-=PCTechTalk=- Re: Deleted Mail
- From: "Brenda" <pima@xxxxxxxxxxxxx>
- To: <pctechtalk@xxxxxxxxxxxxx>
- Date: Thu, 25 Jul 2002 00:27:22 -0400
i am rid of 2 virus, one non cleanable, looking at what it is,....
do i do this?
WORM_BADTRANS.B
Risk rating:
Virus type: Worm
Destructive: No
Aliases:
W32/Badtrans-B, BADTRANS.B, W32/Badtrans@MM, W32.Badtrans.B@mm,
W32/BadTrans.B-mm
Description:
This memory-resident Internet worm is a variant of WORM_BADTRANS.A. It
propagates via MAPI32, has a Key Logger component, and arrives with randomly
selected double-extension filenames.
It does not require the email receiver to open the attachment for it to
execute. It uses a known vulnerability in Internet Explorer-based email
clients (Microsoft Outlook and Microsoft Outlook Express) to automatically
execute the file attachment. This is also known as Automatic Execution of
Embedded MIME type.
Solution:
Automatic Removal Instructions
You may download and apply Trend Micro's fix_badtransb.com to automatically
clean your system. Trend Micro recommends that you view the
readme_badtransb.txt before downloading and running the fix tool. If you
have a MD5 tool, the MD5 signature of this tool is
1a29eadf30a5fd0c590d452db06e7969.
Manual Removal Instructions
Start your system is Safe Mode. This is a special way of loading Windows
when there is a "system-critical" problem that interferes with the normal
operation of Windows. Safe Mode allows you to troubleshoot Windows and to
determine what is causing Windows to not function properly. Usually after
you have corrected the problem in Safe Mode and you reboot your computer,
Windows loads normally.
On Windows 95:
Restart your computer.
As soon as you see the "Starting Windows 95..." on you computer screen,
press the F8 key on your keyboard. This brings up the Microsoft Windows 95
startup menu with the following items:
Normal
Logged (\BOOTLOG.TXT)
Safe Mode
Safe mode with network support
Step-by-step conformation
Command prompt only
Safe mode command prompt only
Previous version of MS-DOS
At the "Enter a choice:" line, enter the number, (3), or the number for
"Safe Mode." If the database is located on a network, choose number four
"Safe mode with network support" and then hit the Enter key or press the F5
key instead of 3 to go to Safe Mode. This opens Windows in Safe Mode.
To start Windows 98 in Safe Mode:
Restart your computer.
Click Start > Shutdown > Restart > OK
Press and hold the CTRL key until the Microsoft Windows 98 Startup Menu
appears. On some machines, you can use F8 instead of CTRL to bring up the
Microsoft Windows 98 Startup Menu.
Normal
Logged (\BOOTLOG.TXT)
Safe Mode
Step-by-step conformation
Command prompt only
Safe mode command prompt only
Previous version of MS-DOS
Enter the number for Safe Mode, 3, and then hit the ENTER key or you can
Press F5 key instead of 3 to go to Safe Mode. This opens Windows in Safe
Mode.
To start Windows ME in Safe Mode:
Restart your computer.
As soon as you see "Starting Windows..." appear on you computer screen,
press the F8 key on your keyboard. This brings up the Microsoft Windows
Millennium Startup Menu with the following:
Normal
Logged (\BOOTLOG.TXT)
Safe Mode
Step-by-step conformation
Enter the number, 3, and then hit the ENTER key or press the F5 key to go to
Safe Mode. Windows then opens in Safe Mode.
To start Windows 2000 in Safe Mode:
Turn on or reboot your computer.
As soon as you see "Starting Windows" with a black background on your
screen, press and hold the F8 key. This presents a screen with the following
options to choose from:
Safe Mode
Safe Mode With Networking
Safe Mode With Command Prompt
Enable Boot Logging
Enable VGA Mode
Last Known Good Configuration
Debugging Mode
Choose Safe Mode
On Windows NT in VGA Mode or Safe Mode:
Safe mode is the method for booting into a simple system configuration on
Windows 95*. VGA mode is the diagnostic mode on Windows NT.
When Windows boots into Safe mode or VGA mode, it uses basic default
settings that run the operating system with minimal functionality. Meaning
it loads a "bare bones operating system".
