VIRUS received in a Forum email this date

[Ray Montee]

I just emailed Ed Naylor..........

Just received an email message from Ed:
It contained the VIRUS...
W32.Badtrans.@mm.enc
The message was: Bc1234567890DEF_=

The subject was "Cowboy Copas"

I just thought y'all should know about it.

Take care now.

[Bill R. Baker]

I also received an email from Ed today that
my computer rejected because it contained a
virus.

[Jim Smith]

I got one today from Maurice Anderson's MSA address. I think this is the virus that spoofs other people's email address in the From line. They may not have the virus but it looks like they are the ones sending it.

[Al Marcus]

I too, got an Email from Ed Naylor, subject ShoBud barrel tuners, with an attachement. My program warned me immediately and I deleted it.....al

[Ray Montee]

Glad only a few of you have been impacted by that VIRUS. I haven't heard back from Ed Naylor..

[Joey Ace]

Don't assume that the sender's name is the actual person with the virus.

b0b and I and many other virus-free folks sometimes get our names inserted in Emails tht we have no connection with.

It can happen to anybody.

Read about it in the SGF Computers Section.

Here's one post: http://steelguitarforum.com/Forum12/HTML/001006.html
<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Joey Ace on 21 June 2002 at 08:14 AM.]</p></FONT>

[Bill Ford]

I have recieved this virus in several different subjects,Norton cought it and disarmed it on all so far.A good antivirus is the best insurance, if you don't have one get it.Also I have just lost a system to a bad virus, it destroyed everything, completely wiped out everything!!!!!!
Be carefull when you open emails..

Bill Ford

------------------

[Travis Bolding]

That's why I use WebTV, exclusively, for accessing the internet. None of my computers are "on line".
~~ Travis

[Ed Naylor]

I don't know what is going on. I have only sent 1 E-mail in the past 24 hrs. A couple hours ago I got 72"undeliverable" messages on my e-mail. I am not a computer expert maybe someone can help find out what is wrong. ED

[Bill R. Baker]

I am unable to understand how anyone reading my comments about the virus could conclude that I was blaming Ed. That certainly was
not my intention. I thought this might be
the quickest way to alert Forum members
until something could be done. Obviously Ed
is trying to address the problem.

[Terry Wendt]

Here is a link to find out IF and what virus may be causing problems. http://www3.ca.com/virus/ This link also gives possible solutions (fixes) for whatever might be infecting your PC. Sometimes, a virus can SLIGHTLY (first stage) infect your own PC, then sends you email (which looks as if it is ADDRESSED FROM your friends - to you) in an attempt to fool you into opening it... thus further infecting your PC even more (stage two!). This is the badtran32/kles32 type (backdoor/worm) which invades any Windows Program then uses your email/address book to do its dirty work. Most of the time you (or your PC) know nothing (nor receive any proof) of this until someone tells you about it.


2pT


------------------
TheEarlyDays.com

and appearing regularly...
Jimmy Crawford/Russ Hicks... and Buddy Emmons on Bass! aLotOfSpace.com

[Mark Ardito]

Hey guys,

Check out this thread which has been going on in the 'Computer' section regarding this virus. I have links for tools to remove this virus and links for detailed removal instructions in this thread.
http://steelguitarforum.com/Forum12/HTML/000962.html

Mark

[Joey Ace]

Bill,
I'm sorry if it sounded like I was accusing you of blaming anyone. That was not my intention. I have edited my post to clarify this.

-j0ey-

[Joey Ace]

Hi Terry!

<SMALL>"then uses your email/address book to do its dirty work"</SMALL>

That's sometimes true, but not always.

People that were never in my Address Book (or ever mailed to from me) have received suspect emails, with me wrongly listed as the sender.

It picked up my name form someone else's book.

[Larry Bell]

j0e,
As I understand it, it would only use your address book if YOU were infected. Otherwise, it goes into the infected computer's address book and randomly sends itself TO and FROM any EMail addresses stored there. The Klez worm, in particular, spoofs EVERYTHING -- filename of the attachment, Subject line, message text, etc. Therefore, there's no sure way from looking at the subject or sender info to determine it's a virus. ONE WAY THAT DOES WORK FOR ME is, if the size of the message is above 110K (usually around 130K), I would be suspicious.

Just a word to the wise. I must be in a bunch of address books because, even tho I've never been infected, I receive at least 50 msgs infected with Klez every week. Maybe I shouldn't be so sociable.

Badtrans appears to be fading, while Klez is the most common now and, I believe, of all time, according to SARC. PLEASE keep your virus signature file updated regularly. New versions are seen almost daily and I've even heard of one that can MUTATE ITSELF to make it even more difficult to detect and eradicate.

------------------
<small>Larry Bell - email: larry@larrybell.org - gigs - Home Page
2000 Fessenden S-12 8x8, 1969 Emmons S-12 6x6, 1971 Dobro<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Larry Bell on 21 June 2002 at 10:16 AM.]</p></FONT>

[b0b]

I get at least 10 viruses in email every day. I don't even open 95% of my email. If the To: line doesn't have my email address in it (or has multiple addresses), if it has an attachment, or if the title or From: address look like spam, I delete the email without opening it.

On a recent day, I trashed 71 emails before I found one worth opening. I have had my email address for 6 years. I'm on every list in the world. Most of you have me in your address book. This is simply part of the cost of doing business on the net.

In the real world, any mail that doesn't have a first class stamp on it goes into the trash at my house. I wish there were "first class stamps" for email. It would keep the junk out of my inbox.

I'm moving this topic to the "Computers" section of the Forum.

------------------
<img align=left src="http://b0b.com/coolb0b2.gif" border="0"><small>               Bobby Lee</small>
-b0b-   <small> quasar@b0b.com </small>
-System Administrator