*climbing back onto the soapbox*
> I dont know but this person Jeanne Lacourse went to a lot of trouble
> digging back and finding a question I asked almost a month ago about
> magnesium and snipped it and said to check out the attachment......
> SOMEONE IS GOING TO A LOT OF TROUBLE TO SCREW WITH THE LIST
Noone is screwing with the list, noone is screwing with you, noone is out to
get you, there are not black helicopters over your house. (except in a few
cases) Noone is snipping the text. The virus works like this:
1st. It comes into your system via email from a infected user. The virus
picked your to infect because the infected user has unread messages on their
incoming mail server, and they are processed into outlook express.
2nd. YOU try to open a infected attatchemnt, it gives you the error,
"Install error" which reads, "File data corrupt: probably due to a bad data
transmission or bad disk access."
3rd. A copy is saved into the WINDOWS directory as INETD.EXE and an entry is
entered into the WIN.INI file to run INETD.EXE at startup. KERN32.EXE (a
backdoor Trojan), and HKSDLL.DLL (a valid keylogger DLL) are written to the
WINDOWS SYSTEM directory, and a registry entry is created to load the Trojan
upon system startup.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
RunOnce\kernel32=kern32.exe
After that, the virus attempts to obtain the email address, and the IP
address (like the street address) of the computer, and email it to the virus
author. They can use this to attempt to connect to your system and obtain
sensitive information.
This is the group of people who are sensitive to infection by this virus:
Users with a IBM compatible computer, running Windows 95/98/me/NT, using
Microsoft Outlook or Outlook express for their email.
This virus is not known to attack Macs, Linux, unix, Web-tv, or AOL users.
(That is not a reccomendation to switch to that, because theres virus's out
there for those too)
Is noone a word? I dont know, I need a spell checker. Ok, this last week
i've been tracking down this virus. As far as I am aware of, if every member
of this list got infected, it would still be less then 5% of the total
infection that this has caused. I traced the infection to a single user off
the list, who infected 1 user on the list, and it spread from there, both to
other list members, and non-list members. As far as I am aware of, there
have been 12 list members infected total, and they may have infected a large
number of non-members. The virus neither started here, nor will it end here.
There have been several sugesstions from other people on how to clean your
system. I would follow them, because those are correct. I will re-post them
at the bottom of this email.
Now here are the plain simple facts.
1. This virus is hitting all over the internet.
2. It can be cleaned up before it infects your system.
3. (even better) It can be detected before it infects your system.
Info on this virus, and steps to remove it (recfcomend for advanced users)
http://www.symantec.com/avcenter/venc/data/w32.badtrans.13312@mm.html
Basic info on virus here and it tells you to buy their software to remove
ithttp://www.mcafee.com/anti-virus/viruses/badtrans/
How to detect this virus and prevent it from infecting your system. Do this
now. Do not pass go, do not collect $200.
The best solution for novice users is to set up 2 filters (rules)
Filter 1:
If subject contains [MV], and message has attatchments:
1. delete message.
Filter 2:
If subject contains [MV]
1. Move message to folder "MV"
2. Stop applying rules to this message.
*climbing down from the soapbox*
This archive was generated by hypermail 2b29 : Tue May 01 2001 - 07:42:41 PDT