i am rid of 2 virus, one non cleanable, looking at what it is,.... do i do this? WORM_BADTRANS.B Risk rating: Virus type: Worm Destructive: No Aliases: W32/Badtrans-B, BADTRANS.B, W32/Badtrans@MM, W32.Badtrans.B@mm, W32/BadTrans.B-mm Description: This memory-resident Internet worm is a variant of WORM_BADTRANS.A. It propagates via MAPI32, has a Key Logger component, and arrives with randomly selected double-extension filenames. It does not require the email receiver to open the attachment for it to execute. It uses a known vulnerability in Internet Explorer-based email clients (Microsoft Outlook and Microsoft Outlook Express) to automatically execute the file attachment. This is also known as Automatic Execution of Embedded MIME type. Solution: Automatic Removal Instructions You may download and apply Trend Micro's fix_badtransb.com to automatically clean your system. Trend Micro recommends that you view the readme_badtransb.txt before downloading and running the fix tool. If you have a MD5 tool, the MD5 signature of this tool is 1a29eadf30a5fd0c590d452db06e7969. Manual Removal Instructions Start your system is Safe Mode. This is a special way of loading Windows when there is a "system-critical" problem that interferes with the normal operation of Windows. Safe Mode allows you to troubleshoot Windows and to determine what is causing Windows to not function properly. Usually after you have corrected the problem in Safe Mode and you reboot your computer, Windows loads normally. On Windows 95: Restart your computer. As soon as you see the "Starting Windows 95..." on you computer screen, press the F8 key on your keyboard. This brings up the Microsoft Windows 95 startup menu with the following items: Normal Logged (\BOOTLOG.TXT) Safe Mode Safe mode with network support Step-by-step conformation Command prompt only Safe mode command prompt only Previous version of MS-DOS At the "Enter a choice:" line, enter the number, (3), or the number for "Safe Mode." If the database is located on a network, choose number four "Safe mode with network support" and then hit the Enter key or press the F5 key instead of 3 to go to Safe Mode. This opens Windows in Safe Mode. To start Windows 98 in Safe Mode: Restart your computer. Click Start > Shutdown > Restart > OK Press and hold the CTRL key until the Microsoft Windows 98 Startup Menu appears. On some machines, you can use F8 instead of CTRL to bring up the Microsoft Windows 98 Startup Menu. Normal Logged (\BOOTLOG.TXT) Safe Mode Step-by-step conformation Command prompt only Safe mode command prompt only Previous version of MS-DOS Enter the number for Safe Mode, 3, and then hit the ENTER key or you can Press F5 key instead of 3 to go to Safe Mode. This opens Windows in Safe Mode. To start Windows ME in Safe Mode: Restart your computer. As soon as you see "Starting Windows..." appear on you computer screen, press the F8 key on your keyboard. This brings up the Microsoft Windows Millennium Startup Menu with the following: Normal Logged (\BOOTLOG.TXT) Safe Mode Step-by-step conformation Enter the number, 3, and then hit the ENTER key or press the F5 key to go to Safe Mode. Windows then opens in Safe Mode. To start Windows 2000 in Safe Mode: Turn on or reboot your computer. As soon as you see "Starting Windows" with a black background on your screen, press and hold the F8 key. This presents a screen with the following options to choose from: Safe Mode Safe Mode With Networking Safe Mode With Command Prompt Enable Boot Logging Enable VGA Mode Last Known Good Configuration Debugging Mode Choose Safe Mode On Windows NT in VGA Mode or Safe Mode: Safe mode is the method for booting into a simple system configuration on Windows 95*. VGA mode is the diagnostic mode on Windows NT. When Windows boots into Safe mode or VGA mode, it uses basic default settings that run the operating system with minimal functionality. Meaning it loads a "bare bones operating system". To boot in VGA Mode: Restart your computer. During the boot sequence, the following options are displayed: Windows NT Workstation Version 4.00 Windows NT Workstation Version 4.00 [VGA Mode] Choose Windows NT Workstation Version 4.00 [VGA Mode], then hit the Enter key. Windows NT has something that is equivalent to Safe Mode in Win95/98. It has something to do with entering a parameter in the BOOT.INI file. The instructions for this are as follows: Change the attributes for BOOT.INI so that it is not 'Read Only.' BOOT.INI is found in the root directory of the first partition. Open the file using Notepad or another text editor (not Microsoft Word or any word processor). Listed under the [operating systems] section are all the Operating Systems (OSs) that the NT boot loader can launch. To create a new safe mode entry, copy one of the existing NT entries to a new line. At the end of the new entry add "/sos" (without the quotation marks), change the description of the entry to reflect that it is in Safe Mode. Adding the "/basevideo" without the quotation marks, launches NT with the default VGA driver. The new entry should look similar to the following: multi(0)disk(0)rdisk(0)partition(1)\WINNT = "Windows NT Workstation Version 4.00 [Safe Mode]" /sos /basevideo Changes take place on the next reboot. Go to the %System% directory. %System% is variable. It is usually located in the root directory C:\ (C:\System). In the above directory, delete the CP_25389.NLS file. Click Start>Run, type Regedit then hit the Enter key. Double click the following: HKEY_LOCAL_MACHINE>Software>Microsoft >Windows>CurrentVersion>RunOnce In the right panel, look for following registry value: kernel32 Click the registry value and then delete it. Restart your system. Scan your system with Trend Micro antivirus and delete all files detected as WORM_BADTRANS.B. