virus

[Guest guest]

This is the description I was given about the virus:

Im so sorry if anyone got it.

Description

VBS.KakWorm is a worm. It spreads

using Microsoft

Outlook Express. The

worm attaches itself to all

outgoing messages using

the Signature feature

of Outlook Express. Signatures

allow you to

automatically append

information at the end of all

outgoing messages.

The worm utilizes a known

Microsoft Outlook Express

security hole so that

a viral file is created on the

system without having

to run any

attachment. Simply reading the

received email

message will cause the virus

to be placed on the system.

Microsoft has patched

this security hole. If

you have a patched version of

Outlook Express, this

worm will not affect

you.

If a system is infected there will

be no real

indication of this until the

1st day of any given month. On the

first of the

month you will see the

following message:

" Kagou-Anti-Kro$oft says not

today! "

If you click OK, the computer

shuts down. This

window returns each time

you start Windows.

================================================

[Guest guest]

In a message dated 04/20/2001 8:14:35 AM Pacific Daylight Time,

laurker@... writes:

<< Hi Erma, he sent me two also, was this by accident or on

purpose does anyone know?

Laurie >>

Would someone please add 's addy to their email so that I know what to

watch for? Until I know I am deleting ALL Oxyplus emails so as not to take

the chance of opening his.!

Kiasi

[Guest guest]

Hi Erma, he sent me two also, was this by accident or on

purpose does anyone know?

Laurie

Erma Seabaugh wrote:

> I received two viruses from when he posted

> twice........everyone

> needs to deleted the attachments that were sent with his

> post.

>

> Erma

>

>

>

[Guest guest]

List,

has been on the list since 11/99 and I doubt he is sending viruses

deliberately under his own name. Many of the new viruses attack

Microsoft Outlook Express, which is on PC's even if people don't realize

it or use it. But, if they do uose it and a virus targetting it is

infected, then what those viruses do is send the virus out to everyone

on that computer's mailing list. In this case us. I wrote to

immediately. We shall see what we shall see. I would expect is

debugging his PC.

As a rule though, I NEVER open any attachment with email that is not

from a specific friend and is in line with my relationship with that

friend, because these email viruses automatically go out -- even from a

friend's computer.

jim

laurie kerr wrote:

>

> Hi Erma, he sent me two also, was this by accident or on

> purpose does anyone know?

> Laurie

>

> Erma Seabaugh wrote:

>

> > I received two viruses from when he posted

> > twice........everyone

> > needs to deleted the attachments that were sent with his

> > post.

> >

> > Erma

> >

> >

> >

[Guest guest]

Kiasi,

His address is salt@... if you want to block it.

jim

KiasiBehr@... wrote:

>

> In a message dated 04/20/2001 8:14:35 AM Pacific Daylight Time,

> laurker@... writes:

>

> << Hi Erma, he sent me two also, was this by accident or on

> purpose does anyone know?

> Laurie >>

> Would someone please add 's addy to their email so that I know what to

> watch for? Until I know I am deleting ALL Oxyplus emails so as not to take

> the chance of opening his.!

> Kiasi

>

-----

carpe diem, carpe pecuniam, carpe feminas. -- Jim Lambert

jlambert@... http://www.entrance.to/madscience

http://www.entrance.to/poetry

[Guest guest]

Hi Everyone,

I thought you might be interested in this information, as this virus has

been running rampant on the groups lists the past few days. I got this

from a very good friend who got the virus. Below is actually three or four

messages that she sent over the course of the day as she battled this stupid

virus.

Hope this information helps anyone else who has been having trouble with it.

~Karma

*********************

I received a the Badtrans worm from the mystery shopper list and it came in

email and NOT an attachment. Here is a link to the Symantec site for more

details. It only

affects you if you run Outlook Express, so AOL and Netscape users are

safe. It looks to be fairly new, so if you have a non-current anti-

virus program (or data file) it will probably not detect it. The directions

to remove the worm are at this site and it removes easily. PLEASE CHECK YOUR

COMPUTERS AND DO THIS PROCESS IF YOU COULD HAVE BEEN AFFECTED. SIX YEARS

ONLINE AND I'VE NEVER RECEIVED A VIRUS - PEOPLE WHO NEED TO SPREAD THESE

THINGS ARE AWFUL!

http://www.symantec.com/avcenter/venc/data/w32.badtrans.13312mm (DOT) html

http://www.symantec.com/avcenter/venc/data/w32.badtrans.13312mm (DOT) html

Please go to the URL and check for a file on your hard drive. It's an easy

fix. If you have the file, you have the worm and will continue spreading it.

I know someone who got reinfected 14 times within just a few hours. It was

rampant at groups yesterday.

In addition to the other anti-virus programs I have running, I downloaded

another free one that seems terrific and has an update as recent as

today.... It's at:

http://www.grisoth.com

AND IT DOES THE REPAIR!!!!!!!!

This is the first time I have had a virus on my computer. MY SYSTEM IS CLEAN

NOW. THIS VIRUS CAME FROM http://www. email lists.

