The Bad Trans virus

Viruses

Some viruses

Tools

Removal tools

More information

Introduction to the BadTrans virus

The BadTrans virus (code name W32.BadTrans.B or W32/Badtrans-B) is a worm which spreads by e-mail. It also uses another method to spread:

Microsoft Internet Explorer security flaws

The BadTrans.B virus particularly affects those who use Microsoft Outlook in the operating systems Windows 95, 98, Millennium, NT4, and 2000, as the virus is activated in Outlook simply by viewing the message (as opposed to clicking on the attachment).
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

What the virus does

The BadTrans virus scans the address list in the infected user's address book, as well as web pages contained in the browser cache and the My Documents folder.

Then the BadTrans virus sends each of the addresses an e-mail:

with the body either empty, or containing the sentenceTake a look to the attachment.
with the subject Re: <Subject of e-mail found>
with the attachment having a three-part name
- First part: One of the following messages:
  - CARD
  - DOCS
  - FUN
  - HAMSTER NEWS_DOC
  - HUMOR
  - IMAGES
  - ME_NUDE
  - New_Napster_Site
  - News_doc
  - PICS
  - README
  - S3MSONG
  - SEARCHURL
  - SETUP
  - Sorry_about_yesterday
  - YOU_ARE_FAT!
- Second part: One of the following extensions:
  - .DOC
  - .MP3
  - .ZIP
- Third and final part: One of the following extensions:
  - .pif
  - .scr

Therefore, the message's attachment may look like:

Me_Nude.MP3.scr
News_doc.DOC.scr
HAMSTER.DOC.pif
PICS.doc.scr
HUMOR.MP3.scr
README.MP3.scr
FUN.MP3.pif
YOU_are_FAT!.MP3.scr
and so on.

Symptoms of infection

Workstations infected by the BadTrans worm will have the following file on their hard drive:

kdll.dll. This is a Trojan horse which records all your keystrokes, in order to recover your passwords.

To check if you are infected, do a search for the files named above on all of your hard drives (Start / Search / For Files or Folders...).

Eradicating the virus

The best method for eradicating the BadTrans worm involves first disconnecting the infected machine from the network, then running an up-to-date antivirus software.

What's more, the virus spreads by exploiting a security hole in Microsoft Outlook, which means that you may be contaminated by the virus without clicking on the attachment. To fix the security hole, you must download the patch for Microsoft Outlook. Please check your e-mail client, and download the patch if needed:
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

More information about the virus

Résultats pour The Bad Trans virus

Virus on my pc Hello, i have a white desktop background warning me that i have a virus, and there is a note coming up that i have a certain amount of virus's on the computer.. could you please send me the LicenSe code for the Antivitus XP 2008 please.. i do not... en.kioskea.net/forum/affich-24882-virus-on-my-pc

Viruses - Nimda Le Nimda virus (code name W32/Nimda) is a worm which spreads by email. It also has four other ways to spread: The web Shared folders Microsoft IIS security holes File transfer At particular risk are users of Microsoft Outlook in Windows 95, 98,... en.kioskea.net/virus/nimda.php3

Processes - spoolss - spoolss.exe spoolss.exe (spoolss stands for Printer Spooler SubSystem) is a Windows NT/2000/XP generic process which manages the transfer of printer data from the hard drive to the printer. It is not in any way a virus, a worm, a Trojan horse, spyware, or... en.kioskea.net/processus/spoolss-exe.php3

Résultats pour The Bad Trans virus

The First Steps to Virus/Spyware/Adware RemovalThe First Steps to Virus/Spyware/Adware Removal Step 1: Delete Temporary Files How to delete Temporary Files? How to delete Temporary Internet Files? Step 2: Get a good all in one Antivirus/Anti Spyware/ Anti Adware... en.kioskea.net/faq/sujet-205-the-first-steps-to-virus-spyware-adware-removal

