Virus

This isn't just a matter of gardening communities, that's for sure. Symantec (Norton AV) has rated it a 4 because there have been so many thousands of reports of it and it has spread so rapidly.

Yes, Azalea, it sounds like the virus. You may have opened the attachments without knowing it -- go to http://www.sarc.com and download the free trial if you don't have any anti-virus software.

The reason the e-mail came back was, this virus "munges" the sender's e-mail address, adding an extra character so it is invalid. If you want to e-mail Busybee, do it from your own addressbook or from DG and you should be fine.

This W32.badtrans.b@mm virus logs the user's keystrokes on infected computers, too, so you need to change your password at any websites where you've had to enter your password each time you visit. It's possible your credit card information has been compromised if you have typed your card number and expiration date into any forms, too. It might not be a bad idea to get new cards just to be safe.

I did email her via Dave's, but have had no reply. I do have Mcafee and Zone alarm. I update the Mcafee whenever it says, a couple of times a week, today it said I was up to date - so how can it get through?? I now that all checkers do not catch all viruses tho, so will go the the link you suggested. Thanks

On IPE, I clicked "check all files" and it checks my emails now. I didn't have that activated before, which allowed it to get thru.

GW, if I didn't open any of the files, do I need to change my passwords???

I just heard on the news that this virus doesn't have to be opened to infect a system. That's a new one to me - it must have a script that's activated as soon as it get into Outlook?

tiG, I think the best thing would be to scan your hard drive (include all files) just to be sure. If you are not infected, you're okay. It doesn't hurt to periodically change your passwords, anyway.

About passwords - something I learned that really set my teeth on edge. Hackers try to access peoples' accounts by using scripts which try numeric sequences as well as all the words in a dictionary database until it finds a match in the password. This can be avoided if you use passwords which combine letters and numbers, i.e. 8xyz6 or something like that.

A hacker isn't likely to do this with Dave's Garden, but if you do online banking or other financial transactions, you might want to change those.

Today when I got the infected e-mail it wasn't until I highlighted it to open it that I got the virus warning from Norton and it was then put into isolation since it could'nt be repaired. What I need to know is: If you get lots of e-mails and one looks suspicious how do you delete it without highlighting it?To delete e-mail I usually highlight it and then delete.

Cala,where is the IPE,need to know??? Sis'

Oh goodness I have had this all day today. I think I sent it to some DG Members to. Not on purpose. I scanned all my files and updated Norton. I do use Outlook. What are other good e-mail programs????????

Snowhermit - Are you using Outlook or Outlook Express? If so, switch to another e-mail program! In all honesty, it's the only way to avoid future grief.

ZDNet has an excellent article on the Badtrans.B worm: what it does, how to ID it, how to fix it -- including info on a security patch for Internet Explorer. There's a vulnerability in IE 5.1 and 5.5 that this worm exploits.

See http://www.zdnet.com/zdnn/stories/news/0,4586,5099934,00.html?chkpt=zdnnp1tp02

kim i have 5 file infected and i have no idea how to get rid of it. i have mcaffee-HELP!!!!

Hey JJ,
I have a great, easy, no fail recipe for dumplings. They come out light and fluffy and taste wonderful!! E me if you want the recipe.
Michele

HELP HELP HELP!!!!!!

NotMartha
go to the link GW gave at the start (about 3 or 4 posts down from top) and click on it, it will tell you how to get rid of it. I used my virus protection to delete it after downloading the updates.

thank you'

Dori - I just saw your post! Sorry I didn't answer sooner. Go to http://www.sarc.com and follow the instructions they list for the W32.badtrans.b@mm virus. If you want McAfee's instructions, go to their main website at http://www.mcaffee.com and they should have a link for owners of their software concerning.

Regardless of which antivirs software you use, if you don't have the current engine and data files, I'd suggest you get them. These viruses are getting sneakier and sneakier! :-(

If anyone gets a message that SULFNBK.EXE is a virus, please ignore, it is a hoax. I passed on the warning to many gardening friends and then found out. Have e-mailed them how to fix it. As I do not know how to cut and paste instructions and you have cleaned your computer; e-mail me and I will forward the attachment to you. The best intentions..........

Marcia -- see if this helps on the cutting and pasting: http://davesgarden.com/journal/viewentry/10202/index.html

HTH!