DO NOT RESTART YOUR COMPUTER IF YOU USE OUTLOOK AS YOUR EMAIL PROGRAM. YOU

MUST FIRST GET RID OF THE WORM AND TAKE MEASURES TO CONTINUE GETTING RID OF

IT. I HAVE BEEN INFECTED MORE THAN THIRTY TIMES TODAY. THE WORM DOES NOT

ARRIVES IN AN ATTACHMENT - IT IS ALREADY IN YOUR OUTLOOK MAIL

This Badtrans worm affects Outlook Express, so AOL and Netscape users are

safe. This link to the Symantec site provides more details. The worm is only

a few days old - your anti-virus detection program will probably not detect

it.

http://www.symantec.com/avcenter/venc/data/w32.badtrans.13312mm (DOT) html

The infected users email inbox sends the worm to every unread email in their

inbox.

Users who received posts from you months ago that they have not opened will

be sending you this worm gift.

And, remember, you will continue to constantly be reinfected.....

Here is one free detector

http://housecall.antivirus.com/default.asp

A friendly warning: back up your Outlook files immediately to avoid the loss

of messages, folders and email.

Although I have many up-to-date anti-virus programs, I just downloaded a

free one and then did the update for it from today and then ran a complete

test. It repaired the worm and keeps a constant monitor that appears better

than the rest. I recommend:

http://www.grisoft.com

http://news.cnet.com/news/0-1003-200-5594667.html?tag=owv

Good Luck -

Sherry

Re: virus

List,

has been on the list since 11/99 and I doubt he is sending viruses

deliberately under his own name. Many of the new viruses attack

Microsoft Outlook Express, which is on PC's even if people don't realize

it or use it. But, if they do uose it and a virus targetting it is

infected, then what those viruses do is send the virus out to everyone

on that computer's mailing list. In this case us. I wrote to

immediately. We shall see what we shall see. I would expect is

debugging his PC.

As a rule though, I NEVER open any attachment with email that is not

from a specific friend and is in line with my relationship with that

friend, because these email viruses automatically go out -- even from a

friend's computer.

jim

laurie kerr wrote:

>

> Hi Erma, he sent me two also, was this by accident or on

> purpose does anyone know?

> Laurie

>

> Erma Seabaugh wrote:

>

> > I received two viruses from when he posted

> > twice........everyone

> > needs to deleted the attachments that were sent with his

> > post.

> >

> > Erma

> >

> >

> >

[Guest guest]

I just downloaded the new Norton Antivirus and ran it. I had no

infection, even though I opened 's post that is supposed to have

the worm. I opened several of his emails, but I never opened any of the

attachments on his email.

And, please remember everyone, just uses Microsoft Outlook and we

are on his list. That is how this worm works. So, it isn't per se

who started this today.

I am a computer tech. The first thing I do on all computers I am

responsible for is to remove Outlook from the hard drive, and switch

them to WordPerfect if they are using Word. The reason for this is that

most modern viruses are attacking Word, because of the programming

capabilities of its macros, but more recently Outlook, because that can

be used to infect other computers via the net.

One has to think like a terrorist hacker and not do those things that

make one vulnerable. So, since those are the two most common software

targets for modern viruses, I don't want them on a hard drive. It did

make me buy a new virus program. It's just common sense to have one if

we are to share the net with everyone. And, what would the net be worth

if we didn't?

Just my 2 cents on viruses.

jim

Erma Seabaugh wrote:

>

> List

>

> DON'T OPEN ANY EMAILS FROM salt@... .........He has

> win32.badtrans You can check it out at

> http://www.mcaffee.com/Default.asp?Plugin=yes it will tell you

> everything that it does.

>

> Erma

>

-----

carpe diem, carpe pecuniam, carpe feminas. -- Jim Lambert

jlambert@... http://www.entrance.to/madscience

http://www.entrance.to/poetry

[Guest guest]

Jim Lambert wrote:

>

> I just downloaded the new Norton Antivirus and ran it. I had no

> infection, even though I opened 's post that is supposed to have

> the worm. I opened several of his emails, but I never opened any of the

> attachments on his email.

Hi All,

I've copied this note from my YL upline, sent out about 6 weeks go.

One caveat: I notice when reading this that it claims that if you wish,

the program will update monthly. that is nowhere near often enough these

days; 2-3x a week seems to be necessary. Make sure you could do a manual

update.

Perhaps someone here may be able to use this:

(be safe, Sharon)

> In the interest of providing you with safe, healthy computing,

> I want to direct your attention to a wonderful anti-virus program

> you may download for FREE. It's name is AVG Anti-Virus System.

>

> Not only will it dedect your current system for viruses and

> heal your system (remove the virus and restore your system),

> it will automatically dedect and inform you of any incoming viruses

> you may receive via Email, floppy disks, CD's etc. it will also, at

> your option, update your machine monthly, with the latest anti-virus

> software, make a back-up rescue disk for you, and provide you

> with a safe firewall.

>

> While the free system does not provide a live technical service,

> one can be purchased optionally for a small fee. A free monthly

> newsletter is also available.

