Rangenet FAQRangenet FAQ C (11) / Q (155)

  GENERAL QUESTIONS 1.GENERAL QUESTIONS (19)
  GETTING STARTED 2.GETTING STARTED (6)
  TROUBLESHOOTING 3.TROUBLESHOOTING (16)
  MODEM CONNECT SETTINGS 4.MODEM CONNECT SETTINGS (2)
  EMAIL 5.EMAIL (37)
  VIRUSES 6.VIRUSES (7)
    How to avoid them 6.1.How to avoid them
    Virus Removal 6.2.Virus Removal
    Rangenet Helps with Attachments 6.3.Rangenet Helps with Attachments
    Re-Naming .ZZZ files in Outlook Express 6.4.Re-Naming .ZZZ files in Outlook Express
    What attachments are NOT filtered? 6.5.What attachments are NOT filtered?
    W32.Badtrans.B@mm Virus Information 6.6.W32.Badtrans.B@mm Virus Information
    W32.Sircam.Worm@mm Virus Information 6.7.W32.Sircam.Worm@mm Virus Information
  MANAGING WEBSITES 7.MANAGING WEBSITES (21)
  PROMOTING WEBSITES 8.PROMOTING WEBSITES (10)
  BILLING/ACCOUNT CHANGES 9.BILLING/ACCOUNT CHANGES (23)
  RANGENET SPAM FILTER 10.RANGENET SPAM FILTER (6)
  MISC. 11.MISC. (8)

W32.Badtrans.B@mm Virus Information
Copyright Rangenet Support
Created the 2001-12-08 14:13:27 (Updated the 2001-12-08 14:51:23)


Here is a brief overview of the virus:

- First Discovered: November 24, 2001

- The virus is spread by E-Mail. The email will appear to be coming directly from the individual whose machine has been infected.

- The most common form of this virus adds an underscore to the person's email address it is coming from. (for example, it will appear to be coming from "_user@rangenet.com"). This is presumably to prevent 'bounced' messages from reaching the infected user, and to prevent others from replying directly.

- This virus will go through the user's inbox and reply to any messages it can find, and include the attachment. In all of the examples we've seen, the subject line will appear to be the reply (Re:) to a previously sent email.

- This worm has the ability to record keystrokes, (including passwords). For this reason, if you deal with sensitive information, you may wish to change any passwords you may have typed in since you've been infected.

Removal Tool:
A free, downloadable removal tool is available for download from Symantec Corporation's website at the following address:

http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b%40mm.removal.tool.html

Rangenet (6:06 AM Monday Nov 18)