dadofstickboy
|
posted on November 27, 2001 06:11:20 AM new
Last night when responding to a (question to seller)from someone on Ebay. I got nailed with the virus: w32/Badtrans@mm. And belive me it's a bad trans! I had to format my hard drive to get rid of it. It took over and got what it wanted,mailed itself to everyone I had info on, and who know's what else. I've been up all night rebuilding. Make sure your virus programs are up to date. Also if anyone who reads this is someone who may have had it sent to them through me, (I am very sorry!!) There was nothing I could do to stop it. Be aware it's bad!!!!
|
nanntique
|
posted on November 27, 2001 06:55:43 AM new
YES -
There seems to be a lot of *ssholes trying to send around viruses for the Holiday season. In the last several days, I have received numerous 'attachment viruses' from past customers. The ones I am getting are the 'You_are_fat', the 'Me_Nude', and some other nebulous ones. Luckily my system set-up & virus protection software kicked in and would not let me open the attachment. BTW, besides up to date virus software, you should set your system to never open an attachment in an email, unless you prompt it to, that way you can see the subject of the attachment, prior to doing damage to your self.
|
dadofstickboy
|
posted on November 27, 2001 07:17:15 AM new
nanntique
<br />
<br />
You recieved the same one I did! The name's used are a wide variety, and the two you mentioned are a couple of them there are many. The subject line for mine was RE: <br /> And the name was Hamster.
[ edited by dadofstickboy on Nov 27, 2001 07:18 AM ]
|
Landotters
|
posted on November 27, 2001 07:20:09 AM new
W32.Badtrans.B@mm
Discovered on: November 24, 2001
Last Updated on: November 24, 2001 at 12:19:48 PM PST
W32.Badtrans.B@mm is a MAPI worm that emails itself out as one of
several different file names. This worm also drops a backdoor trojan
that logs keystrokes.
Type: Worm
W32.Badtrans.B@mm
Discovered on: November 24, 2001
Last Updated on: November 24, 2001 at 12:19:48 PM PST
Printer-friendly version Tell a Friend
W32.Badtrans.B@mm is a MAPI worm that emails itself out as one of
several different file names. This worm also drops a backdoor trojan
that logs keystrokes.
Type: Worm
Virus Definitions: November 24, 2001
Threat Assessment:
Wild:
Medium Damage:
Low Distribution:
High
Wild:
Number of infections: 50 - 999
Number of sites: 3 - 9
Geographical distribution: Medium
Threat containment: Easy
Removal: Easy
Damage:
Payload:
Large scale e-mailing: Sends email from addresses found in the
default MAPI program.
Compromises security settings: Installs keystroke logging Trojan.
Technical description:
This worm arrives as an email with one of several attachment names
and a combination of two appended extensions.
The list of possible file names is:
HUMOR
DOCS
S3MSONG
ME_NUDE
CARD
SEARCHURL
YOU_ARE_FAT!
NEWS_DOC
IMAGES
PICS
The first extension that is appended to the file name is one of the
following:
.DOC
.MP3
.ZIP
The second extension that is appended to the file name is one of the
following:
.pif
.scr
The resulting file name would look something like this:
CARD.DOC.PIF
NEWS_DOC.MP3.SCR
etc.
When executed, this worm copies itself as kernel32.exe in
the "\windows\system" directory. It then adds the following registry
value:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\K
ernel32=kernel32.exe.
Prevention methods:
1. Corporate email filtering systems should block all email that have
attachments with the extensions .scr and .pif.
2. Users should not open any emails with an attachment that matches
the names listed above. Any email that has such an attachment should
be deleted.
Removal instructions:
1. Run LiveUpdate to make sure that you have the most recent virus
definitions.
2. Start Norton AntiVirus (NAV), and make sure that NAV is configured
to scan all files. For instructions on how to do this, read the
document How to configure Norton AntiVirus to scan all files.
