W32.Badtrans.gen - s3msong.MP3.pif

tasklist.org		A comprehensive list of processes running in your computer
		tasklist \| attachlist

bookmark this website!		total tasks: 16297

AttachList is a list of email attachment files that viruses usually send in email. It contains the attached file names, typical subjects and messages, the name of the viruses that send them, and instruction on how to remove these viruses.

most requested

Browse attachlist by file name:

| a | b | c | d | e | f | g | h | i | j | k | l | m | n | o | p | q | r | s | t | u | v | w | x | y | z |

Name: W32.Badtrans.gen

Sender:

Varies.

Subject:

Varies.

Message:

Varies.

Attachment:

Card.pif
docs.scr
fun.pif
hamster.ZIP.scr
Humor.TXT.pif
images.pif
Me_nude.AVI.pif
New_Napster_Site.DOC.scr
news_doc.scr
Pics.ZIP.scr
README.TXT.pif
s3msong.MP3.pif
searchURL.scr
SETUP.pif
Sorry_about_yesterday.DOC.pif
YOU_are_FAT!.TXT.pif

Comments: A worm that replies to all unread mailsin your Email Message folders and drops a backdoor Trojan.

Symptoms:


 When the worm is executed, it drops the backdoor Trojan Hkk32.exe
into the Windows folder and executes it. It then copies itself into
the Windows folder as inetd.exe, adds a run= line to the Win.ini
file, and displays the following message: file data corrupt: probably
due to bad data transmission or bad disk access.

Recommended Cleanup Software: We found that Easy SpyRemover is the most effective tool for removing this file.

Manual Removal Instructions: Run LiveUpdate to make sure that you have the most recent virus definitions.
Start Norton AntiVirus (NAV), and run a full system scan, making sure that NAV is set to scanall files.
Delete any files detected as W32.Badtrans.gen@mm. What you do next depends on whether NAVwas able to delete files that it detected as infected with W32.Badtrans.gen@mm:
If NAV was able to delete all the files that it detected as infected, do one of the following:
If you are running Windows 95/98/Me, skip to the section To edit the Win.ini file.
If you are running Windows NT/2000 and NAV was able to delete all the infected files,you are finished.
If NAV was not able to delete all files that it detected as infected, go on to the next section and see theinstructions for your operating system.
To remove files that cannot be deleted by NAV:
Follow the instructions for your operating system only if NAV could not delete files thatit detected as infected with W32.Badtrans.gen@mm.
Windows 95/98/Me
Restart the computer in Safe Mode.
Run the scan again, and delete any files detected as W32.Badtrans.gen@mm.
When the scan is finished, skip to the section To edit the Win.ini file.
Windows NT/2000/XP
Press Ctrl+Alt+Delete one time.
Click Task Manager.
Click the Processes tab.
Click the "Image Name" column header two times to sort the processes alphabetically.
Scroll through the list and look for inetd.exe. If you find the file, click it and thenclick End Process.
Scroll through the list and look for Kern32.exe. If you find the file, click it and thenclick End Process.
Close the Task Manager.
Right-click the My Computer icon on the Windows desktop, and click Explore.
Do one of the following:
If you are running Windows NT, click the View menu and click Options.
If you are running Windows 2000/XP, click the Tools menu and click Folder Options.
Click the View tab.
Do one of the following:
If you are running Windows NT, click "Show all files," uncheck "Hide file extensions forknown file types," and then click OK.
If you are running Windows 2000/XP, click "Show hidden files and folders" and uncheck "Hide file extensions for known filetypes."
In the left pane of Windows Explorer, right-click drive C and then click Find (Windows NT)or Search (Windows 2000/XP).
In the In the "Named" or "Search for..." box, type--or copy and paste--the following file names:
inetd.exe kern32.exe hkk32.exe hksdll.dll
Click Find Now or Search Now.When the search is finished, write down the names and locations of the files thatare displayed.
Click the Edit menu, and click Select All.
Hold down the Shift key down, and press the Delete key. Continue to hold down the Shift keyuntil you are prompted to confirm the deletion. Click Yes.
Close Windows Explorer.
Go on to the section To edit the registry.
To edit the registry:
CAUTION: We strongly recommend that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the keys that are specified. Read the document How to back up the Windows registry for instructions.
Click Start, and click Run. The Run dialog box appears.
Type regedit and then click OK. The Registry Editor opens.
Navigate to the key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
In the right pane, delete the value
Kernel32 KERN32.EXE
Navigate to the key
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
In the right pane, delete the value
run \Inetd.exe
Exit the Registry Editor.
Restart the computer.
Run the scan again, and delete any files detected as W32.Badtrans.13312@mm. This completesthe removal procedure for users of Windows NT/2000.
To edit the Win.ini file:
If you are running Windows 95/98/Me, you must also do the following:
Click Start, and click Run.
Type the following and then click OK:
edit c:\windows\win.ini
NOTE: If you installed Windows in a different location, make the appropriate substitution.
In the [windows] section, locate the run= line. It will look similar to the following:
run=c:\windows\inetd.exe
Remove the text to the right of the = sign, so that the line now reads
run=
Save your changes, and exit the MS-DOS Editor.