Virus w32.Badtrans.B@mm - Sorry

greenspun.com : LUSENET : Unofficial Newcastle United Football Club BBS : One Thread

Thanks to Geordie for letting me know I had got this virus and sorry to anyone who might have got it from me. It's just taken me 3 hours to get rid of it, I hope. How does it spread around? Should you do anything to notify anyone who might have got it from your computer? And how do you know who might have got it from you? I found out how to erase it from http://www.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html. But they haven't got a tool to help you do it automatically, so I looked elsewhere and found one at http://www.bitdefender.com/html/free_tools.php You have to do this in Windows Safe Mode. Then, following the symantec instructions, you then need to delete from the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

the value Kernel32 kernel32.exe

I am not all that good at this kind of stuff, but I think I've succeeded in getting rid of it. The strange thing is that my Norton Utilities which includes AntiVirus SE didn't see it. I suppose the trouble is that to be 100% safe you'd have to Update your virus definitions every time you switch your computer on. Which would be boring and take a long time. By the way is Norton Antivirus the best? I quite liked the look of the "Bitdefender" which i found on the net this evening and which is free. They were the most up to date in having already issued a virus deletion tool, when Norton, McAfee, FS, etc just have manual instructions. These viruses get on my nerves - I had that other one called SirCam a few months ago too, and that took a whole evening to get rid of too. On the bright side we're going to erase the London virus well and truly over the next couple of weeks with triumphs over Charlton, Chelsea and Arsenal, aren't we?

-- Anonymous, November 29, 2001

Answers

Barry - we use NAV at work. As I said on "your thread", I was only informed this morning to get the latest virus defonition file from Symantec's "live Update" page so I guess it is pretty new. My company are pretty hot on viruses and fortunately we tend to get warnings pretty quickly. In addition to this, most viruses seem to propagate via Outlook Address Book. Fortunately, we don't use Outlook. Not that that is any guarantee mind. These nasty buggers will no doubt soon cotton on to other "less popular" e-mail packages.

Hard to feel guilty (tho you likely will!). It could - and does - happen to anyone. Best way to avoid them is to have no mates so that you don't appear in anyone's address book ;-)

-- Anonymous, November 29, 2001


You're right Screacher, I am feeling guilty. Do you mean everyone in our address book will have been sent a nasty e-mail by this virus? So I have to send out apologies and instructions on how to spend 3 hours getting rid of it to the whole address book?

-- Anonymous, November 29, 2001

I read that the virus spreads by responding to any email that you have not replied to. I had an email from you with subject line "re: ". I think this came to me on Monday/Tuesday but the new anti-virus defintions came out after that so even if you had been totally up to date you may have been unlucky and still got it!

I opened the email using my uk2.net web page and something funny did happen (I think it couldn't read the attachment) but I've checked my system and all seems OK.... another good reason for not using Outlook!!

-- Anonymous, November 30, 2001


Got yours in my hotmail account but it couldn't get out. Unfortunately I also received it on our work account from elsewhere and since it is such a crappy system we use it automatically displayed the attachment. The "support" team at Head Office were arrogant and dismissive when I called them to let them know that we have a problem so I shall enjoy watching them spend all weekend dialling into every machine in the organisation. A stitch in time saves nine and pride comes before a fall. Just because you haven't heard about something doesn't mean it ain't true.

-- Anonymous, November 30, 2001

Geordie, I think it was BADTRANS.A which replied to unanswered e- mails. The Symantec site decription for Badtrans.B is here. I can't see anything about how it distributes itself tho it does mention "large scale e-mailing" which is usually associated with the Outlook address book.

-- Anonymous, November 30, 2001


Being very non techy, someone will probably post on here to tell me that I've been living in a fools paradise for the past year, but I run an automatic live update and virus sweep every night at 4:00am. So far no problems. We are very small, and maintain our own IT, and also use Linux on the two servers. I'm guessing that also helps, on occassions when these bu....s are having another pop at Microsoft software.

-- Anonymous, November 30, 2001

Terry, sounds like you have it covered. Do you also run any firewall software?

-- Anonymous, November 30, 2001

Geordie, I believe Linux has a built in firewall, and we sit behind that. But like I said, I'm very non-techy.

-- Anonymous, November 30, 2001

Slightly off topic, but perhaps of interest in view of this latest problem.

I recently installed Norton Firewall on a whim, thinking it probably wasn't necessary, but on the "better safe than sorry" philosophy.

In the 4 weeks since I installed it, NF has blocked TEN attempts to hack into my system and plant various Trojans - usually the "Backdoor/SubSeven Trojan", but also the "Hack A Tack" and "NetBus" Tojans.

Using the RIPE site to identify the ISP of the Senders wherever possible, I have reported these incidents to Demon, BT, NTL and Blueyonder, and been advised they are under active investigation.

My experience has been a real eye-opener for me, and indicates how much at risk you are without adequate PC security protection from the sad toe-rags who perpetrate these acts.

-- Anonymous, November 30, 2001


That's interesting about the firewall Clarky, I've thought for a while about whether or not it's worth installing so you've given me a nudge in that direction. I'm using the McAfee virus scanner which up to now has kept me bomb proof, but it's essential to keep the dat file up to date - all the better if you can set it up to update that and also the engine automatically.

-- Anonymous, November 30, 2001


Zone Alarm, Black Ice Defender are free and apparently very good...

-- Anonymous, November 30, 2001

Ahh one of them isn't free...the best one of course :)

-- Anonymous, November 30, 2001

Moderation questions? read the FAQ