3. Run a full system scan.
4. Delete all files that are detected as W32.Badtrans.B@mm.
5. Remove the registry value listed above.
Good Luck,
Ebay: Landotters
|
krazykiddies
|
posted on November 27, 2001 07:57:21 AM new
It got me too. I have it in quarantine right now. Cant seem to repair it or dispose of it? Do I have to reformat?? And while it is quarantine can I change my passwords & save my favorite places without getting it again? Never had this happen before. Thanks
angie
|
dadofstickboy
|
posted on November 27, 2001 08:32:09 AM new
Hi!
I just got it again under another name but I reconized it and deleated it. I don't know what virus program you use. I use Mcafee, you can go there and read about it and they tell you how to deleate it manually. It didn't work for me because I didn't catch it in time. Hopefully you did!
|
krazykiddies
|
posted on November 27, 2001 08:46:15 AM new
Last night I downloaded a new nortons antivirus, but had to uninstall my old one. So I did just that. Well I ran the new Norton 2002 and no virus is coming up. So I uninstalled that one, installed my new one, and no virus is coming up. Guess that means it's gone? Just dont see how it can be gone if I uninstalled the program. Any help would be appreciated.
Thanks
angie
|
ok4leather
|
posted on November 27, 2001 09:17:46 AM new
I had three virus laden attachements waiting for me this morning two were from past customers and one was from someone on a Yahoogroup list im on - I caught the first because the attachement warning pop up showed me the file name. I ducked the bullet this time.
|
Landotters
|
posted on November 27, 2001 09:21:47 AM new
The best thing you can do, is shut down your computer, reboot, go directly to your virus update and update, reboot, and then go where you want. If you have anything or get anything futher, it will ask you to repair or put it in quarantine. When in quarentine, you can safely delete...per my computer guru.
Good Luck,
Landotters
|
computerboy
|
posted on November 27, 2001 09:25:21 AM new
I've had this virus sent to me at least 20 times in the last week. Fortunately, I use a very effective antivirus program and viruses like this are always caught before they do any damage to our system.
This particular strain has manifested itself via eBay users, which makes it very easy to spread at a very rapid rate.
Many unsuspected novice computer users are going to receive a very unpleasant Christmas gift this year.
Bottom line, if you use a computer and connect to the internet you MUST use antivirus software. Otherwise you have a 100% probability on contracting a virus. This is a reality that us computers must face in this day and age.
|
DeSquirrel
|
posted on November 27, 2001 09:58:48 AM new
You know I read these threads and can't help shake my head. There are always multiple posts about "had to reformat my hard drive" etc. In 20 years of repairing pcs I never had to format a drive because of a virus and the only time I ever had a machine lose a significant number of files was when someone let a sircam virus run wild even though the computer was "acting funny". Most viruses are easily removed and the majority can be prevented with common sense.
Oh, if I only had a dollar for every idiot employed as "tech support"
|
computerboy
|
posted on November 27, 2001 11:23:18 AM new
DeSquirrel:
You must realize that most computer users are not trained as computer techs. They are simply users and are not familiar with the internal components or technical details of their systems. As such, when these viruses strike, they are not equipted with the know how on how to fix the virus problems when they occur. That's what techs are for...
|
amber
|
posted on November 27, 2001 11:51:43 AM new
I got it too, it came in with the subject line " 4 eBay auctions", and started downloading a file. Someone obviously knows that I am an eBay seller, is it easy to get addresses from eBay, I thought you had to be in a winning transactions to get an address. In the few seconds it took to delete it, it sent it to most of the people on our address book. I has take 4 hours to repair the damage. We now have our computer set up to turn off the internet as soon as the messages come in, that way at least you don't pass it on to someone else.
|
buyhigh
|
posted on November 27, 2001 01:21:58 PM new
I too am computer illerate and I got this virus in an End of Auction notice sent by a Kenneth McCall which I knew nothing about. Even got that my computer performed an illegal function. The subject on the e-mail even mentioned the one item I bid on in the subject line. I had Norton clean it up automatically and Norton indicated that the file was cleaned. It was not and being the persistent type I went through this process 4 times in 20 minutes. Now my scan shows that 0 files are infected and the offending e-mail no longer appears on the deleted side. When I disconnect my Outlook Express and the Internet, my deleted e-mail automatically deletes although it would not when I had the virus e-mail. Now ? Can I be sure it is gone because I'd hate to pass it on.
buyhigh
|
buyhigh
|
posted on November 27, 2001 02:11:17 PM new
Forgot to ask - does this virus automatically transmit itself to the people in my address book?
buyhigh
|
imabrit
|
posted on November 27, 2001 03:46:19 PM new
I have picked up this virus twice in the last 2 days the wiered thing.