>

> When I downloaded and opened the AVG 6.0 version, I found

> the instructions easy to follow. When you re-boot your machine

> to start the program, it will, optionally, scan your entire

> machine for viruses, tell you about them and make corrections.

>

> I know the threat of virus infection is on everyone's mind.

> Now you have an affordable means to effectively protect

> your computer and receive free virus update software

> at the same time. To learn more, go to:

> http://www.grisoft.com/html/us_index.cfm

[Guest guest]

Hi Jim,

If you don't mind, may I ask you a software question since you are a

computer tech. I used to use Outlook Express to read my e-mail, but I got a

virus from a friend who said she intended to send me an attachment. The one

I opened wasn't the one she intended to send, it was a virus. I switched to

Microsoft Outlook thinking it was safer. I run McAfee anti-virus using the

on-line clinic and update the .dat files daily before even opening my e-mail

program.

My question is this.... If I get rid of word from my computer and put Word

Perfect on my computer. I have version 8, I think. But not on my computer

right now. I loaned the disk to my brother, guess I need to get that back.

Can I read word documents in word perfect? What should I read e-mail in?

I used to read it in Netscape, but don't have it on my computer anymore.

What do you suggest?

Also, did you realize that the footers on this list are pretty outdated? It

has been a while since the lists were onelist.

Thank you very much,

~Karma

Re: VIRUS

I just downloaded the new Norton Antivirus and ran it. I had no

infection, even though I opened 's post that is supposed to have

the worm. I opened several of his emails, but I never opened any of the

attachments on his email.

And, please remember everyone, just uses Microsoft Outlook and we

are on his list. That is how this worm works. So, it isn't per se

who started this today.

I am a computer tech. The first thing I do on all computers I am

responsible for is to remove Outlook from the hard drive, and switch

them to WordPerfect if they are using Word. The reason for this is that

most modern viruses are attacking Word, because of the programming

capabilities of its macros, but more recently Outlook, because that can

be used to infect other computers via the net.

One has to think like a terrorist hacker and not do those things that

make one vulnerable. So, since those are the two most common software

targets for modern viruses, I don't want them on a hard drive. It did

make me buy a new virus program. It's just common sense to have one if

we are to share the net with everyone. And, what would the net be worth

if we didn't?

Just my 2 cents on viruses.

jim

[Guest guest]

> This Badtrans worm affects Outlook Express, so AOL and Netscape users are

> safe. This link to the Symantec site provides more details. The worm is only

> a few days old - your anti-virus detection program will probably not detect

> it.

> http://www.symantec.com/avcenter/venc/data/w32.badtrans.13312mm (DOT) html

This Netscape user is not breathing a sigh of relief. It came across in

a file transmission last night and was flagged by Norton, however NAV

couldn't seem to get rid of it either! Wouldn't quarantine, fix, or

delete.

I finally traced down the file and got rid of it the only way I could

think of, I ran Disk Cleanup.

Was it Jim who posted earlier that all you have to do is still have

outlook express installed, even if not used?

I never would've thought of that.

I'm hesitant to unistall it because my past experience on older

computers has been messages that warn that I may be losing files that

are necessary to run the system. Of Course I believe every word that

cometh out of the

land of Redmond<G>.

Any thoughts?

Sharon

[Guest guest]

In a message dated 04/20/2001 10:17:44 AM Pacific Daylight Time,

jlambert@... writes:

<< His address is salt@... if you want to block it. >>

Thanks, Jim...... Kiasi

[Guest guest]

Sharon,

When you delete Outlook just go ahead and delete it, even through that

warning. Of course, some programs won't work if you delete those files,

and Outlook is them! I just did it again on my 2 day-old new PC & still

no warts grow on my hands. ;-)

The virus probably isn't dangerous as long as you don't actually use

Outlook, because it won't have addresses to send to, but I am not taking

chances. If Outlook is there the virus still might sit there inactive.

Personally, I think more is necessary to activate this virus than just

opening the mail, because I opened several of 's posts with

attachments, but I didn't open any of the attachments. There is no

w32.badrtans file of any of the several variations on my PC.

If you want to look on your own hard drive, do this: Click on Start...

Programs... MS DOS PRompt. Or, if you have a different version of

Windows, the DOS prompt is sometimes in Accessories, after Programs.

Anyway, that puts you at the Windows directory DOS prompt. Type the

following: dir w32.badtrans*.*/s If you type the whole file name listed

for badtrans you will only search for that version. But, there are

several variants out there using different file names. Since I remember

my old DOS commands I used the dir command with wildcards & options. The

command I used will look for any file in the Windows directory, or its

subdirectories, that begins with " w32.badtrans " and is followed by ANY

more characters, with ANY extension. This will show any version of

badtrans that might be there.

jim

Sharon wrote:

>

> > This Badtrans worm affects Outlook Express, so AOL and Netscape users are

> > safe. This link to the Symantec site provides more details. The worm is only

> > a few days old - your anti-virus detection program will probably not detect

> > it.

