Barry Robertson ?

greenspun.com : LUSENET : Unofficial Newcastle United Football Club BBS : One Thread

You have the BadTrans virus!!!

-- Anonymous, November 29, 2001

Answers

It's nasty. Advice to others.... don't open/preview an email with title "re: " that has an attachment.

-- Anonymous, November 29, 2001

Someone just got hit with it here....careful all as Geordie says it exploits a security loophole in the preview panel of outlook so turn off your preview if you have it...or better still get the patch that fixes it! it's been out for a year or more now....

-- Anonymous, November 29, 2001

I got it Tuesday + unwittingly spread it around. Then another source sent it to my wife this morning....its a bastard.

-- Anonymous, November 29, 2001

I was lucky in that I don't use outlook. I use a web browser mail system. I've checked my system and it seems to be ok. Not sure though...

-- Anonymous, November 29, 2001

Geordie - what were you looking for on your system to see if you had it? I got the mail and was asked if I wanted to download a file when my outlook express opened with preview panel. I said no, but what does it dump on you?

-- Anonymous, November 29, 2001


Received the following warning (too late in my case)

Please be advised that there is a high risk virus "W32/Badtrans@mm" circulating via email, this virus has infected multiple home and business PC's outside of Bombardier Aerospace. The infected PC's will attempt to send an email containing the virus to all email addresses listed within its address book. The email will contain an attachment which contains the virus. The virus cannot be activated unless you either launch, view or detach the attachment. The attachment will have an extension of either .pif .scr; a suspect attachment will appear with the following type of name. [title].doc.pif [title].MP3.scr [title].ZIP.pif Other variations of the above may also be used as the virus develops.

The virus also contains a second payload which will log all keystrokes on an infected PC, this will allow it to record any passwords or credit card details, the infected PC will attempt to mail the IP address of an infected system to the virus author. The author may then be able to connect to the infected PC and retrieve any information logged by the virus.

-- Anonymous, November 29, 2001


Yup it's the keystroke logger that you wanna worry about....

-- Anonymous, November 29, 2001

I looked up "BadTrans" on Alta-vista and got some info. I'm using Windows 2000 and am fairly sure that the registry entries it creates wern't present. Can't remember the url of the site.

-- Anonymous, November 29, 2001

How come my Norton Antivirus missed it )c:

-- Anonymous, November 29, 2001

Are you up-to-date with the virus file? I just got told by work to get the latest version (31124b) today. Presumably being a recent virus, you need the latest version Virus Definition File to recognise the little bu99er.

-- Anonymous, November 29, 2001


Have you all turned off your scripting host?

-- Anonymous, November 29, 2001

How do you do that then?

-- Anonymous, November 30, 2001

...drop your trousers?!

;7)

-- Anonymous, November 30, 2001


Turning off youre scripting host: Start

Settings

Control panel

Add/remove programs

Open windows set-up

double click accessories

find windows scripting host

Untick the box

ok

ok

Will help with virus prevention

-- Anonymous, November 30, 2001


Thanks for the tip SuperKev. I think I've got the virus out of my system now. What is the scripting host used for? Is it going to have any effect on something else apart from viruses, i.e. will something else not work any more now that I've switched it off?

-- Anonymous, November 30, 2001


No. The only thing it is apparently used for is outlook vituses.

-- Anonymous, December 02, 2001

Moderation questions? read the FAQ