To boot in VGA Mode:
Restart your computer.
During the boot sequence, the following options are displayed:
Windows NT Workstation Version 4.00
Windows NT Workstation Version 4.00 [VGA Mode]
Choose Windows NT Workstation Version 4.00 [VGA Mode], then hit the Enter
key.
Windows NT has something that is equivalent to Safe Mode in Win95/98. It has
something to do with entering a parameter in the BOOT.INI file. The
instructions for this are as follows:
Change the attributes for BOOT.INI so that it is not 'Read Only.' BOOT.INI
is found in the root directory of the first partition.
Open the file using Notepad or another text editor (not Microsoft Word or
any word processor).
Listed under the [operating systems] section are all the Operating Systems
(OSs) that the NT boot loader can launch. To create a new safe mode entry,
copy one of the existing NT entries to a new line.
At the end of the new entry add "/sos" (without the quotation marks), change
the description of the entry to reflect that it is in Safe Mode. Adding the
"/basevideo" without the quotation marks, launches NT with the default VGA
driver.
The new entry should look similar to the following:
multi(0)disk(0)rdisk(0)partition(1)\WINNT = "Windows NT Workstation Version
4.00 [Safe Mode]" /sos /basevideo
Changes take place on the next reboot.
Go to the %System% directory. %System% is variable. It is usually located in
the root directory C:\ (C:\System).
In the above directory, delete the CP_25389.NLS file.
Click Start>Run, type Regedit then hit the Enter key.
Double click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft
>Windows>CurrentVersion>RunOnce
In the right panel, look for following registry value:
kernel32
Click the registry value and then delete it.
Restart your system.
Scan your system with Trend Micro antivirus and delete all files detected as
WORM_BADTRANS.B. To do this, Trend Micro customers must download the latest
pattern file and scan their system. Other email users may use HouseCall,
Trend Micro's free online virus scanner.
Trend Micro offers best-of-breed antivirus and content-security solutions
for your corporate network or home PC.
Email this page Rate this page Contact us
Copyright 1989-2002 Trend Micro, Incorporated. All rights reserved. Legal
notice.
----- Original Message -----
From: "Clint D" <driggars@xxxxxxxxxxxxx>
To: <pctechtalk@xxxxxxxxxxxxx>
Sent: Wednesday, July 24, 2002 11:53 PM
Subject: -=PCTechTalk=- Re: Deleted Mail
>
> Brenda
> If you do have a virus, then you will have to download a tool to clean it,
> this you will have to do in Dos
> Once you get clean and running, then you need to run another check just to
> make sure that everything got cleaned. Go to the Norton website. If you
can
> use someone else's computer to download the fix to a disk would be better,
> then boot the computer in dos mode
> Clint
>
> ----- Original Message -----
> From: "Brenda" <pima@xxxxxxxxxxxxx>
> To: <pctechtalk@xxxxxxxxxxxxx>
> Sent: Wednesday, July 24, 2002 9:58 PM
> Subject: -=PCTechTalk=- Re: Deleted Mail
>
>
> >
> > thanks where do i update norton?
> > ----- Original Message -----
> > From: "Clint D" <driggars@xxxxxxxxxxxxx>
> > To: <pctechtalk@xxxxxxxxxxxxx>
> > Sent: Wednesday, July 24, 2002 10:35 PM
> > Subject: -=PCTechTalk=- Re: Deleted Mail
> >
> >
> > >
> > > It sounds like you need to run a virus scan and do a virus clean up.
> Also
> > > you need a good virus program like Norton 2002 and do live updates at
> > least
> > > once a week
> > > Clint
> > >
> > > ----- Original Message -----
> > > From: "Brenda" <pima@xxxxxxxxxxxxx>
> > > To: <pctechtalk@xxxxxxxxxxxxx>
> > > Sent: Wednesday, July 24, 2002 9:22 PM
> > > Subject: -=PCTechTalk=- Re: Deleted Mail
> > >
> > >
> > > >
> > > > ok
> > > > i got an email yesterday that was odd so i deleted it because it
had
> > an
> > > > attatchemnt,,,, today i got the same email from a FAMILIAR
person(who
> by
> > > the
> > > > way is out of town and hasnt been on pc in 2 weeks) but the kids
> opened
> > > it,
> > > > the text part of the message is as follows////This is a new game
> > > > This game is my first work.