> > http://www.symantec.com/avcenter/venc/data/w32.badtrans.13312mm (DOT) html

>

> This Netscape user is not breathing a sigh of relief. It came across in

> a file transmission last night and was flagged by Norton, however NAV

> couldn't seem to get rid of it either! Wouldn't quarantine, fix, or

> delete.

> I finally traced down the file and got rid of it the only way I could

> think of, I ran Disk Cleanup.

>

> Was it Jim who posted earlier that all you have to do is still have

> outlook express installed, even if not used?

> I never would've thought of that.

> I'm hesitant to unistall it because my past experience on older

> computers has been messages that warn that I may be losing files that

> are necessary to run the system. Of Course I believe every word that

> cometh out of the

> land of Redmond<G>.

>

> Any thoughts?

>

> Sharon

-----

carpe diem, carpe pecuniam, carpe feminas. -- Jim Lambert

jlambert@... http://www.entrance.to/madscience

http://www.entrance.to/poetry

[Guest guest]

Erma,

If you're using Eudora, that is a mail program, so I assume you don't

use NEtscape for mail, just browsing. I use Netscape for everything. I

have version 4.7 running, and while I opened infected email, I did not

open the attachments, and I did not get infected.

What this means is that the virus is software specific, as it is suppose

to be, just that more than one software is vulnerable. I have checked my

system several ways, including an updated Norton, which does include

this virus description. I also looked manually. It just isn't there.

In an earlier post I said I never let my clients use Outlook, I also

don't let them use Eudora or Microsoft Explorer. In my experience as a

technician specializing in troubleshooting home & small business

computers, using Netscape for everything on the net presents fewer

problems in the long run. Period. I don't want to start a discussion on

the subject of software brands, it is just the sum of my experiences.

jim

Erma Seabaugh wrote:

>

> I don't use outlook.......I use Eudora and still got the virus and I also

> use Netscape.

>

> Erma

-----

carpe diem, carpe pecuniam, carpe feminas. -- Jim Lambert

jlambert@... http://www.entrance.to/madscience

http://www.entrance.to/poetry

[Guest guest]

<P> <BR>

<P> & nbsp; <B><I>Jim Lambert

& lt;jlambert@... & gt;</I></B> wrote: <BR>

<BLOCKQUOTE style= " BORDER-LEFT: #1010ff 2px solid;

MARGIN-LEFT: 5px; PADDING-LEFT:

5px " ><TT>Sharon,<BR><BR>When you delete Outlook just

go ahead and delete it, even through that<BR>warning.

Of course, some programs won't work if you delete

those files,<BR>and Outlook is them! I just did it

again on my 2 day-old new PC & amp; still<BR>no warts

grow on my hands. ;-)<BR><BR>The virus probably isn't

dangerous as long as you don't actually

use<BR>Outlook, because it won't have addresses to

send to, but I am not taking<BR>chances. If Outlook is

there the virus still might sit there inactive.

<BR><BR>Personally, I think more is necessary to

activate this virus than just<BR>opening the mail,

because I opened several of 's posts

with<BR>attachments, but I didn't open any of the

attachments. There is no<BR>w32.badrtans file of any

of the several variations on my PC.<BR><BR>If you want

to look on your own hard drive, do this: Click on

Start...<BR>Programs... MS DOS PRompt. Or, if you have

a different version of<BR>Windows, the DOS prompt is

sometimes in Accessories, after

Programs.<BR><BR>Anyway, that puts you at the Windows

directory DOS prompt. Type the<BR>following: dir

w32.badtrans*.*/s & nbsp; If you type the whole file

name listed<BR>for badtrans you will only search for

that version. But, there are<BR>several variants out

there using different file names. Since I

remember<BR>my old DOS commands I used the dir command

with wildcards & amp; options. The<BR>command I used

will look for any file in the Windows directory, or

its<BR>subdirectories, that begins with " w32.badtrans "

and is followed by ANY<BR>more characters, with ANY

extension. This will show any version of<BR>badtrans

that might be there.<BR><BR>jim <BR><BR>Sharon

wrote:<BR> & gt; <BR> & gt; & gt; This Badtrans worm

affects Outlook Express, so AOL and Netscape users

are<BR> & gt; & gt; safe. This link to the Symantec site

provides more details. The worm is only<BR> & gt; & gt; a

few days old - your anti-virus detection program will

probably not detect<BR> & gt; & gt; it.<BR> & gt; & gt; <A

href= " http://www.symantec.com/avcenter/venc/data/w32.badtrans.13312mm (DOT) html " >htt\

p://www.symantec.com/avcenter/venc/data/w32.badtrans.13312mm (DOT) html</A><BR> & gt;

<BR> & gt; This Netscape user is not breathing a sigh of

relief. It came across in<BR> & gt; a file transmission

last night and was flagged by Norton, however

NAV<BR> & gt; couldn't seem to get rid of it either!

