GenMassachusetts-L Archives

Archiver > GenMassachusetts > 2001-04 > 0988479228


From: "Gene Reaper" <>
Subject: Re: [GM-L] VIRUS ALERT
Date: Sat, 28 Apr 2001 13:33:16 -0700
References: <00ab01c0cf94$e2e2d5c0$e104bbd0@w4o1r2>


If you go to www.grisoft.com they have a free anti-virus down load.
This will find the virus if on your machine AND get rid of it for you.My
daughter had this recently
and this program worked like a charm,at the end,it said healed and the virus
was gone.
Although not an official genealogy subject,to lose ones years of research
would be devestating.
I might add,my daughter has Norton installed and it did not catch this.


Maureen(NY,USA)
@->->--
You cannot do a kindness too soon, for you never know how soon it will be
too late. (Ralph Waldo Emerson)

http://members.ebay.com/aboutme/molly./

Ye Old Directory Shoppe

http://www.geocities.com/molly19_55/toolbox.html

Click here:MOODY> Family and decendants

http://www.geocities.com/molly19_55/index.html

Researching:
O'CONNELL/CONNELL, CULLITY, FORREST, MOODY, AVENT, TRIGGS, TRINNICK,HOLLAND,
GARDINER, FLOOD, KNOWELL, O'DONOGHUE/DONOGHUE/DONOHUE, RYAN, PELLICY,
SULLIVAN/O'SULLIVAN, JAMES, HENNING, MATTHEWS, ROWE, ELLIS, PETERS,
CHAMBERLAIN, FROST, SNOW, CRUWYS, REED, PARKIN, WILLIAMS, VITA, PELUSO,
VIVACQUA, CANTONE, PERRONE, ORLANDO,and ROSA
Also:SHANNON, READEY, WYNNE/WINNE, McDONNEL,
SEAWOOD, MAHRENHOLZ, HOKE, HUMPHREYS, GROS,
BRANSBY, DeVINE, PAUBA/POUBA, HEJL, AMREITER,
RITZ, CHARVAT.

----- Original Message -----
From: "Sherman R. Ervin" <>
To: <>
Sent: Friday, April 27, 2001 8:39 PM
Subject: [GM-L] VIRUS ALERT


> Hello list family, I am sending this copy and pasted warning from another
group that we received.on the Viruses going around. We foolishly opened a
attachment from our group. So please be careful and consider an updated
antivirus program and still take caution because our repairman said it is
not 100% as there are new ones coming out. We have been advised by
several experienced people to not open forwarded mail which could have the
virus in the names. People dont know they are forwarding their viruses.
It cost over $200 and I want to spare the rest of you folks the same
expense. Sincerely, Gloria
>
> This following list letter was dated April 20th this month.
>
>
>
>
> Please make sure that you have an updated antivirus program installed
and
> enabled!
> Fred
>
> >
> > As many Rootsweb mail list subscribers know, it is impossible to receive
> an
> > attachment born virus from Rootsweb because the list servers at Rootsweb
> remove
> > all attachments before sending a posting onto a list.
> >
> > Nonetheless, some of the larger Rootsweb lists are currently having
> problems
> > due a new virus called W32 Bad Trans, which is spread subscriber to
> subscriber
> > in a new and novel way. This virus and its variants are of special
> concern to
> > list subscribers.
> >
> > This virus targets users of Outlook email programs, and rather than send
a
> copy
> > of the virus to all the email addresses in the address book as in past,
it
> > sends a virus to all the email addresses that are in unopened email in
the
> > Inbox.
> >
> > For example, if subscriber A posts to a list and subscriber B has an
> infected
> > computer, subscriber A will get a virus induced response from subscriber
B
> that
> > will contain a virus in the attachment. More worrisome, is that
> subscriber A
> > anticipating a response may eagerly open the attachment only to find a
> virus
> > that now infects their machine and the process of a widening infection
> > continues.
> >
> > McAfee has issued the following information on this virus.
> >
> > Virus Name W32/Badtrans
> >
> > Virus Characteristics
> > This mass mailing worm attempts to send itself using
> > Microsoft Outlook by replying to unread email
> messages.
> > It also drops a remote access trojan (detected as
> > Backdoor-NK.svr with the 4134 DATs; detected
> > heuristically as New Backdoor prior to the 4134 DAT
> > release).
> >
> > When run, the worm displays a message box entitled,
> > "Install error" which reads, "File data corrupt:
> > probably due to a bad data transmission or bad disk
> > access." A copy is saved into the WINDOWS directory
as
> > INETD.EXE and an entry is entered into the WIN.INI
> file
> > to run INETD.EXE at startup. KERN32.EXE (a backdoor
> > trojan), and HKSDLL.DLL (a valid keylogger DLL) are
> > written to the WINDOWS SYSTEM directory, and a
> registry
> > entry is created to load the trojan upon system
> startup.
> >
> > HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
> > RunOnce\kernel32=kern32.exe
> >
> > Once running, the trojan attempts to mail the
victim's
> > IP Address to the author. Once this information is
> > obtained, the author can connect to the infected
> system
> > via the Internet and steal personal information such
> as
> > usernames, and passwords. In addition, the trojan
> also
> > contains a keylogger program which is capable of
> > capturing other vital information such as credit
card
> > and bank account numbers and passwords.
> >
> > The next time Windows is loaded, the worm
attempts
> to
> > email itself by replying to unread messages in
> > Microsoft
> > Outlook folders. The worm will be attached to
> these
> > messages using one of the following filenames
> (note
> > that
> > some of these filenames are also associated with
> other
> > threats, such as W95/MTX.gen@M):
> > Card.pif
> > docs.scr
> > fun.pif
> > hamster.ZIP.scr
> > Humor.TXT.pif
> > images.pif
> > New_Napster_Site.DOC.scr
> > news_doc.scr
> > Me_nude.AVI.pif
> > Pics.ZIP.scr
> > README.TXT.pif
> > s3msong.MP3.pif
> > searchURL.scr
> > SETUP.pif
> > Sorry_about_yesterday.DOC.pif
> > YOU_are_FAT!.TXT.pif
> > The message body may contain the text:
> > Take a look to the attachment.
> > AVERT first received an intended version of this
> worm
> > (10,623 bytes) on April 11 from a company in New
> > Zealand.
> >
> > (c) 2001, Network Associates, Inc. and its affiliated Companies.
All
> > Rights
> > Reserved.
>
>
>
> ==== GenMassachusetts Mailing List ====
> To unsubscribe: http://www.rootsweb.com/~maillist/us/index.html
>
>

This thread: