Just a note: Don't delete the kernel32.dll... it is a legitamite windows system
file.
Just delete the Kernel32.exe and kdll.dll. I had to do this from a command line
after
starting from a boot disk. Windows wouldn't let me delete the files because
they were
in use. Be sure to disconnect your PC from the network... or modem first as a
safety
precaution. This is in the runonce registry key and if you aren't successful
deleting
the two files it will mail itself to everyone in your address book after a
successful
reboot. This is one more good reason to stop using the Microsoft mail client!
:-)
Please let me know if you need help. I'll be at home all day today and can be
reached
at this address. I'd be happy to walk anyone through a clean up. - Ian
Ian Spencer wrote:
> Everyone,
> I received 2 emails this weekend with attachments that appeared as if they
>were
> sent by Microsoft. I did not even open the attachment, just looked at the
>email
> in the preview pane only and still got infected. The virus is brand new
>(Norton
> only discovered it Yesterday). One of the attachments was called docs.doc.pif
>and
> the other was ME_nude.MP3.scr. If you have received these, please disinfect
>your
> machines.
>
> Details:
>
> 1. Virus is called W32/BadTrans@MM or WORM_BADTRANS.B
> 2. It is spred via email
> 3. It sends itself to everyone in your address book (which is why I'm
> alerting the list - some of you are in my address book)
> 4. It also writes a "back door" trojan in your registry that records all
> your keystrokes- which could allow someone via the net to access all your
> passwords, etc.
>
> If you have Norton AV with latest definitions you should be ok. If you want
>to be
> sure, look in your C:\Windows\System directory for two files: Kernal32.exe and
> kdll.dll. If you have these files, delete them! Also, look in your registry
>(use
> REGEDIT) for this entry: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
> Version\RunOnce\Kernal32=Kernal32.exe
>
> If you have that entry, delete it (not the entire directories, just the
> Kernal32=Kernal32.exe part) Keep an eye out for this one - its nasty.
|