RootsWeb: NYDELAWA-L [NYDELAWA-L] re: current blank messages

NYDELAWA-L Archives

Archiver > NYDELAWA > 2001-11 > 1006876985

From: Joyce Riedinger <>
Subject: [NYDELAWA-L] re: current blank messages
Date: Tue, 27 Nov 2001 11:03:05 -0500

Hello All ... I know that two members of our list are infected (and perhaps others) with what I believe to be the virus that Steve Delibert mentions below. Please read and run the search on your computer. Joyce, look at this description from the McAfee site: http://www.mcafee.com/anti-virus/viruses/badtrans/default.asp?cid=2607W32/Badtrans@MM is a mass-mailing worm that drops a remote-access Trojan. The virus arrives via email in Microsoft Outlook and attempts to send itself by replying to unread email messages. The email may contain the text "Take a look to the attachment" in the message body and will contain an attachment that is 13,312 bytes in length. The attachment name is created from three sections. I think if you have a good updated virus scanner, it will pull off the attachment from an infected email and leave you with the blank mail. I wonder if a few people on the list are infected and don't know it, and their computers are sending responses to mails you sent in the past that they may not have read? They should search their Windows directory for intetd.exe and/or windows system directory for kern32.exe -- again see McAfee (below). If the attachment is opened, the worm displays a message box entitled, "Install error" which reads, "File data corrupt: probably due to a bad data transmission or bad disk access." A copy is saved into the WINDOWS directory as INETD.EXE and an entry is entered into the WIN.INI file to run INETD.EXE at startup. KERN32.EXE (a backdoor Trojan), and HKSDLL.DLL (a valid keylogger DLL) are written to the WINDOWS SYSTEM directory, and a registry entry is created to load the Trojan upon system startup. -- Joyce Riedinger, Coordinator Delaware County NY Genealogy and History Site http://www.rootsweb.com/~nydelawa/ List of Participants - http://www.rootsweb.com/~nydelawa/aboutwebsite.html#participants Delaware County Listowner

This thread:

[NYDELAWA-L] re: current blank messages by Joyce Riedinger <>