saw them downloading - I deleted the attachments - .scr and .pif
>>but according to the info below, I'm not sure that that was enough.
>>
>>Tim
>>
>> >From a list I'm on:
>>
>>'It's a variation of the badtran virus.
>>This one lauches itself through a blank email. You don't have to open the
>>attachment for it to run amuk. I don't see any updates on McAfee or
>>Symantec for it;
>>
>>This virus eats up every available byte of memory you've got, and I'd guess
>>would then crash your computer without utilities to recover memory. I know
>>it's a variation of the badtran, that much I've figured out. It sends
>>itself out to everyone in your address book, not just unread mail as
>>previous versions of the badtran. It also launches itself by simply reading
>>the email since the program is embedded into a blank email. I'd suggest
>>that you set your email program NOT to show HTML emails, but only in .txt
>>format. I think that will stop it from launching (but I'm not sure). When
>>it resends itself, it uses several different file extensions and file names.
>>So don't count on it being the same as what David said earlier. It won't
>>be. This one is not writing the "kern32" or "inetd" files onto your root
>>directory, like the badtran virus did. I haven't figured out what files
>>were written, but I do know that the system registry was affected, just like
>>the original badtran. It also seems to resend itself AGAIN everytime you
>>get online. So, expect several copies of it from all us idiots who don't
>>want to waste disk space on anti-virus programs.'
>>
>>
>>Tim
>>
>>
>>==============================
>>Visit Ancestry.com for a FREE 14-Day Trial and enjoy access to the #1
>>Source for Family History Online. Go to:
>>http://www.ancestry.com/rd/redir.asp?targetid=702&sourceid=1237
>
>
>==============================
>Visit Ancestry.com for a FREE 14-Day Trial and enjoy access to the #1
>Source for Family History Online. Go to:
>http://www.ancestry.com/rd/redir.asp?targetid=702&sourceid=1237
>
>