Wouldn't quarantine, fix, or<BR> & gt; delete.<BR> & gt; I

finally traced down the file and got rid of it the

only way I could<BR> & gt; think of, I ran Disk

Cleanup.<BR> & gt; <BR> & gt; Was it Jim who posted

earlier that all you have to do is still have<BR> & gt;

outlook express installed, even if not used?<BR> & gt; I

never would've thought of that.<BR> & gt; I'm hesitant

to unistall it because my past experience on

older<BR> & gt; computers has been messages that warn

that I may be losing files that<BR> & gt; are necessary

to run the system. Of Course I believe every word

that<BR> & gt; cometh out of the<BR> & gt; land of

Redmond & lt;G & gt;.<BR> & gt; <BR> & gt; Any

thoughts?<BR> & gt; <BR> & gt; Sharon<BR>-----<BR>carpe

diem, carpe pecuniam, carpe feminas. -- Jim

Lambert<BR><BR>jlambert@... & nbsp; & nbsp; & nbsp; & nbsp;

<A

href= " http://www.entrance.to/madscience " >http://www.entrance.to/madscience</A> & n\

bsp; & nbsp; & nbsp;

<BR><A

href= " http://www.entrance.to/poetry " >http://www.entrance.to/poetry</A><BR></TT><\

BR><!--

|**|begin egp html banner|**| --><BR>

<TABLE border=0 cellPadding=2 cellSpacing=0>

<P>Jim:</P>

<P>You have to open the attachment in the mail to get

the virus. & nbsp; You cannot get a virus just by

opening the mail. & nbsp; It has to be downloaded. & nbsp;

</P>

<P>Sandy gave it to me & nbsp;after I had requested info

on oxygen therapy, I automatically assumed her

atttachment was that information and opened it. & nbsp;

Obviously I should have double-checked under the

circumstances. & nbsp; She (her computer) has sent it to

me several times. & nbsp; I'm ok, on AOL, no addresses

in my Outlook. & nbsp; </P>

<P>Be very careful people, this one is

a & nbsp;doozy. & nbsp; We are especially vulnerable

considering we're all requesting info from each other

all the time. & nbsp; Maybe we should all avoid sending

attachments for a while until this blows over.<BR></P>

<P>Deanna </P>

<TBODY><BR>

<TR bgColor=#ffffcc><BR>

<TD align=middle><FONT color=#003399 size=-1><B>

Groups Sponsor</B></FONT></TD></TR><BR>

<TR bgColor=#ffffff><BR>

<TD width=470>

<FORM

action=http://rd./M=177441.1350886.2940839.2/D=egroupmail/S=1700060814:\

N/A=604667/R=0/*http://www2.1800ussearch.com/search/start.cgi

method=get target=_top><BR>

<TABLE bgColor=#dee7f7 border=0 cellPadding=0

cellSpacing=0 height=60 width=468><BR>

<TBODY><BR>

<TR><BR>

<TD colSpan=5><BR>

<CENTER><IMG align=bottom alt= " The Public Record

Portal! " border=0 height=30

src= " http://us.a1.yimg.com/us.yimg.com/a/18/1800us_search/bee1.gif "

width=456></CENTER></TD></TR><BR>

<TR><BR>

<TD><FONT color=#0066ff face=arial

size=-2><B> & nbsp;First Name & nbsp;</B></FONT></TD><BR>

<TD><INPUT name=adID type=hidden

value=1900005002><INPUT name=searchFName

size=11></TD><BR>

<TD><FONT color=#0066ff face=arial size=-2><B>Last

Name & nbsp;</B></FONT></TD><BR>

<TD><INPUT name=searchLName size=11></TD><BR>

<TD><INPUT name=Submit type=submit

value=Search></TD></TR></TBODY></TABLE><BR>

<CENTER><A

href= " http://rd./M=177441.1350886.2940839.2/D=egroupmail/S=1700060814:N\

/A=604667/R=1/*http://www2.1800ussearch.com/search/start.cgi?adID=1900005002 "

target=_top>FIND ANYONE Right

Now!</A></CENTER></FORM></TD></TR><BR>

<TR><BR>

<TD><IMG alt= " " height=1

src= " http://us.adserver./l?M=177441.1350886.2940839.2/D=egroupmail/S=17\

00060814:N/A=604667/rand=450078178 "

width=1></TD></TR></TBODY></TABLE><!-- |**|end egp

html banner|**| --><BR><TT>OxyPLUS is an unmoderated

e-ring dealing with oxidative therapies, and other

alternative self-help subjects.<BR><BR>THERE IS NO

MEDICAL ADVICE HERE!<BR><BR>This list is the 1st

Amendment in action. The things you will find here are

for information and research purposes only. & nbsp; We

are people sharing information we believe in. If you

act on ideas found here, you do so at your own

risk. & nbsp; Self-help requires intelligence, common

sense, and the ability to take responsibility for your

own actions. By joining the list you agree to hold

yourself FULLY responsible FOR yourself. & nbsp; Do not

use any ideas found here without consulting a medical

professional, unless you are a researcher or health

care provider. <BR><BR>You can unsubscribe via e-mail

by sending A NEW e-mail to the following address - NOT

TO THE OXYPLUS LIST! - <BR>DO NOT USE REPLY BUTTON

& amp; DO NOT PUT THIS IN THE SUBJECT LINE or BODY of

the message! :<BR><BR> & nbsp; & nbsp; & nbsp; & nbsp;

oxyplus-unsubscribeegroups<BR><BR> & nbsp; & nbsp; & nbsp; & nbsp;

oxyplus-normalonelist - switch your subscription

to normal mode. </TT><BR><BR><TT>

[Guest guest]

Obie

This is the advice I was given but I am unable to delete the virus files as

it says the files are being used by Windows. You can give it a shot anyway,

let me know how it goes.

