cancel
Showing results for 
Search instead for 
Did you mean: 

Virus?

Community Veteran
Posts: 6,983
Thanks: 8
Registered: 10-04-2007

Virus?

I have over the last few days been receiving many e-mails from unknown people.
They have a blank subject line and no visible text in the body of the mail.
They also have an attachment that is zero bites long.
All I have done with these is to delete them.
Norton is not recognising them as a virus?
Is enybody else getting these and is it a new virus that is doing the rounds??
So far I have not noticed any effects on the PC here but knowing what nasty delayed payloads these things can have I am concerned.
Anybody know anything about this? :confused:



--
Regards
John
15 REPLIES
N/A

RE: Virus?

Good Morning,

I have not heard of this being a virus.

Anyone else heard about it?

Kind Regards

Duncan
--
| Duncan Scotland          Unmetered & ADSL solutions
| Senior Technical Consultant   for Home & Business
| PlusNet Technologies Ltd. @ http://www.plus.net
+ ------- My Referrals - It pays to recommend PlusNet ---------
N/A

RE: Virus?

Yup ,
Its doing the rounds, (WORM_BADTRANS.B)
its a mime attachment that outlook automatically executes Roll eyes
its a key logger/password stealer etc
heres the bumf that we sorted

Look at the links at the nottom of the thread first !

Liam
_______________________________________
right click the start button,
and do a Find for CP_25389.NLS
When found, delete it
_________________________________________

click "start"
near the bottom is "run" click it
then type regedit and click ok
then on the left side of the box,
keep double clicking each of;

HKEY_LOCAL_MACHINE>
Software>
Microsoft>
Windows>
CurrentVersion>
RunOnce>

at the end,
look on the right side of the box,
if it has kernel32
left Click it once (to highlight it)
then right click and delete it.
_________________________________________

Restart your system.
________________________________________

Go to http://housecall.antivirus.com/housecall/start_corp.asp
and let it finish.
The infected files found need to be deleted manually!
If you can't click and delete them,

(from John S)....
Reboot in DOS mode, you should end up in
C:\WINDOWS

type "cd system" (leave out the quotation marks) <press enter>

At C:\WINDOWS\SYSTEM type "del kernel32.exe" <enter>

When I ran PC-cillin it told me that kdll.dll was infected too, so in my case I then typed "del kdll.dll" <enter>

When I rebooted, everything was clear

_____________________________

& that should do it !


Heres more info on it http://www.theregister.co.uk/content/55/23026.html (ta wirral sea fishing)


http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_BADTRANS.B
or http://www.antivirus.com/search/google/results.asp?q=WORM_BADTRANS.B

_______________________________________


> Good Morning,
>
> I have not heard of this being a virus.
>
> Anyone else heard about it?
>
> Kind Regards
>
> Duncan
> --
> | Duncan Scotland          Unmetered & ADSL solutions
> | Senior Technical Consultant   for Home & Business
> | PlusNet Technologies Ltd. @ http://www.plus.net
> + ------- My Referrals - It pays to recommend PlusNet ---------

N/A

RE: Virus?

Hi Liam,

Thanks for the information. We will certainly keep our eyes peeled.

Thanks
Chris
--
| Chris Rugen.....................................Unmetered & ADSL solutions
| Senior Technical Consultant..........................for Home & Business
| PlusNet Technologies Ltd............................@ http://www.plus.net
+ ----------- My Referrals - It pays to recommend PlusNet ----------------+
Community Veteran
Posts: 6,983
Thanks: 8
Registered: 10-04-2007

RE: Virus?

Thanks Liam butI don't think it is the WORM_BADTRANS.Bit that is doing the rounds.
There are non of the signs on my machine that you mention and as I said earlier the Norton Anti Virus on my machine does not see it as a virus.
And I think the write up for that Bad Trans virus says that it pics a subjuct line from a file that's already been received by the sender.
It is strange though because I don't know any of the senders so I suspect it is picking my address if they have visited my domain hmrg.co.uk and using that.
Perhaps it's some variation of the Bad trans?
I will try the House call though to see if that picks up anything that Norton Dose'nt
--
Regards
John
N/A

RE: Virus?

> I have over the last few days been receiving many e-mails from unknown people.
> They have a blank subject line and no visible text in the body of the mail.

Just because Norton hasn't picked it up doesn't mean you ain't gottit. Put a search in for kernel32.exe if you have that you gottit
Community Veteran
Posts: 6,983
Thanks: 8
Registered: 10-04-2007

RE: Virus?

> > I have over the last few days been receiving many e-mails from unknown people.
> > They have a blank subject line and no visible text in the body of the mail.
>
> Just because Norton hasn't picked it up doesn't mean you ain't gottit. Put a search in for kernel32.exe if you have that you gottit

Ok Just tried a search for kernel32.exe and I don't have a file of that name on my machine.
Also had "House Call" do a scan of all drives and that's found nothing either?
But there must be a reason why I am getting these wierd e-mails.
Got me foxed though?

--
Regards
John
SheffieldMike
Grafter
Posts: 72
Registered: 14-08-2007

RE: Virus?