Is this
1)I get a subject line no different from any other there is no way it indicates its a virus.Its coming from people I know and the subject lines are in line with what we buy and sell.
There is no text in the email part though it does come with an attchment.
The odd thing is all I have to do is highlight the email and not even open it and it says I have gotten the virus.
So if I recognise it and then highligh to delete I get it.So there is no way not to get the virus.
I have Norton always current and it does nothing to stop the virus I get no warning not to open or touch it before it is too late.
I have it quarantined and deleted it and that seems to get rid of it as it appears to do no real damage its just a royal pain.
Adrian
|
xenainfla
|
posted on November 27, 2001 03:58:04 PM new
I have had several emails in the past two days from Ebay users, I assume!! All of them contain nothing in the RE field or the body of the email. The only thing consistent is they have an attachment which my email server asks if I want to open or not. When I first tried to reply to the emailer and advise that I believed they had a virus on their system, I received their mails back. Found out when I looked at the properties, their email was edited with a space at the beginning. So for two days I have been checking their properties, getting their correct emails and sending them letters indicating that I think they have a virus. I am not doing it anymore, way too time consuming.
I did receive a notice from my web provider about the worm you all are discussing - however, the one I am getting doesn't sound like the same.
Good luck all & keep your virus checkers updated. I also updated my web browser to IE 5.5, just in case.
|
dman3
|
posted on November 27, 2001 04:02:07 PM new
If you Want to avoid the attchments that open on there own all you need to do is up date to IE 6.0 the new web browser has the fix for this problem.
And there has been a patch at the windows update page since last march for IE 5.5 .
a full ot tipical upgrade will work , There is no realy sub for a good virus scan but you stand a better chance if the attachment don't open up automatically .
http://www.Dman-N-Company.com
Email [email protected]
|
DeSquirrel
|
posted on November 27, 2001 04:10:06 PM new
"I have Norton always current and it does nothing to stop the virus I get no warning not to open or touch it before it is too late.
I have it quarantined and deleted it and that seems to get rid of it as it appears to do no real damage its just a royal pain. "
You do not "get" the virus until you open the attachment at which time NAV catches it and quarantines it. So NAV is doing its job and you have no problem. Antivirial programs are not clairvoyant.
Instead of quarantine have NAV delete infected files and you won't have to bother clicking and deleting them yourself.
|
dman3
|
posted on November 27, 2001 04:20:04 PM new
you need to close the mail view window in your outlook express Go to the View menu click layout on the menu and choose to not have the view window this way when you high ligh and delete the message wont open.
http://www.Dman-N-Company.com
Email [email protected]
|
hotcupoftea
|
posted on November 27, 2001 09:00:13 PM new
Hi -
Can those of you who are experts tell me if I am doing the right thing? The number of email viruses I am getting appears to be increasing at a steady rate, which is quite annoying. I haven't gotten a virus or worm and I don't have a virus software detection program in place. Please tell me if I am being foolish or not.
Here is my understanding of the process.
I don't share disks with anyone so I can't get a worm or virus that way.
I use Eudora Pro for my email software, and that program lets me know if an email has an attachment. I never open an attachment unless it is from someone who told me they were sending me a specific file.
I go into Windows Explorer, then I go to the directory where Eudora Pro stores the attachment files. I highlight only those files that I want to transfer to a working directory, the files that were sent to me specifically. I do not highlight any other files.
Then I go to Edit:Select All, which is an action that highlights all of the remaining files in that directory.
Then I go to File elete which is an action that removes all of the files to the Recyle Bin.
Finally, I go to the Recycle Bin and empty it.
Tonight I performed that action again after reading this topic and I had over three dozen attachment files with .exe and such that were obvious worm and virus files.
I need to know, anything I am missing? Is there something I should be doing that I am not doing? Is there a way for me to get a virus that doesn't involve clicking open an email attachment?