Windows 95/98/2000/NT users

Run a virus scan.

Change the Folder View Options

Double-click on the My Computer icon on the desktop.

Double-click on the C: drive.

Click on the View pull-down menu then click on Options (or Folder Options).

The Folder Options dialog box will then appear.

Click on the View tab.

Select the 'Show all files' option.

Uncheck 'Hide file extensions for known file types'.

Click the Apply button followed by the OK button.

Close the remaining open windows until you are back on the desktop.

Backup the Registry

Click on the Start button.

Click on Run.

Type in REGEDIT then click the OK button. The Registry Editor will then

appear.

Click on the Registry pull-down menu then click on Export Registry File.

The Export Registry File dialog box will then appear. The top of this dialog

box contains an option entitled Save In. Make sure Desktop is selected for

the Save In option. If it is not, click the pull-down arrow and select

Desktop from the menu.

In the File Name field type " Backup " (without the quotation marks).

In the Export Range group box make sure All is selected.

Click on the Save button. You have now created a backup of your registry.

Close the Registry Editor by clicking the X in the top right corner.

NOTE: If you need to restore the registry you can double-click on the backup

file you created and it will be restored. The backup file will be located on

your desktop. Once you have finished these instructions and are certain

everything is working properly it is important to delete the " backup " file

you created. Do this by right-clicking on the Backup file on the desktop then

left-clicking on Delete from the pop-up menu that appears. This will ensure

that the old registry is not accidentally restored once this process is

complete.

Edit the Registry

Click on the Start button.

Click on Run.

Type in REGEDIT then click the OK button. The Registry Editor will then

appear.

On the left side of the screen double-click on HKEY_LOCAL_MACHINE.

Double-click on Software.

Double-click on Microsoft.

Double-click on Windows.

Double-click on CurrentVersion.

Single-click on the RunOnce folder so it is highlighted. You will notice the

right-side of the screen has a Name column and a Data column.

On the right side of the screen, single-click on the word " Kernel32 " under

the Name column so it is highlighted.

Press the Delete key on the keyboard to remove the highlighted Windows entry.

Close the Registry Editor by clicking the X in the top right corner.

Editing the WIN.INI (Windows NT users are not affected)

Click on the Start button.

Click on Run.

Type in WIN.INI and then click the OK button.

The C:\WINDOWS\WIN.INI window will appear.

Scroll all the way over to the right in this window and next to RUN= there

will be this reference: c:\windows\inetd.exe. Remove this reference. If you

do not see the reference it may be off the screen. Remember to scroll all the

way over to the right.

Click on the X in the top right corner to close the WIN.INI window. You will

be asked if you wish to save changes. Answer Yes.

Delete the Virus Files

Click on the Start button.

Highlight Find then click on Files or Folders. The Find Files dialog box will

then appear.

Make sure the C: drive is selected for the Look In option.

In the Named field type in INETD.EXE then click the Find Now button.

The computer will then search for this file. When the file is found the

file's name will be displayed towards the bottom of the dialog box.

Once the file is found right-click on the small icon that appears to the left

of the file's name. A pop-up menu will appear.

Left-click on Delete to remove this file.

Repeat steps 4 - 7 for the for the following file names:

KERN32.EXE

HKSDLL.DLL

HKK32.EXE

CP_23421.NLS

Once all three files have been deleted close the Find Files dialog box by

clicking the X in the top right corner.

Empty your recycle bin by right-clicking on the Recycle Bin icon on the

desktop and left-clicking on Empty Recycle Bin.

Restart your computer. The Trojan has now been removed

[Guest guest]

Jim:

I was finally able to delete the files, they are GONZO! Whew! Thanks for

you help!

Deanna

[Guest guest]

Obie:

I was having trouble deleting the virus files by the method I mentioned until

I realised that my Anti-virus ware was out of date. I went to the anti-virus

site manually and downloaded the update. Once I was updated and did the

process again the virus files deleted.

I'm no computer whiz, just telling you what worked for me.

Deanna

[Guest guest]

Jim, thanks for this. What about files indicated as infected? If deleted,

will they be replaced by the system or will we have to replace them

ourselves, if you know? Obie.

