Re: [CAD_CAM_EDM_DRO] Attachments?
Posted by
Rick Miller
on 2001-11-30 18:13:05 UTC
I have been fighting a "badtrans" infection that I got from this list.
According to the symantec site, simply running anti-virus software won't get
rid of it. You are supposed to have to delete a registry entry; the entry
was not present on my system registry however.
My anti-virus software claimed to delete it upon receival, however the next
time I scanned my drive, it found it again!
Then I was presented with a dialog box upon rebooting my computer,
requesting that I reload the infected file - I have no idea what is going on
for certain.
You don't have to open, or even read the email for the attachment to run,
according to the site I was looking at.
The site also claims that only systems running Internet Explorer 5.5 or
lower are affected.... NOT TRUE - IE6 users who chose a "custom install" are
also likely to be infected.
This virus (actually a worm) records all your keystrokes, then reports them
back to various email accounts. Needless to say, it's probably a good idea
to avoid typing in any sensitive information (such as credit card info)
until you know you are safe...
Check out the links below, and use you own judgement; it seems no one has a
good grasp on this one yet:
http://abcnews.go.com/sections/scitech/TechTV/techtv_badtransworm011130.html
http://www.sarc.com/avcenter/venc/data/w32.badtrans.b@...
"...When it is first executed, it copies itself to %System% or %Windows% as
Kernel32.exe, based on the control bits. Then it registers itself as a
service process (Windows 9x/Me only). It creates the key log file
%System%\Cp_25389.nls and drops %System%\Kdll.dll which contains the key
logging code..."
According to the symantec site, simply running anti-virus software won't get
rid of it. You are supposed to have to delete a registry entry; the entry
was not present on my system registry however.
My anti-virus software claimed to delete it upon receival, however the next
time I scanned my drive, it found it again!
Then I was presented with a dialog box upon rebooting my computer,
requesting that I reload the infected file - I have no idea what is going on
for certain.
You don't have to open, or even read the email for the attachment to run,
according to the site I was looking at.
The site also claims that only systems running Internet Explorer 5.5 or
lower are affected.... NOT TRUE - IE6 users who chose a "custom install" are
also likely to be infected.
This virus (actually a worm) records all your keystrokes, then reports them
back to various email accounts. Needless to say, it's probably a good idea
to avoid typing in any sensitive information (such as credit card info)
until you know you are safe...
Check out the links below, and use you own judgement; it seems no one has a
good grasp on this one yet:
http://abcnews.go.com/sections/scitech/TechTV/techtv_badtransworm011130.html
http://www.sarc.com/avcenter/venc/data/w32.badtrans.b@...
"...When it is first executed, it copies itself to %System% or %Windows% as
Kernel32.exe, based on the control bits. Then it registers itself as a
service process (Windows 9x/Me only). It creates the key log file
%System%\Cp_25389.nls and drops %System%\Kdll.dll which contains the key
logging code..."
Discussion Thread
Doug Harrison
2001-11-30 16:36:13 UTC
Attachments?
Bob Campbell
2001-11-30 17:36:44 UTC
Re: [CAD_CAM_EDM_DRO] Attachments?
William Scalione
2001-11-30 17:40:26 UTC
Re: [CAD_CAM_EDM_DRO] Attachments?
mariss92705@y...
2001-11-30 18:02:28 UTC
Re: Attachments?
Rick Miller
2001-11-30 18:13:05 UTC
Re: [CAD_CAM_EDM_DRO] Attachments?
Doug Harrison
2001-11-30 18:13:48 UTC
Re: [CAD_CAM_EDM_DRO] Attachments?
Bill Vance
2001-11-30 19:24:37 UTC
Re: [CAD_CAM_EDM_DRO] Attachments?
Alan Marconett KM6VV
2001-11-30 20:07:48 UTC
Re: [CAD_CAM_EDM_DRO] Re: Attachments?
wanliker@a...
2001-11-30 20:50:09 UTC
Re: [CAD_CAM_EDM_DRO] Attachments?
Rick Miller
2001-11-30 21:08:36 UTC
Re: [CAD_CAM_EDM_DRO] Attachments?
Carol & Jerry Jankura
2001-11-30 21:28:28 UTC
RE: [CAD_CAM_EDM_DRO] Attachments?
Rick Miller
2001-11-30 21:39:02 UTC
Re: [CAD_CAM_EDM_DRO] Attachments?
mariss92705@y...
2001-11-30 22:18:40 UTC
Re: Attachments?
Brian Pitt
2001-11-30 22:30:56 UTC
Re: [CAD_CAM_EDM_DRO] Attachments?
Alan Marconett KM6VV
2001-12-01 10:08:55 UTC
Re: [CAD_CAM_EDM_DRO] Attachments?