Thank you,
hotcupoftea
|
Landotters
|
posted on November 27, 2001 09:03:03 PM new
Norton Update, covered this virus on 11/24, it was the last virus update on the system. If your Norton did not cover this virus, then there is something wrong on the update you have. Go check the last date on the update. Run a new live update, and scan for virus's after you reboot.
My husband is a IT tec for a communications company, he knows more than I but this is what I have been "trained" to do by him.
|
twinsoft
|
posted on November 27, 2001 09:40:23 PM new
I got an attachment yesterday named "hamster.doc.pif." Yeah, like I'm going to click on that. The message was from an eBay customer and appeared otherwise normal. No ill effects from the email.
|
barbkeith
|
posted on November 28, 2001 03:25:52 AM new
Any thoughts on this? Checked my email this morning and had an email from "Metaltech", subject was Re:Ebay item #xxxxxxxxx black and floral purse. It included 2 attachments. IE5 came up and the file was named IE5/KORYFPVJ/PICS.DOC.SCR. Well, "Metaltech" is from Germany according to Ebay search and the item number is invalid. I deleted it without opening it. I think I'm going to Nortons' site to see if I can find it.
|
sborchert
|
posted on November 28, 2001 07:37:40 AM new
This morning I received an e-mail and in the subject line it said "My Name" has sent you $4.95 via Yahoo PayDirect". When I looked at the e-mail there was a pop-up asking me if I wanted to download and save to disk or open. I did neither since I have not made any payments through Yahoo PayDirect recently or for that amount.
I suppose this is another way for a virus to come in.
|
creativelabels
|
posted on November 28, 2001 02:25:14 PM new
Now, if you had a seller send you an email with a virus attached, what kind of feedback would you leave? Especially if the seller won't respond to your email about the virus.
|
sandvet
|
posted on November 28, 2001 04:46:06 PM new
I got the virus sent to me today but it never made it to my computer. I received this message from my ISP instead.
Dear [email protected],
ISLC's virus protection service has detected a potential
email virus. This suspicious message has been quarantined in
your ISLC Message Center:
From: "Xxxxxxx Xxxxxxxxxx" <[email protected]>
Subject: Re:
Virus: WORM_BADTRANS.B
You can read the message without infecting your computer.
Click on the link to access your ISLC Message Center:
http://login.postini.com/exec/[email protected]
Thank You!
ISLC
Sandvet
|
jrome
|
posted on November 28, 2001 05:22:52 PM new
If you want to help stop getting viruses, don't use the same software everyone else uses, b/c those systems are the ones most likely infected. Macs rarely get viruses (not worth the trouble to write, probably), pine is a great way to go, especially after I learned how to use Procmail, and by all means, don't open attachments from strangers.
|
barbkeith
|
posted on November 28, 2001 08:25:29 PM new
Ok, now I'm wondering if I have a virus. How will I know? I have done the "Live Update" from Norton and ran the virus scan for all files. No viruses detected BUT when I go to Start, then find files and folders and check find files modified between 11/26/01 and 11/27/01 there are all these files that look pretty strange to me. I have not opened any attachments and will not even if I know the person very well. How can I be positively sure I don't have a virus. I don't want to send it to everyone when my auctions end. HELP ME PLEASE!!!! Thanks in advance. Barbara<br />
Edited to say I'm going to bed now. Hope to have replies in the morning. Good night all.
[ edited by barbkeith on Nov 28, 2001 08:26 PM ]
|
kkbclear
|
posted on November 28, 2001 10:28:09 PM new
Great! Just got a response to an end of auction notice from the buyer of the item. It contained no info from the buyer, only the ME_Nude file to download.
Of course I didn't download it. I just emailed the buyer back (sent him a copy of the email I received from him) and told him I thought he might have a problem with his computer, and could he just send me his name and shipping address instead.
Now I probably have a p***** off buyer, but it was only a $10 auction! I can hardly wait for the neg for this one! Have a ready response, though! "Sent worm instead of payment." 
Serious question now: since I didn't download the file, is my computer infected? I didn't download the file - I know better than to do that, but could just opening the email cause problems?
Help for a non-techie please!
|