Re: Virus

> I can tell people who know DOS commands how to delete any file from a

> DOS command line prompt. If you boot up in DOS by continually tapping

> the F8 key as the PC boots up. This brings up a menu with a choice to

> boot up in DOS. Do so, and go to the Windows directory with a

> CD\windows, do a DIR & find the file, then it can be deleted. If it is

> protected, then execute the ATTRIB command as follows: ATTRIB -R -S -H

> w32.badtrans....etc

>

> This removes any file protection the file may have. Then delete it with

> a DEL w32.badtrans.....etc

>

> jim

[Guest guest]

List

I am back on line. Hopefully debugged. Sorry for any problems that have

arisen from receiving a virus from me. Hope not to have it happen again

Re: virus

> List,

>

> has been on the list since 11/99 and I doubt he is sending viruses

> deliberately under his own name. Many of the new viruses attack

> Microsoft Outlook Express, which is on PC's even if people don't realize

> it or use it. But, if they do uose it and a virus targetting it is

> infected, then what those viruses do is send the virus out to everyone

> on that computer's mailing list. In this case us. I wrote to

> immediately. We shall see what we shall see. I would expect is

> debugging his PC.

>

> As a rule though, I NEVER open any attachment with email that is not

> from a specific friend and is in line with my relationship with that

> friend, because these email viruses automatically go out -- even from a

> friend's computer.

>

> jim

>

>

> laurie kerr wrote:

> >

> > Hi Erma, he sent me two also, was this by accident or on

> > purpose does anyone know?

> > Laurie

> >

> > Erma Seabaugh wrote:

> >

> > > I received two viruses from when he posted

> > > twice........everyone

> > > needs to deleted the attachments that were sent with his

> > > post.

> > >

> > > Erma

> > >

> > >

> > >

[Guest guest]

Is that virus pretty much gone from the list? I haven't been opening emails

the last couple of days because of it.

[Guest guest]

Hello folks,

THIS IS NO JOKE.

I received the following email today. I searched for it according to the

instructions, and I found it on my computer! If I have it, you probably do too!

I suggest you find and remove it immediately before it activates. I DID!

There is a dormant virus going around that is ready to

activate on June 1st.

I found this on my computer, as did several other people I

know........please check yours.

URGENT. A VIRUS could be in your computer files now, dormant but will

become active on June 1. FOLLOW DIRECTIONS BELOW TO CHECK IF

YOU HAVE IT AND TO REMOVE IT NOW. It was brought to my attention

yesterday

that a virus is in

circulation via email. I looked for it and to my surprise I found it

on

mine. ..please follow the directions and remove it from yours

TODAY!!!!!!!

No Virus software can detect it. It will become active on June 1,

2001.

It might be too late by then. It wipes out all files and folders on

the

hard

drive. This virus travels thru E-mail and migrates to the

'C:\windows\command' folder. To find it and get rid of it off of your

computer, do the following.

Go to the " START " button.

Go to " FIND " or " SEARCH "

Go to " FILES & FOLDERS "

Make sure the find box is searching the " C: " drive.

Type in; SULFNBK.EXE

Begin search.

If it finds it, highlight it.

Go to 'File' and delete it.

Close the find Dialog box

Open the Recycle Bin

Find the file and delete it from the Recycle bin

You should be safe.

The bad part is: You need to contact everyone you have sent ANY E-

mail to

in

the past few months. Many major companies have found this virus on

their

computers. Please help your friends !!!!!!!!

DO NOT RELY ON YOUR ANTI-VIRUS SOFTWARE. McAFEE and NORTON CANNOT

DETECT IT BECAUSE IT DOES NOT BECOME A VIRUS UNTIL JUNE 1ST.

WHATEVER YOU DO, DO NOT OPEN THE FILE!!!

[Guest guest]

Yes, Please beware. I nearly opened that attachment by

mistake sais " you are fat "

Please just delete these things are serious

Regards

Leonie

--- ny & Karyn <karyn@...> wrote:

> I just received a e-mail from a member of this list

> with a virus attached. I

> have written her privately & asked her check her

> computer.

> If you receive a message from someone that has an

> attachment, and says

>

> > Take a look to the attachment.

>

> at the bottom...

> *Do not* open it, it is a virus. Simply delete it.

> Anyone can got to grisoft & download a free virus

> detector that is free,

> easy to use & updates itself when you program it to.

> See my sig line for the

> address.

> Hope everyone has a happy safe holiday week-end!

> Karyn

> Outgoing mail is certified Virus Free!

> Checked by AVG anti-virus system

> (http://www.grisoft.com).

> Version: 6.0.225 / Virus Database: 107 - Release

> Date: 12/22/00

>

>

>

>

>

>

__________________________________________________

[Guest guest]

Whew!! I didn't save it to disc, tried to open it online and my browser

rejected it as corrupt data: most appropriate!!

Donna B. (N.Z.)

**********************

> --- ny & Karyn <karyn@...> wrote:

> > I just received a e-mail from a member of this list

> > with a virus attached. I

> > have written her privately & asked her check her

> > computer.

> > If you receive a message from someone that has an

> > attachment, and says

> >

> > > Take a look to the attachment.

> >

> > at the bottom...

