28-11-2001, 07:27pm
Here is some more information on this virus.
AVERT has raised the Risk Assessment on the Badtrans.b variant to Medium On Watch for corporate users and High for home users. We have received many reports that the virus is being seen and stopped at corporate gateways and mailservers. However, we continue to get reports from the home user segment that they have become infected. This is due to the fact that home users tend to update their DAT files less frequently and often do not have VirusScan configured to scan compressed files which is required for detection.
W32.Badtrans.B@mm
is a MAPI worm that emails itself out as one of several different filenames.
soultion can be found on this site:
www.symantec.com/region/au_nz/
securityresponse.symantec...ml#removal
please read the info to make sure the symtoms are the same
securityresponse.symantec....b@mm.html
------------------------------------------------------------
Here is a fix it if you got it:
Manual Removal Instructions
Restart Windows in Safe Mode (reboot your computer, as soon as you see the text Starting Windows at the botton of the screen, hit the F5 key).
Click START | RUN, type %WINDIR%\SYSTEM and hit ENTER
Delete the following files (if they exist):
KERN32.EXE
KERNEL32.EXE
KDLL.DLL
HKSDLL.DLL
Click START | RUN, type REGEDIT and hit ENTER
Click the (+) next to HKEY_LOCAL_MACHINE
Click the (+) next to SOFTWARE
Click the (+) next to MICROSOFT
Click the (+) next to WINDOWS
Click the (+) next to CURRENTVERSION
Click the (+) next to RUNONCE
Click on KERNEL32 and hit DELETE on the keyboard
Restart the computer
------------------------------------------------------------
Run the update at the link below to ensure you dont get infected again:
www.microsoft.com/windows...efault.asp
AVERT has raised the Risk Assessment on the Badtrans.b variant to Medium On Watch for corporate users and High for home users. We have received many reports that the virus is being seen and stopped at corporate gateways and mailservers. However, we continue to get reports from the home user segment that they have become infected. This is due to the fact that home users tend to update their DAT files less frequently and often do not have VirusScan configured to scan compressed files which is required for detection.
W32.Badtrans.B@mm
is a MAPI worm that emails itself out as one of several different filenames.
soultion can be found on this site:
www.symantec.com/region/au_nz/
securityresponse.symantec...ml#removal
please read the info to make sure the symtoms are the same
securityresponse.symantec....b@mm.html
------------------------------------------------------------
Here is a fix it if you got it:
Manual Removal Instructions
Restart Windows in Safe Mode (reboot your computer, as soon as you see the text Starting Windows at the botton of the screen, hit the F5 key).
Click START | RUN, type %WINDIR%\SYSTEM and hit ENTER
Delete the following files (if they exist):
KERN32.EXE
KERNEL32.EXE
KDLL.DLL
HKSDLL.DLL
Click START | RUN, type REGEDIT and hit ENTER
Click the (+) next to HKEY_LOCAL_MACHINE
Click the (+) next to SOFTWARE
Click the (+) next to MICROSOFT
Click the (+) next to WINDOWS
Click the (+) next to CURRENTVERSION
Click the (+) next to RUNONCE
Click on KERNEL32 and hit DELETE on the keyboard
Restart the computer
------------------------------------------------------------
Run the update at the link below to ensure you dont get infected again:
www.microsoft.com/windows...efault.asp