|
PureBytes Links
Trading Reference Links
|
----- Original Message -----
To: charles
meyer
Sent: Wednesday, September 19, 2001 4:10 PM
Subject: Re: virus
At 03:09 PM 9/19/01 -0500, charles meyer wrote:
HI:I think all is safe now.
It said this which was followed by a 'picture':hksdll.dllAlso:
W32.Badtrans.133=========================<FONT
color=#ff0000>Unfortunately I opened the damn thing and got infected. The
"pif" file type should have been my clue not to.None of the lame AV programs
could remove it all, so I downloaded free copy of "Trojan Remover" and it found
all traces...I hope.Here is a paper on that virus to make sure you get ride
of it all.This is the freakin' reason I don't use MSFT E-mail
programs.No one writes this crap for Eudora.Here is URL for free 30
day version of "Trojan Remover"<A href="http://www.simplysup.com/tremover/";
eudora="autourl">http://www.simplysup.com/tremover/<FONT
color=#0000ff>Home | Guidelines
| Topics | <FONT
color=#0000ff>Suggestions | <FONT
color=#0000ff>Subscribing | <FONT
color=#0000ff>Commands | Post not
showing? W32/Badtrans@xx
Worm/VirusOn June 24, 2001, it became clear to a few Marfan-List
subscribers that a virus was infecting their PC's. Subscribers who have written
to the list in the past month or so who use Microsoft Outlook or Outlook Express
may have been infected.The virus was not sent through
Marfan-List -- there are filters in place to ensure that viruses are
screened out -- so not all subscribers received the virus. Because of the nature
of the virus, however, it was spread among some subscribers.It started when
one subscriber's PC was infected. Addresses in any unread mail in his or her
Outlook software were then sent copies of the virus. The e-mail appeared to be a
reply to a post the recipient sent to Marfan-List. Looking like a legitimate
reply to a post, the e-mail read "Take a look to the attachment." When the
recipient tried to open the attachment, a grey "Install error" message appeared
which read "File data corrupt: probably due to a bad data transmission or bad
disk access."A copy of the virus was then saved into the WINDOWS directory
as INETD.EXE and an entry was entered into the WIN.INI file to run INETD.EXE at
startup. KERN32.EXE (a backdoor Trojan), and HKSDLL.DLL (a valid keylogger DLL)
were written to the WINDOWS SYSTEM directory, and a registry entry was created
to load the Trojan the next time the system is started up..To find out if
you have the virus, search for the files on your hard drive. Go to the
Start menu, choose Find, then choose Files or
FoldersSearch for each of the following:INETD.EXE KERN32.EXE
HKSDLL.DLL If you find any of these files DELETE themTo
completely wipe out all bits of the virus, make sure you buy or update an
antivirus program. See below for more
information. The usual caution about not opening attachments in mail from
people you don't know is not enough. Since the mail looks like a reply to a post
you have sent to the list (or mail sent to a friend), you may eagerly open the
mail and try to read the attachment. If the message only instructs you to
"Take a look to the attachment", don't do it! If you are certain that
the mail was written by a human being, and it doesn't say to "Take a look to the
attachment," and you know the attachment is real and legit, then it is probably
not this virus. Not all attachments on all e-mails are viruses.Here are some
web pages about the virus: <FONT
face=Symbol>· · <FONT
color=#0000ff>Viruslist.com <FONT
face=Symbol>· · <FONT
color=#0000ff>F-Secure <FONT
face=Symbol>· · <FONT
color=#0000ff>Symantec <FONT
face=Symbol>· · <FONT
color=#0000ff>McAfee Although I have not tried it (my PC
was not infected -- I don't use Outlook -- I've read that <FONT
color=#0000ff>Trojan Remover works well in getting rid of the
virus. Trojan Remover seems to be considered a good tool. You can download a
copy of it and use it for a 30-day evaluation.Good luck,
everyone!
To unsubscribe from this group, send an email to:
realtraders-unsubscribe@xxxxxxxxxxxxxxx
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
|