> > > > You're the first player.
> > > > I expect you would like it.
> > > > it has an attchment. it was opened..
> > > > after that i got the follwing emails,
> > > > Our virus detector has just been triggered by a message you sent:-
> > > > To: <sales@xxxxxxxxxxxxxxx>
> > > > Subject: A new game
> > > > Date: Wed Jul 24 11:31:20 2002
> > > > Any infected parts of the message have not been delivered.
> > > >
> > > > This message is simply to warn you that your computer system may
have
> a
> > > > virus present and should be checked.
> > > >
> > > > The virus detector said this about the message:
> > > > Report: >>> Virus 'W32/Klez-G' found in file
> ./g6OIUuA09942/install.exe
> > > >
> > > > --
> > > > AND.......The virus detector said this about the message:
> > > > Report: >>> Virus 'W32/Klez-G' found in file ./g6OLuBA18668/Beatles-
> Let
> > > It
> > > > Be.scr
> > > > Windows Screensavers often hide viruses in email in Beatles- Let It
> > Be.scr
> > > >
> > > > ALSO
> > > > i have about 100 returned mails.i dont even know the address,
> meaning
> > > > theyre not people i email..
> > > > here is an example//The original message was received at Wed, 24 Jul
> > 2002
> > > > 09:40:41 -0700 (PDT)
> > > > from swan.mail.pas.earthlink.net [207.217.120.123]
> > > >
> > > > ----- The following addresses had transient non-fatal
errors -----
> > > > <rae_leap@xxxxxxxxxxx>
> > > >
> > > > ----- Transcript of session follows -----
> > > > <rae_leap@xxxxxxxxxxx>... Deferred: Connection refused by
> > > mx11.hotmail.com.
> > > > Warning: message still undelivered after 4 hours
> > > > Will keep trying until message is 3 days old
> > > > there were maybe 2 that i knew....
> > > > what is going on? any idea/.
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Darryl" <minoddy@xxxxxxxxxxxxxxxx>
> > > > To: <pctechtalk@xxxxxxxxxxxxx>
> > > > Sent: Wednesday, July 24, 2002 10:17 PM
> > > > Subject: -=PCTechTalk=- Re: Deleted Mail
> > > >
> > > >
> > > > >
> > > > > Yes, but I am not having a clue to what your problem is, as your
> > > > explanation
> > > > > is very erractic
> > > > >
> > > > > Darryl
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Brenda"
> > > > >
> > > > > >
> > > > > > is anyone seeing my messages????/
> > > > > > Brenda
> > > > >
> > > > >
> > > > >
> > > > > To unsub or change your email settings:
> > > > > //www.freelists.org/webpage/pctechtalk
> > > > >
> > > > > To access our Archives:
> > > > > http://groups.yahoo.com/group/PCTechTalk/messages/
> > > > > //www.freelists.org/archives/pctechtalk/
> > > >
> > > > To unsub or change your email settings:
> > > > //www.freelists.org/webpage/pctechtalk
> > > >
> > > > To access our Archives:
> > > > http://groups.yahoo.com/group/PCTechTalk/messages/
> > > > //www.freelists.org/archives/pctechtalk/
> > > >
> > >
> > > To unsub or change your email settings:
> > > //www.freelists.org/webpage/pctechtalk
> > >
> > > To access our Archives:
> > > http://groups.yahoo.com/group/PCTechTalk/messages/
> > > //www.freelists.org/archives/pctechtalk/
> >
> > To unsub or change your email settings:
> > //www.freelists.org/webpage/pctechtalk
> >
> > To access our Archives:
> > http://groups.yahoo.com/group/PCTechTalk/messages/
> > //www.freelists.org/archives/pctechtalk/
> >
>
> To unsub or change your email settings:
> //www.freelists.org/webpage/pctechtalk
>
> To access our Archives:
> http://groups.yahoo.com/group/PCTechTalk/messages/
> //www.freelists.org/archives/pctechtalk/
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
Other related posts:
