WICRAWFO-L ArchivesArchiver > WICRAWFO > 2001-11 > 1006753950
From: Tim Stowell <>
Subject: Re: [WICRAWFO] For what it's worth
Date: Mon, 26 Nov 2001 00:52:30 -0500
It appears I'm safe, crossing my fingers and toes...
I meant to send this earlier as well:
here is a place you can scan your computer for viruses for free:
who'll be updating his virus software tomorrow
At 08:56 PM 11/25/01 -0600, you wrote:
>Tim, did you open them? Unless you opened any of them, you are
>safe......but DO get an antivirus program, and have it scan messages as
>they come in. Having HTML come in isn't the problem.....having it opened
>See the Semantec page on this virus:
>It explains the process as to how the virus acts, and what to do to protect
>Sorry this comes late. Just arrived home from a long weekend........I
>wasn't checking mail while gone.
>At 04:06 PM 11/25/01 , Tim Stowell wrote:
>>A variation of the Badtrans virus is loose again - I've got about 40 of
>>As I saw them downloading - I deleted the attachments - .scr and .pif
>>but according to the info below, I'm not sure that that was enough.
>> >From a list I'm on:
>>'It's a variation of the badtran virus.
>>This one lauches itself through a blank email. You don't have to open the
>>attachment for it to run amuk. I don't see any updates on McAfee or
>>Symantec for it;
>>This virus eats up every available byte of memory you've got, and I'd guess
>>would then crash your computer without utilities to recover memory. I know
>>it's a variation of the badtran, that much I've figured out. It sends
>>itself out to everyone in your address book, not just unread mail as
>>previous versions of the badtran. It also launches itself by simply reading
>>the email since the program is embedded into a blank email. I'd suggest
>>that you set your email program NOT to show HTML emails, but only in .txt
>>format. I think that will stop it from launching (but I'm not sure). When
>>it resends itself, it uses several different file extensions and file names.
>>So don't count on it being the same as what David said earlier. It won't
>>be. This one is not writing the "kern32" or "inetd" files onto your root
>>directory, like the badtran virus did. I haven't figured out what files
>>were written, but I do know that the system registry was affected, just like
>>the original badtran. It also seems to resend itself AGAIN everytime you
>>get online. So, expect several copies of it from all us idiots who don't
>>want to waste disk space on anti-virus programs.'
>>Visit Ancestry.com for a FREE 14-Day Trial and enjoy access to the #1
>>Source for Family History Online. Go to:
>Visit Ancestry.com for a FREE 14-Day Trial and enjoy access to the #1
>Source for Family History Online. Go to: