[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[RT] GEN: VIRUS FOLLOWUP INFORMATION



PureBytes Links

Trading Reference Links


 
----- Original Message ----- 
To: charles 
meyer 
Sent: Wednesday, September 19, 2001 4:10 PM
Subject: Re: virus
At 03:09 PM 9/19/01 -0500, charles meyer wrote:
HI:I think all is safe now.  
  It said this which was followed by a 'picture':hksdll.dllAlso:  
  W32.Badtrans.133=========================<FONT 
color=#ff0000>Unfortunately I opened the damn thing and got infected. The 
"pif" file type should have been my clue not to.None of the lame AV programs 
could remove it all, so I downloaded free copy of "Trojan Remover" and it found 
all traces...I hope.Here is a paper on that virus to make sure you get ride 
of it all.This is the freakin' reason I don't use MSFT E-mail 
programs.No one writes this crap for Eudora.Here is URL for free 30 
day version of "Trojan Remover"<A href="http://www.simplysup.com/tremover/"; 
eudora="autourl">http://www.simplysup.com/tremover/<FONT 
color=#0000ff>Home | Guidelines 
| Topics | <FONT 
color=#0000ff>Suggestions | <FONT 
color=#0000ff>Subscribing | <FONT 
color=#0000ff>Commands | Post not 
showing? W32/Badtrans@xx 
Worm/VirusOn June 24, 2001, it became clear to a few Marfan-List 
subscribers that a virus was infecting their PC's. Subscribers who have written 
to the list in the past month or so who use Microsoft Outlook or Outlook Express 
may have been infected.The virus was not sent through 
Marfan-List -- there are filters in place to ensure that viruses are 
screened out -- so not all subscribers received the virus. Because of the nature 
of the virus, however, it was spread among some subscribers.It started when 
one subscriber's PC was infected. Addresses in any unread mail in his or her 
Outlook software were then sent copies of the virus. The e-mail appeared to be a 
reply to a post the recipient sent to Marfan-List. Looking like a legitimate 
reply to a post, the e-mail read "Take a look to the attachment." When the 
recipient tried to open the attachment, a grey "Install error" message appeared 
which read "File data corrupt: probably due to a bad data transmission or bad 
disk access."A copy of the virus was then saved into the WINDOWS directory 
as INETD.EXE and an entry was entered into the WIN.INI file to run INETD.EXE at 
startup. KERN32.EXE (a backdoor Trojan), and HKSDLL.DLL (a valid keylogger DLL) 
were written to the WINDOWS SYSTEM directory, and a registry entry was created 
to load the Trojan the next time the system is started up..To find out if 
you have the virus, search for the files on your hard drive. Go to the 
Start menu, choose Find, then choose Files or 
FoldersSearch for each of the following:INETD.EXE KERN32.EXE 
HKSDLL.DLL If you find any of these files DELETE themTo 
completely wipe out all bits of the virus, make sure you buy or update an 
antivirus program. See below for more 
information. The usual caution about not opening attachments in mail from 
people you don't know is not enough. Since the mail looks like a reply to a post 
you have sent to the list (or mail sent to a friend), you may eagerly open the 
mail and try to read the attachment. If the message only instructs you to 
"Take a look to the attachment", don't do it! If you are certain that 
the mail was written by a human being, and it doesn't say to "Take a look to the 
attachment," and you know the attachment is real and legit, then it is probably 
not this virus. Not all attachments on all e-mails are viruses.Here are some 
web pages about the virus: <FONT 
face=Symbol>·       ·       <FONT 
color=#0000ff>Viruslist.com <FONT 
face=Symbol>·       ·       <FONT 
color=#0000ff>F-Secure <FONT 
face=Symbol>·       ·       <FONT 
color=#0000ff>Symantec <FONT 
face=Symbol>·       ·       <FONT 
color=#0000ff>McAfee Although I have not tried it (my PC 
was not infected -- I don't use Outlook -- I've read that <FONT 
color=#0000ff>Trojan Remover works well in getting rid of the 
virus. Trojan Remover seems to be considered a good tool. You can download a 
copy of it and use it for a 30-day evaluation.Good luck, 
everyone!



To unsubscribe from this group, send an email to:
realtraders-unsubscribe@xxxxxxxxxxxxxxx





Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.