David,
Good advice. I sometimes forget that registry hacking is scary stuff for people
that
don't mess with computers on a regular basis or for a living like myself. This
one
really caught me by surprise and I felt it best to pass a warning along to
others. I
recognized it immediately as it hit my mail box and I don't believe it was
mailed out to
the people in my address book. I've now got it all cleaned up and my Norton AV
software
is updated to protect me against it in the future. Cheers! - Ian
sosnaenergyconsulting@home.com wrote:
> Hi Ian and all:
> I checked with a friend who messes with computers all day long and he
> says this virus has been around since April 2001. So most of the
> current Norton stuff would be (I assume) able to filter it out.
>
> He also had some advice for me about NOT sending info regarding viruses
> as "attachments". Since it's quick and easy, I didn't think of the
> consequenses:
> He says; the virus can be transmitted as an attachment. The majority of
> viruses that attack windows boxes do it via fake attachment files." He
> says that since viruses can't be transmitted as text files, I should
> copy the text and put it into a new message.
>
> Also, he says; "the recommendation to use the REGEDIT to "fix" the
> registry is dangerous. If you've never tweaked your system's registry,
> beware. If you delete the wrong thing, you could make your entire
> computer inoperable". Scared the heck out of ME!
>
> Anyway, I wanted to pass his response on to you and everyone else and to
> thank you for sounding the warning. Rather have a warning that turns
> out to have been (hopefully) something my system is capable of screening
> against than to NOT be warned and get zapped instead.
>
> Again, thanks.
>
> David Sosna
>
> Ian Spencer wrote:
> >
> > Everyone,
> > I received 2 emails this weekend with attachments that appeared as if they
>were
> > sent by Microsoft. I did not even open the attachment, just looked at the
>email
> > in the preview pane only and still got infected. The virus is brand new
>(Norton
> > only discovered it Yesterday). One of the attachments was called
>docs.doc.pif and
> > the other was ME_nude.MP3.scr. If you have received these, please disinfect
>your
> > machines.
> >
> > Details:
> >
> > 1. Virus is called W32/BadTrans@MM or WORM_BADTRANS.B
> > 2. It is spred via email
> > 3. It sends itself to everyone in your address book (which is why I'm
> > alerting the list - some of you are in my address book)
> > 4. It also writes a "back door" trojan in your registry that records all
> > your keystrokes- which could allow someone via the net to access all your
> > passwords, etc.
> >
> > If you have Norton AV with latest definitions you should be ok. If you
>want to be
> > sure, look in your C:\Windows\System directory for two files: Kernal32.exe
>and
> > kdll.dll. If you have these files, delete them! Also, look in your
>registry (use
> > REGEDIT) for this entry:
>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
> > Version\RunOnce\Kernal32=Kernal32.exe
> >
> > If you have that entry, delete it (not the entire directories, just the
> > Kernal32=Kernal32.exe part) Keep an eye out for this one - its nasty.
|