Removing the "Badtrans" worm LO27620

From: LJ Stevens (larry@metanoic.org)
Date: 12/04/01


[Host's Note: I normally don't distribute virus notices on the LO list,
and I am quite sure that this worm has not been distributed to subscribers
here. I'm distributing this helpful note because I suspect many of you
have encountered this. I'm seeing multiple attacks each
day. Beware, and if you get infected, fix it right away. ..Rick]

Friends, Listlings, and Internet Persons:

As you probably know, the "Badtrans" worm spread at an alarming rate over
the Thanksgiving weekend. What you may not know is that not all antiviral
software can remove the infection. Plus, certain versions of Windows have
internal settings that must be changed in order to completely remove the
worm and the Trojan it places on an infected system. Consequently, even if
you thought you had removed it from your system, there is still a fairly
high probability that you have and are spreading the worm.

Worse yet, since the "Badtrans" worm includes a key stroke capture
routine, the hackers who wrote it might still have access to highly
confidential information like passwords, credit card or bank account
numbers.

Since my system is attacked two or three times per day via infected
systems owned by fellow subscribers to one or another of the email lists
to which I subscribe, I am very confident this message will go to several
people who are spreading the "Badtrans" worm without even knowing they
have it. Therefore, in the interest of helping to stop the damage caused
by the "Badtrans" worm, I am sending everyone in my address book an item
which Earthlink, my dial-up ISP, sent to its subscribers.

Even if you think you do not currently have the "Badtrans" worm, it is
worthwhile checking this out. For, to my surprise, this worm can infect
your computer even if you do not open the email which carries it to your
system. All you have to do is read it in the preview pane of Outlook or
Outlook Express. Your system can even be infected if all you do is
highlight the infected email so that you can delete it. I know. That is
exactly how it got into my system.

The links below will tell you all you need to know to completely remove
the "Badtrans" worm.

Good luck.

LJS

Earthlink.net reports that:

* "Badtrans" worm infects computers: Experts are warning
Windows users to beware of an Internet worm that can record
and transmit its victims' keystrokes, potentially exposing
private information like passwords and credit card numbers.
http://www.cnn.com/2001/TECH/internet/11/26/badtrans.worm/
Get the technical details about the "Badtrans" worm at
http://www.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html

-- 

"LJ Stevens" <larry@metanoic.org>

Learning-org -- Hosted by Rick Karash <Richard@Karash.com> Public Dialog on Learning Organizations -- <http://www.learning-org.com>


"Learning-org" and the format of our message identifiers (LO1234, etc.) are trademarks of Richard Karash.