|
|
BadTrans@mm
Download the latest version of Command AntiVirus
Get the latest virus definition files
Buy Command AntiVirus online
Name: W32/Badtrans.B@mm
Aliases: WORM_BADTRANS.B, W32.Badtrans.B@mm, BadTrans.B, W32/Badtrans-B, W32/Badtrans.B
Type: Internet Worm
Discovery Date: November 24, 2001
Description:
W32/Badtrans.B@mm is a mass-mailing worm that infects Win32 systems. This worm arrives as an email attachment using one of several different filenames as well as two separate extensions; for example, YOU_ARE_FAT!.MP3.scr.
When the worm is executed, it will install a copy of itself as kernel32.exe on the Windows System directory. It then adds the following registry key:
HKLM\Software\Microsoft\Windows\RunOnce\kernel32 = "kernel32.exe"
This will cause the worm to be executed the next time Windows is rebooted.
It also drops a keystroke recorder file named KDLL.DLL. CSAV will detect this as "is a security risk or a "backdoor" program".
Detection:
Command AntiVirus version 4.58.3 or higher with definition files dated 11/26/2001 will detect and delete the virus.
Removal Instructions:
To get rid of W32/Badtrans.B@mm, follow these steps:
CAUTION: During the disinfection process, do not run any applications
other than the ones described in the following instructions.
For example, do not open any e-mail clients that might
spread the virus again.
- Open the Command AntiVirus� graphical user interface (GUI).
- On the menu bar, click Preferences, and then Active Protection.
- Under Action on infection, select Disinfect, and click OK.
- Close the Command AntiVirus GUI.
- Shut down your computer.
- Turn on your computer to restart.
- When the restart is complete, shut down your computer.
- Turn on your computer to restart again letting Windows� start normally. NOTE: This second restart is absolutely necessary.
- Open the Command AntiVirus GUI.
- In the Task List, select Scan Hard Drives.
- Click the Properties button.
- Under Action to take, select Disinfect.
- Under File types to scan, select All files, and click OK.
- Click the Execute Task button.
Command AntiVirus scans your computer for viruses. Let it delete any leftovers from the virus, for example the body of the virus and the KDLL.DLL.
Name: W95/Badtrans.A@mm
Aliases: BadTrans, W32/BadTrans@MM, W32.BadTrans.13312@mm, W32/BadTrans-A, Troj_BadTrans.A
Type: Internet Worm
Discovery Date: April 12, 2001
Description:
W95/Badtrans.A@mm is a mass-mailing internet worm with a remote access trojan component. When executed, the worm makes a copy of itself named "inetd.exe" and puts it into the Windows directory. It also drops the trojan file, named "kern32.exe", and a keylogger DLL, named "hksdll.dll", into the Windows System directory. When this process is complete, an "Install Error" box with the message "File data corrupt: probably due to bad transmission or bad disk access" will be displayed.
The next time the computer is restarted, the worm will use MAPI to reply to all unread email messages by sending itself as an attachment.
Detection:
Command AntiVirus version 4.58.3 or higher with definition files dated 04/12/2001 will detect and delete the virus.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Home � Purchase Center � Virus Center � Support Center
|
|
|
