alpines
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: New Virus Alert

from [Ian Spencer] [Permanent Link][Original]
To: Alpine List <alpines@autox.team.net>
Subject: Re: New Virus Alert
From: Ian Spencer <ian@sunbeamalpine.org>
Date: Mon, 26 Nov 2001 08:31:24 -0500 
Just a note: Don't delete the kernel32.dll... it is a legitamite windows system 
file.
Just delete the Kernel32.exe and kdll.dll. I had to do this from a command line 
after
starting from a boot disk. Windows wouldn't let me delete the files because 
they were
in use. Be sure to disconnect your PC from the network... or modem first as a 
safety
precaution. This is in the runonce registry key and if you aren't successful 
deleting
the two files it will mail itself to everyone in your address book after a 
successful
reboot. This is one more good reason to stop using the Microsoft mail client! 
:-)
Please let me know if you need help. I'll be at home all day today and can be 
reached
at this address. I'd be happy to walk anyone through a clean up. - Ian

Ian Spencer wrote:

> Everyone,
> I received 2 emails this weekend with attachments that appeared as if they 
>were
> sent by Microsoft.  I did not even open the attachment, just looked at the 
>email
> in the preview pane only and still got infected.  The virus is brand new 
>(Norton
> only discovered it Yesterday). One of the attachments was called docs.doc.pif 
>and
> the other was ME_nude.MP3.scr. If you have received these, please disinfect 
>your
> machines.
>
> Details:
>
> 1. Virus is called W32/BadTrans@MM or WORM_BADTRANS.B
> 2. It is spred via email
> 3. It sends itself to everyone in your address book (which is why I'm
> alerting the list - some of you are in my address book)
> 4. It also writes a "back door" trojan in your registry that records all
> your keystrokes- which could allow someone via the net to access all your
> passwords, etc.
>
> If you have Norton AV with latest definitions you should be ok.  If you want 
>to be
> sure, look in your C:\Windows\System directory for two files: Kernal32.exe and
> kdll.dll.  If you have these files, delete them!  Also, look in your registry 
>(use
> REGEDIT) for this entry: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
> Version\RunOnce\Kernal32=Kernal32.exe
>
> If you have that entry, delete it (not the entire directories, just the
> Kernal32=Kernal32.exe part) Keep an eye out for this one - its nasty.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  New Virus Alert, Ian Spencer
Next by Date:  Alpine in D.C. Area, Russ Eshelman
Previous by Thread:  New Virus Alert, Ian Spencer
Next by Thread:  Re: New Virus Alert, chuck nicodemus
Indexes:  [Date] [Thread] [Top] [All Lists]