[ic] VIRUS WARNING !!!!

[Dan Johnson]

Same here..I received the message too.

Dan Johnson
Webmaster
Computech Designs
Web Design and Hosting Services
Computer Repair
A+ Certified Professional
www.ctdesigns.com
admin@ctdesigns.com

-----Original Message-----
From:	joachim.richter [SMTP:joachim.richter@usvideocenter.de]
Sent:	Friday, April 20, 2001 10:38 AM
To:	interchange-users@lists.akopia.com
Subject:	[ic] VIRUS WARNING !!!!

Hi List,

I have just received two emails from the following person, answering a 
question I put on the list this morning

Return-Path: <3dranger@mpinet.net>
Received: from localhost (root@localhost [127.0.0.1])	by brainstorm1.usvid 
(8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id SAA31473	for 
<joachim.richter@localhost>; Fri, 20 Apr 2001 18:29:56 +0200
Received: from 212.43.90.100	by localhost with POP3 (fetchmail-5.3.0)	for 
joachim.richter@localhost (single-drop); Fri, 20 Apr 2001 18:29:56 +0200 
(MEST)
Received: from fl-mta02.durocom.com (fl-mta02.durocom.com 
[216.53.195.243])	by thundertaste.bpaserver.net (8.9.3/8.9.3) with ESMTP id 
RAA40208	for <joachim.richter@usvideocenter.de>; Fri, 20 Apr 2001 17:13:47 
+0200 (CEST)
Received: from computer ([216.53.218.107]) by fl-mta02.durocom.com with 
SMTP id <20010420144137.PERJ1198.fl-mta02@computer> for 
<joachim.richter@usvideocenter.de>; Fri, 20 Apr 2001 10:41:37 -0400
Message-ID: <00c801c0c9a9$0ffa6ce0$6bda35d8@computer>

From: "Suzanne Thompson" <3dranger@mpinet.net>

To: <joachim.richter@usvideocenter.de>
Subject: Re: Fwd: Re: [ic] URL DISPLAY
MIME-Version: 1.0
Content-Type: 
multipart/mixed;	boundary="----=_NextPart_000_00C5_01C0C987.85818600"
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Date: Fri, 20 Apr 2001 10:41:44 -0400
X-UIDL: 2cd42d92cc596ff6a9524ff64bccf340


The attachment was the new Virus I-Worm.Badtrans


This worm can be detected using AVX Professional 
ftp://ftp.avx.com/avxdesktop/setupavxpro.exe

Manually removing an infection from your computer can put your data at risk 
for damage that may or may not be recoverable. Central Command strongly 
recommends that you backup all of your data prior to attempting to remove 
an infection or repair any damage causes by an infection.


Details:
----------

Name: I-Worm.Badtrans
Alias: W32.Badtrans.13312@mm
Detection added : April 12, 2001
Spread Method : Via E-Mail (A copy of the worm will be sent as a reply 
message to all unread emails in the users Inbox folder)


Description:
------------

Worm part:
-------------

When the attachment is executed the worm drops the trojan "hkk32.exe" into 
the Windows folder and executes itself. A copy of worm is created under the 
file name inetd.exe in Windows folder. The following line is added to 
"win.ini" in [windows] section: run=c:\windows\inetd.exe.

Trojan part:
--------------

The hkk32.exe is a trojan called: Trojan.PSW.Hooker. This trojan drops a 
file called hksdll.dll used later as hook component to intercept pressed 
keys. A copy of the worm called kern32.exe is created in Windows folder and 
the original file hkk32.exe is deleted.

It also add the following key to registry in order to be executed every 
time windows loads:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
kernel32 = c:\windows\system\kern32.exe

It sends information from infected computers to the email address: 
ld8dl1@mailandnews.com



regards Joe
 .
.
 .
.

US Video Center Medien GmbH
Heimsheimer Str 22
70499 Stuttgart

Tel 0711 880252 0
Fax 0711 880252 22
Email joachim.richter@usvideocenter.de


_______________________________________________
Interchange-users mailing list
Interchange-users@lists.akopia.com
http://lists.akopia.com/mailman/listinfo/interchange-users