Jump to content
RemedySpot.com

virus

Rate this topic

Guest guest

By Guest guest
in Health, Medicine and Natural Healing 01

 Share

Recommended Posts

Guest guest

Guest guest

Posted
Posted

Well, gang, I got the virus. I responded personally to several on

the list yesterday, (since I still can't get mail to go to this list

without going to the website). So, I thought that I would post the

info on the virus removal from Norton's web site. The way I figured

out that I had it was to go into my search and look for the following

files: W32.Badtrans or inetd.exe. If you don't have either of these

files, you probably don't have the virus. If you do, follow these

directions. These were taken from the following website:

http://www.symantec.com/avcenter/venc/data/w32.badtrans.13312 (AT) mm (DOT) html

Technical description:

When the worm is executed, it drops the backdoor Trojan Hkk32.exe in

the \Windows folder, and then executes it. It then copies itself into

the Windows folder as inetd.exe, adds a run= line to the Win.ini, and

displays the following message:

File data corrupt:

Probably due to bad data transmission or bad disk access.

The next time that the computer is rebooted, the worm will wait for 5

minutes, then it will use MAPI to find all unread email messages and

reply to all of them. The worm will attach itself to the email, using

one of the following file names:

Pics.ZIP.scr

images.pif

README.TXT.pif

New_Napster_Site.DOC.scr

news_doc.scr

hamster.ZIP.scr

YOU_are_FAT!.TXT.pif

searchURL.scr

SETUP.pif

Card.pif

Me_nude.AVI.pif

Sorry_about_yesterday.DOC.pif

s3msong.MP3.pif

docs.scr

Humor.TXT.pif

fun.pif

Removal instructions:

To remove this worm:

1. Run LiveUpdate to make sure that you have the most recent virus

definitions.

2. Start Norton AntiVirus (NAV), and then run a full system scan,

making sure that NAV is set to scan all files.

3. Delete any files detected as W32.Badtrans.13312 (AT) mm (DOT)

4. Click Start, and click Run.

5. Type sysedit and then click OK.

6. Click the title bar of the Win.ini file.

7. In the [windows] section, locate the run= line. It will look

similar to the following:

run=c:\windows\inetd.exe

8. Remove the text to the right of the = sign, so that the line now

reads:

run=

9. Save your changes and exit the System Configuration Editor.

Hopefully, this will help us all get rid of this thing once and for

all. BTW, I did install some antivirus software that came with my

computer, and I updated it like I should have in the first place.

duh!

Take care,

Randee

Link to comment
Share on other sites

Join the conversation

You are posting as a guest. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...