> > *Do not* open it, it is a virus. Simply delete it.

> > Anyone can got to grisoft & download a free virus

> > detector that is free,

> > easy to use & updates itself when you program it to.

> > See my sig line for the

> > address.

> > Hope everyone has a happy safe holiday week-end!

> > Karyn

> > Outgoing mail is certified Virus Free!

> > Checked by AVG anti-virus system

> > (http://www.grisoft.com).

> > Version: 6.0.225 / Virus Database: 107 - Release

> > Date: 12/22/00

> >

> >

> >

> >

> >

> >

>

>

> __________________________________________________

>

[Guest guest]

wrote:

>

> THIS IS NO JOKE.

> I received the following email today. I searched for it according to the

instructions, and I found it on my computer! If I have it, you probably do too!

I suggest you find and remove it immediately before it activates. I DID!

Unfortunately this IS very much of a joke, or hoax!

Do not delete this file!

Sharon

[Guest guest]

Thanks for warning..but..it is a hoax...

It is a legitamate file ...should be in command folder...anyplac else and

then could be

a virus...prblem with you instruction is that someone might remove a

legitimate

file used in other applications!

In the furte I recomend you to search on goole.com search engine and

search on

the name of the virus and then eneter virus and also the word hoax as

part

of your search and several sites shall tell you more if it is a hoax or

not.

mike slivinski

see http://www.symantec.com/avcenter/venc/data/sulfnbk.exe.warning.html

SULFNBK.EXE Warning

Reported on: April 17, 2001

Last Updated on: May 29, 2001 at 06:22:42 AM PDT

Printer-friendly version

The following hoax email has been reported in Brazil. The original email

is in Portuguese; it is followed by an English translation.

CAUTIONS:

This particular email message is a hoax. The file that is mentioned in

the hoax, however, Sulfnbk.exe, is a Microsoft Windows utility that is

used to restore long file names, and like any .exe file, it can be

infected by a virus that targets .exe files.

The virus/worm W32.Magistr.24876@mm can arrive as an attachment named

Sulfnbk.exe. The Sulfnbk.exe file used by Windows is located in the

C:\Windows\Command folder. If the file is located in any other folder, or

arrives as an attachment to a email message, then it is possible that the

file is infected. In this case, if a scan with the latest virus

definitions and with NAV set to scan all files does not detect the file

as being infected, quarantine and submit the file to SARC for analysis by

following the instructions in the document How to submit a file to SARC

using Scan and Deliver.

If you have deleted the Sulfnbk.exe file from the C:\Windows\Command

folder and want to know how to restore the file, you should contact your

computer manufacturer or Microsoft for assistance. As an alternative, If

you are running Windows 98 or Windows Me, see the document How to extract

files in Safe Mode under Windows 98 or Windows Millennium.

NOTE: The instructions in this document are provided for your

convenience. The extraction of Windows files uses Microsoft programs and

commands. Symantec does not provide warranty

On Sun, 29 Apr 2001 09:37:11 -0500 " "

<snakedancerr@...> writes:

> Hello folks,

>

> THIS IS NO JOKE.

> I received the following email today. I searched for it according

> to the instructions, and I found it on my computer! If I have it,

> you probably do too! I suggest you find and remove it immediately

> before it activates. I DID!

>

>

> There is a dormant virus going around that is ready to

> activate on June 1st.

> I found this on my computer, as did several other people I

> know........please check yours.

> URGENT. A VIRUS could be in your computer files now, dormant but

> will

> become active on June 1. FOLLOW DIRECTIONS BELOW TO CHECK IF

> YOU HAVE IT AND TO REMOVE IT NOW. It was brought to my attention

> yesterday

> that a virus is in

> circulation via email. I looked for it and to my surprise I found it

>

> on

> mine. ..please follow the directions and remove it from yours

> TODAY!!!!!!!

>

> No Virus software can detect it. It will become active on June 1,

> 2001.

> It might be too late by then. It wipes out all files and folders on

> the

> hard

> drive. This virus travels thru E-mail and migrates to the

> 'C:\windows\command' folder. To find it and get rid of it off of

> your

> computer, do the following.

> Go to the " START " button.

> Go to " FIND " or " SEARCH "

> Go to " FILES & FOLDERS "

> Make sure the find box is searching the " C: " drive.

> Type in; SULFNBK.EXE

> Begin search.

> If it finds it, highlight it.

> Go to 'File' and delete it.

> Close the find Dialog box

> Open the Recycle Bin

> Find the file and delete it from the Recycle bin

> You should be safe.

> The bad part is: You need to contact everyone you have sent ANY E-

> mail to

> in

> the past few months. Many major companies have found this virus on

> their

> computers. Please help your friends !!!!!!!!

>

> DO NOT RELY ON YOUR ANTI-VIRUS SOFTWARE. McAFEE and NORTON CANNOT

> DETECT IT BECAUSE IT DOES NOT BECOME A VIRUS UNTIL JUNE 1ST.

>

> WHATEVER YOU DO, DO NOT OPEN THE FILE!!!

>

>

>

>