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner. Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network or home PC. Email this page Rate this page Contact us Copyright 1989-2002 Trend Micro, Incorporated. All rights reserved. Legal notice. ----- Original Message ----- From: "Clint D" <driggars@xxxxxxxxxxxxx> To: <pctechtalk@xxxxxxxxxxxxx> Sent: Wednesday, July 24, 2002 11:53 PM Subject: -=PCTechTalk=- Re: Deleted Mail > > Brenda > If you do have a virus, then you will have to download a tool to clean it, > this you will have to do in Dos > Once you get clean and running, then you need to run another check just to > make sure that everything got cleaned. Go to the Norton website. If you can > use someone else's computer to download the fix to a disk would be better, > then boot the computer in dos mode > Clint > > ----- Original Message ----- > From: "Brenda" <pima@xxxxxxxxxxxxx> > To: <pctechtalk@xxxxxxxxxxxxx> > Sent: Wednesday, July 24, 2002 9:58 PM > Subject: -=PCTechTalk=- Re: Deleted Mail > > > > > > thanks where do i update norton? > > ----- Original Message ----- > > From: "Clint D" <driggars@xxxxxxxxxxxxx> > > To: <pctechtalk@xxxxxxxxxxxxx> > > Sent: Wednesday, July 24, 2002 10:35 PM > > Subject: -=PCTechTalk=- Re: Deleted Mail > > > > > > > > > > It sounds like you need to run a virus scan and do a virus clean up. > Also > > > you need a good virus program like Norton 2002 and do live updates at > > least > > > once a week > > > Clint > > > > > > ----- Original Message ----- > > > From: "Brenda" <pima@xxxxxxxxxxxxx> > > > To: <pctechtalk@xxxxxxxxxxxxx> > > > Sent: Wednesday, July 24, 2002 9:22 PM > > > Subject: -=PCTechTalk=- Re: Deleted Mail > > > > > > > > > > > > > > ok > > > > i got an email yesterday that was odd so i deleted it because it had > > an > > > > attatchemnt,,,, today i got the same email from a FAMILIAR person(who > by > > > the > > > > way is out of town and hasnt been on pc in 2 weeks) but the kids > opened > > > it, > > > > the text part of the message is as follows////This is a new game > > > > This game is my first work. > > > > You're the first player. > > > > I expect you would like it. > > > > it has an attchment. it was opened.. > > > > after that i got the follwing emails, > > > > Our virus detector has just been triggered by a message you sent:- > > > > To: <sales@xxxxxxxxxxxxxxx> > > > > Subject: A new game > > > > Date: Wed Jul 24 11:31:20 2002 > > > > Any infected parts of the message have not been delivered. > > > > > > > > This message is simply to warn you that your computer system may have > a > > > > virus present and should be checked. > > > > > > > > The virus detector said this about the message: > > > > Report: >>> Virus 'W32/Klez-G' found in file > ./g6OIUuA09942/install.exe > > > > > > > > -- > > > > AND.......The virus detector said this about the message: > > > > Report: >>> Virus 'W32/Klez-G' found in file ./g6OLuBA18668/Beatles- > Let > > > It > > > > Be.scr > > > > Windows Screensavers often hide viruses in email in Beatles- Let It > > Be.scr > > > > > > > > ALSO > > > > i have about 100 returned mails.i dont even know the address, > meaning > > > > theyre not people i email.. > > > > here is an example//The original message was received at Wed, 24 Jul > > 2002 > > > > 09:40:41 -0700 (PDT) > > > > from swan.mail.pas.earthlink.net [207.217.120.123] > > > > > > > > ----- The following addresses had transient non-fatal errors ----- > > > > <rae_leap@xxxxxxxxxxx> > > > > > > > > ----- Transcript of session follows ----- > > > > <rae_leap@xxxxxxxxxxx>... Deferred: Connection refused by > > > mx11.hotmail.com. > > > > Warning: message still undelivered after 4 hours > > > > Will keep trying until message is 3 days old > > > > there were maybe 2 that i knew.... > > > > what is going on? any idea/. > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Darryl" <minoddy@xxxxxxxxxxxxxxxx> > > > > To: <pctechtalk@xxxxxxxxxxxxx> > > > > Sent: Wednesday, July 24, 2002 10:17 PM > > > > Subject: -=PCTechTalk=- Re: Deleted Mail > > > > > > > > > > > > > > > > > > Yes, but I am not having a clue to what your problem is, as your > > > > explanation > > > > > is very erractic > > > > > > > > > > Darryl > > > > > > > > > > ----- Original Message ----- > > > > > From: "Brenda" > > > > > > > > > > > > > > > > > is anyone seeing my messages????/ > > > > > > Brenda > > > > > > > > > > > > > > > > > > > > To unsub or change your email settings: > > > > > //www.freelists.org/webpage/pctechtalk > > > > > > > > > > To access our Archives: > > > > > http://groups.yahoo.com/group/PCTechTalk/messages/ > > > > > //www.freelists.org/archives/pctechtalk/ > > > > > > > > To unsub or change your email settings: > > > > //www.freelists.org/webpage/pctechtalk > > > > > > > > To access our Archives: > > > > http://groups.yahoo.com/group/PCTechTalk/messages/ > > > > //www.freelists.org/archives/pctechtalk/ > > > > > > > > > > To unsub or change your email settings: > > > //www.freelists.org/webpage/pctechtalk > > > > > > To access our Archives: > > > http://groups.yahoo.com/group/PCTechTalk/messages/ > > > //www.freelists.org/archives/pctechtalk/ > > > > To unsub or change your email settings: > > //www.freelists.org/webpage/pctechtalk > > > > To access our Archives: > > http://groups.yahoo.com/group/PCTechTalk/messages/ > > //www.freelists.org/archives/pctechtalk/ > > > > To unsub or change your email settings: > //www.freelists.org/webpage/pctechtalk > > To access our Archives: > http://groups.yahoo.com/group/PCTechTalk/messages/ > //www.freelists.org/archives/pctechtalk/ To unsub or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/