MSN/ Windows Live Messenger virusesMSN/ Windows Live Messenger viruses How do I know if this is a virus and not a file sent by one of my contacts? What do I do if I accepted the file? To remove ‘IM-Names’ and PIC1234(1)(1)(1)(1)(1).exe virus Even MSN/WLM program... en.kioskea.net/faq/sujet-151-msn-windows-live-messenger-viruses

A Jpeg file can contain a virus?A Jpeg file can contain a virus? Truth: Links: ==Myth:== A Jpeg file can contain a viru Truth: A JPEG is a file can get infected. However, in order to activate the virus, the file must be run. As the JPEG file is an image file, it... en.kioskea.net/faq/sujet-384-a-jpeg-file-can-contain-a-virus

Résultats pour The Bad Trans virus

How to format flash diskHello, i'v got a Transcend JFT3 1GB pendrive and i think it got infected with a virus..when i connect it to my pc, win XP Pro it says 'Problems installing Hardware..' then opening My Computer doesn't show my flashdisk icon.. i... en.kioskea.net/forum/affich-31503-how-to-format-flash-disk

Bit transmissionHi, i would like to know what happens when parallel data is being transmitted into a serial device and vice versa en.kioskea.net/forum/affich-7016-bit-transmission

Wich anti-virus (Solved)Hello, iam suffering please help me i want a good Anti virus en.kioskea.net/forum/affich-3841-wich-anti-virus

Résultats pour The Bad Trans virus

Download AVG Anti-Virus FreeAVG Antivirus free is an free antivirus : Easy to use, low system resource Automatic update functionality Real-time protection as files are opened and programs are run Full e-mail protection AVG’s Virus Vault for the safe handling of... en.kioskea.net/telecharger/telecharger-64-avg-anti-virus-free

Download Transform XP to VistaIf you search something once again to personify the interface of your Windows XP, but that you have no time as tests. This topic is made for you. Transform Xp to Vista is a complete pack ice for slow on your interface. It change the appearance of... en.kioskea.net/telecharger/telecharger-465-transform-xp-to-vista

Download Clean Virus MSNViruses meet hereafter a bit on the net by all thinkable means everywhere. After mails , supporting they attack instantaneous freight forwarding. Clean Virus MSN is a tool which discerns automatically the viruses which circulate on MSN Messenger.... en.kioskea.net/telecharger/telecharger-992-clean-virus-msn

Résultats pour The Bad Trans virus

Vodafone to launch mobile phone money transfer service in AfghanistanA conference goer watches new technolology on show at the Vodafone stand at the 3GSM telecoms industry trade show in Barcelona, on February 11. On Monday, Vodafone announced that it would launch a money transfer service in Afghanistan after the... en.kioskea.net/actualites/vodafone-to-launch-mobile-phone-money-transfer-service-in-afghanistan-10091-actualite.php3

Résultats pour The Bad Trans virus

Processes - spool32 - spool32.exe spool32.exe (spool32 stands for Windows Spooler 32-bit) is a Windows NT/2000/XP generic process which transparently manages printer queues. The process spool32 is not in any way a virus, a worm, a Trojan horse, spyware, or adware. It is a system... en.kioskea.net/processus/spool32-exe.php3

Processes - netdde - netdde.exe netdde.exe (netdde stands for Microsoft Network DDE service) is a Windows NT/2000/XP generic process which provides transport for Dynamic Data Exchange (DDE) over the Internet. The process netdde is not in any way a virus, a worm, a Trojan horse,... en.kioskea.net/processus/netdde-exe.php3

Processes - mtx - mtx.exe mtx.exe (mtx stands for MTS Subsystem, i.e. Microsoft Transaction Server Subsystem) is a Windows NT generic process used for connecting to transaction systems. The process mtx is not in any way a virus, a worm, a Trojan horse, spyware, or adware. It... en.kioskea.net/processus/mtx-exe.php3