RootsWeb: ESSEX-UK-L Virus

ESSEX-UK-L Archives

Archiver > ESSEX-UK > 2001-05 > 0988893623

From: "Jeffrey jones" <>
Subject: Virus
Date: Thu, 3 May 2001 22:40:23 +1000

Hi Everyone I am sorry to say my computer has been infected with a virus. If you receive an email from me and it has an attachment please don't open it. I will send another email when I am sure everything is ok again. I will also unsubscribe from the list. Below is an email I received to help me. Kim. Sorry, Kim It was a virus. I got the same thing the same way. Following is instructions on how to remove it which I received: Your computer is infected with the Badtrans Virus. Below are instructions for removing it from your computer. The virus concerned is (according to the McAfee Virus Information Library) W32/Badtrans @MM. The virus is not transmitted via the list, but attaches itself to replies it generates from unread incoming messages. That means that if you have unread messages from the list in your mailbox, it will send itself out to the originators of those messages. If you receive a message with some of the text of a message which you have sent to somebody, or the list, with an additional line reading: 'Take a look to the attachment', and which has an attachment with any of the following names (or anything else you are suspicious of), do not open the attachment: Card.pif docs.scr fun.pif hamster.ZIP.scr Humor.TXT.pif images.pif New_Napster_Site.DOC.scr news_doc.scr Me_nude.AVI.pif Pics.ZIP.scr README.TXT.pif s3msong.MP3.pif searchURL.scr SETUP.pif Sorry_about_yesterday.DOC.pif YOU_are_FAT!.TXT.pif The virus is very crafty in that if you do run the file in the attachment by attempting to open it, it will give an error message which makes it appear that the file is corrupt. If you do see, or have seen this message in the last few days (the virus was discovered around the 11th of this month), your computer is infected and will start sending out messages to other people. The best way to get rid of it is to use one of the virus scanning packages that others have mentioned. Make sure that you download a new copy of your package or its data files though as this is a new virus and old scanners may not detect it. If you want to do the job manually, you have to use Regedit to delete registry keys which have 'kern32.exe' as the value (if you search using Regedit, it will find about three entries for this but two of them are for the search itself). You will then need to edit WIN.INI and remove the entry for running INETD.EXE at startup. Then restart your computer and find and delete the INETD.EXE file from your Windows directory, and the files KERN32.EXE and HKSDLL.DLL from your Windows\System directory. You cannot delete these files without removing the key and .ini file entry first and restarting the computer as you will be told that the files are in use by Windows if you try. If any of the above instructions are in any way unclear to you, use an anti-virus package instead as it is possible to cause a lot of damage if you are not sure what you are doing in the system registry or system folders. Kim Jones Kim Jones

This thread:

Virus by "Jeffrey jones" <>
- Virus by "Rigby" <>
- Virus by "yvonne dale" <>
  - Re: Virus by "George Spooner" <>
- Fw: Virus by "yvonne dale" <>
- Re: Virus by myoffice <>
  - Re: Hamster Virus (Hoaxe) by Kevin Cole <>
    - Re: Hamster Virus (Hoaxe) by "George Spooner" <>