Puter virus alert

greenspun.com : LUSENET : Country Families : One Thread

There is a new virus comming in on AOL email, known as "Fast Trans", it resembles a return email, it goes after credit card numbers and email addresses; as is being reported on the national news this morning.

-- mitch hearn (moopups@citlink.net), November 27, 2001


Hey Mitch! This sounds like the virus I had in my puter last week. According to my tech--if it's left alone and not fixed it will destroy the mother board of a puter. Something about "arcing" over and burning out the board. I opened an attatchment I shouldn't have. Norton didn't catch it. He downloaded two programs for fixing several viruses including the newest ones. I will email'm to anybody who wants' to save'm incase mr. virus moves in on your puter. Oh yeah---It's free! old hoot. Matt.24:44

-- old hoot gibson (hoot@pcinetwork.com), November 27, 2001.

There also seems to be a virus infecting some of the lists over at Yahoo Groups. It looks like a private email sent from a list member and even has the title of one of your previous posts in the subject line. There is a file attached to the email. I received two of them yesterday and the strange thing is that one of them was mimicking a list where I haven't been a member for several months. I sent an return email asking the person if they had indeed sent me a file but it came back as a bad address.

-- Sherri C (CeltiaSkye@aol.com), November 27, 2001.

So how do you know if you've got this virus? I received an strange email on this yahoo account as if it were an answer to a post. So far nothing seems to be wrong with my computer. Do I need to do anything?

-- Barb in Ky. (bjconthefarm@yahoo.com), November 27, 2001.

As long as you didn't open any attached files you should be fine. It wouldn't hurt to run a virus scan on your computer, just to be sure. If you don't have anti-virus software on your computer you really should get some, and keep it updated. Unfortunately there are some sick people out there who think it's cool to trash other people's computers.

-- Sherri C (CeltiaSkye@aol.com), November 27, 2001.

Can someone instruct us of how to run a virus scan?

-- mitch hearn (moopups@citlink.net), November 27, 2001.

It would be safe not to open any .exe attachments. At work we are constantly getting these warnings.

-- melinda (speciallady104@hotmail.com), November 27, 2001.

Mitch, the directions for running a virus scan will depend upon what type of virus detection software your computer is running. Probably the most well-known software is called Norton Anti-virus. Here is a link to a list of several virus-protection software companies. Antivirus Vendors

-- Sherri C (CeltiaSkye@aol.com), November 27, 2001.

W32.Badtrans.B@mm is a MAPI worm that emails itself out as one of several different file names. This worm also drops a backdoor trojan that logs keystrokes.

Type: Worm

Virus Definitions: November 24, 2001

Threat Assessment:

Wild: Medium Damage: Low Distribution: High


Number of infections: 50 - 999 Number of sites: 3 - 9 Geographical distribution: Medium Threat containment: Easy Removal: Easy


Payload: Large scale e-mailing: Sends email from addresses found in the default MAPI program. Compromises security settings: Installs keystroke logging Trojan.

Technical description:

This worm arrives as an email with one of several attachment names and a combination of two appended extensions.


The first extension that is appended to the file name is one of the following: .DOC .MP3 .ZIP

The second extension that is appended to the file name is one of the following: .pif .scr

The resulting file name would look something like this: CARD.DOC.PIF NEWS_DOC.MP3.SCR etc.

When executed, this worm copies itself as kernel32.exe in the "\windows\system" directory. It then adds the following registry value:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\K ernel32=kernel32.exe.

Prevention methods: 1. Corporate email filtering systems should block all email that have attachments with the extensions .scr and .pif. 2. Users should not open any emails with an attachment that matches the names listed above. Any email that has such an attachment should be deleted.

Removal instructions:

1. Run LiveUpdate to make sure that you have the most recent virus definitions. 2. Start Norton AntiVirus (NAV), and make sure that NAV is configured to scan all files. For instructions on how to do this, read the document How to configure Norton AntiVirus to scan all files. 3. Run a full system scan. 4. Delete all files that are detected as W32.Badtrans.B@mm. 5. Remove the registry value listed above.

MORE INFO for those infected: http://www.wired.com/news/technology/0,1282,48613,00.html

-- anonymouse (bugreaper@nobugs.net), November 28, 2001.

I'd just run Norton AntiVirus H+Bedv AntiVir, since the second one is free I would get it, but there is ways of getting around buying most programs.

-- Corlen Belspar (corlenbelspar@hotmail.com), June 22, 2002.

Yes, there are ways of getting around buying most anything, but most of them are called "stealing." ;)

-- Earthmama (earthmama48@yahoo.com), June 22, 2002.

I've got 10 emails the other day saying my emails were returned fake email address.Sent out by the server DAMON. I was out of town and know my computer was off the day so no one sent out any emails that day. Check out virus protection and Norton says I have no virus but after reading this above I am a little scared. My server is keeping all my emails and putting into two different catogories, junk mail and possible virus mail. After 14 days the server deletes. If I open one up at the server's site I am okay. So the server says but frakely I see no reason to even look at the site. Before contacting the server I received two emails. One from a German email with some nasty stuff on it (translated into English) and another from bill gates telling me how cool it was sending out emails with fake addresses. Any ideas as to what is up. Never been spam (sp) before. By the way I am using a fake email above. Never had to do that before, had up until now used my real email so I guess anyone could have that. Debbie

-- debbie (debbie@cwis.net), June 23, 2002.

Moderation questions? read the FAQ