BADTRANS Has two attachments - one is a TXT file and the other is the real baddie.

One noticeable feature is that the email is 40K in size - this may help.

Most commentators say no harm ensues unless you open the attachments. I opened one mail in error (but not attachments) and then deleted, plus I deleted followups without opening them. I seem to be OK.

If you update your signatures from Norton AV it should catch BADTRANS.

Mike.

N/A

RE: Virus?

and for newbies and simple peeps like me, get an anti-virus prog. if you ain`t got one - and keep it up to date.
Try www.grisoft.com - it is (was) free for a simplified version (subject to conditions) and works,

regards,
David
Community Veteran
Posts: 6,983
Thanks: 8
Registered: 10-04-2007

RE: Virus?

> BADTRANS Has two attachments - one is a TXT file and the other is the real baddie.
>
> One noticeable feature is that the email is 40K in size - this may help.
>
> Most commentators say no harm ensues unless you open the attachments. I opened one mail in error (but not attachments) and then deleted, plus I deleted followups without opening them. I seem to be OK.
>
> If you update your signatures from Norton AV it should catch BADTRANS.
>
> Mike.
>
>
Hi Mike
Just had a look at the properties of the last one I got.
Yes even though it is blank the size is 40k.
there is only one atachment though and that is a .txt file with 0 byts size.
So it looks like this is tied in with this bad trans virus but none of the files or other signs that have been mentioned appear to be on my machine.
I am due to update the Norton virus file so I will do that now and see if it finds anything.
thanks for your contribution to this mystery.


--
Regards
John
N/A

RE: Virus?

> > BADTRANS Has two attachments - one is a TXT file and the other is the real baddie.
> >
> > One noticeable feature is that the email is 40K in size - this may help.
> >
> > Most commentators say no harm ensues unless you open the attachments. I opened one mail in error (but not attachments) and then deleted, plus I deleted followups without opening them. I seem to be OK.
> >
> > If you update your signatures from Norton AV it should catch BADTRANS.
> >
> > Mike.
> >
> >
> Hi Mike
> Just had a look at the properties of the last one I got.
> Yes even though it is blank the size is 40k.
> there is only one atachment though and that is a .txt file with 0 byts size.
> So it looks like this is tied in with this bad trans virus but none of the files or other signs that have been mentioned appear to be on my machine.
> I am due to update the Norton virus file so I will do that now and see if it finds anything.
> thanks for your contribution to this mystery.
>


Morning Guys,

Thanks for all the information on the Virus. Fore-warned and all that, I am updating my virus scanner now.

I would advise all our customers to ensure they have the latest updates for their virus scanners.

Regards,

Dave

Dave

--
| David Scarpa.................Unmetered & ADSL solutions
| Senior Technical Consultant.........for Home & Business
| PlusNet Technologies Ltd..........@ http://www.plus.net
+ ----- My Referrals - It pays to recommend PlusNet ------
N/A

RE: Virus?

I spent about an hour yesterday talking a friend through removing Bad Trans. If anyone has it there are some good instructions on removing it manually at Mcafee.com which lists the four file names it could appear under. Luckily his Norton's spotted it before it got a chance to send any emails! (although we couldn't get it to remove itwhich was a pain)
N/A

RE: Virus?

> I have over the last few days been receiving many e-mails from unknown people.
> They have a blank subject line and no visible text in the body of the mail.
> They also have an attachment that is zero bites long.
> All I have done with these is to delete them.
> Norton is not recognising them as a virus?
> Is enybody else getting these and is it a new virus that is doing the rounds??
> So far I have not noticed any effects on the PC here but knowing what nasty delayed payloads these things can have I am concerned.
> Anybody know anything about this? :confused:
>
>
>
>
> --
> Regards
> John


One of the other newsgroups said this was released inadvertently by a CD distributor.
If you go to WWW.symantec.com you can download a file (FIXBADTR.ZIP) which will search for and delete the virus W32.BADTRANS.B@MM from your system. Note you have to disable System Restore first if you're using Win ME
Tom E
N/A

RE: Virus?

> I have over the last few days been receiving many e-mails from unknown people.
> They have a blank subject line and no visible text in the body of the mail.
> They also have an attachment that is zero bites long.
> All I have done with these is to delete them.
> Norton is not recognising them as a virus?
> Is enybody else getting these and is it a new virus that is doing the rounds??
> So far I have not noticed any effects on the PC here but knowing what nasty delayed payloads these things can have I am concerned.
> Anybody know anything about this? :confused:
>
>
>
>
> --
> Regards
> John

Re my previous post. Apparently this virus infects the recipient's address book and emails every contact with a copy of the virus attached. Nice!!! (not)
Tam
N/A

RE: Virus?

Hi
Thanks to all who suggested remedies for this virus. The online virus checker suggested above worked a treat, found the virus, although it did not delete it. But the instructions supplied by Liam worked a treat. I also downloaded the excellent AVG virus checker mentioned and yes it is still free, it caught the very next e-mail virus 10 minutes after I installed it.
So I'm all clean again Smiley god, feel as if i've just come out the clinic !!

Malki