:o) Kimberley

I have been getting the viruses also. I had a new Norton AntiVirus installed..FOR RED ROSE___I am so sorry if you have received an e-mail from me containing a virus but it was not of my doing. Please let me know if it happens again. I have done all thaat I know to do but it was not intentional.Please forgive.
Mary

Mary - yes, I got got it from you yesterday a.m., I do know it wasn't your fault - just glad I found it this quick. We spent the day scanning, found the 3 infected files, the 2 attachments and I suppose the original email. We could only delete 2 of them so we have put a lock on my email til it's fixed. Nothing can get in or out. We have copied all uninfected files to cd's to reinstall later after we get it reformatted. We are switching from Outlook to Incredimail so maybe this won't ever happen again. I think at this point the hacker's are only going after Outlook. I don't know if any went out from me or not. Going to "sent" items, I found none - but with some viruses they don't show up there. Mary please know, no one is blaming you! I am courious if you got my mail throuh Dave's since I didn't get a reply.

This message was edited Wednesday, Nov 28th 8:29 PM

I just received a e-mail from Tinkerbell and other business' Naturally I opened hers first and before I could finish reading her note,all of the new e-mails vanished before my eyes' I just now removed my addy from here on the preferences,so don't mail to me' Don't know what's going on,sorry' Sis'

Azalea, Yes I got it, and thanks so much.I haven`t had any more trouble since I had the new norton installed. I did get one fron joanJ and opened it because it was about xmas. Hopefully we have it under control. I sure felt like I was being attacked from RedRose but I hope she realizes this did not come from me.

I got rid of 4 of the 5 infected files so far!!!!

I'm sure none of us would purposly pass this thing on, It has a mind of it's own. The worst part is that you don't even have to open the attachments to get infected, not sure. It seems that if you do send an email, if you are infected, this "thing" will attach itself as a Pif or S?? and then it is passed on. I'll let the experts explain it.

Azalea how do you like Incredimail? I had it once and kind of liked it. But the pictures that you could add to the mail wouldn't show up in the emails unless that person had
Incredimail too so I went back to my old program but thats been along time ago I am sure its improved allot since then.I wondered how you like it I might try it again.

Mystic, dunno yet! Just tried a free sample of it today, it seemed to offer all the things outlook does. They do have an advanced version for $29. which may be better. My DH is the pro around here and he is tied up right now with his own computer, so it may be tomorrow when mine gets installed. I feel so isolated - thanks goodness for Dave's!

I have received a couple of different viruses in the past but this one acts differently.I have gotten three infected e-mails in the past two days.The one I got today was from a foreign name and the subject just said RE.I had to click on the e-mail before Norton picked it up and then Norton halted my computer so it would'nt spread.I put it in isolation since it could'nt be repaired.When I went to delete the e-mail another virus warning came up so I had to isolate again. When I went to delete them from the isolation area there were 6 viruses which means there were two viruses on each e-mail.Is this possible. I've never heard of it happening before. I did a full virus scan afterwards and all files and folders were clean on my computer.

From what I can understand, there are two attachments with each infected email. One that sends the virus on to everyone you have been emailing with, and another that opens a backdoor to enable your passwords etc. to become available. I don't know if I explained the second part very well. If someone else knows more about it, please explain it. That's the way I understand it anyway. It's a two-part deal.

Y'all -- there's no need to buy an e-mail program, honest. Check out Pegasus Mail for Windows. It is WONDERFUL and it is completely free. And the programmers have made it quite safe for e-mails - they're very security concious! There is even an e-mail support list for people to ask their questions, and the developers themselves often answer the e-mails. It has folders, addressbooks, distribution lists, graphics viewers...All the bells and whistles, without the critical flaws which make Outlook so vulnerable.

http://www.pmwin.com

To find out if you are infected with the Badtrans virus, Click on EXPLORE and look at c:/Windows/SYSTEM/ - Click on SYSTEM and then look for a file named Kernel.32.exe or kdll.dll - If you have either file YOU ARE INFECTED. Go to McAfee or Norton for instruction to get rid of it.
Virus infection is not always obvious. This one will attach to an email that you send out as well as send them on its own. You may also look at your SENT emails to see if a file is attached to your "Sent" email that you did not attach. This Virus will steal passwords and credit card #'s and send them to mailboxes of those who initiated this scheme. My DH wrote this - hope it helps.
This is especially a bad virus as we have been accustomed to trusting friends and not wary of opening attachments from them.

be very careful deleting files. Kernel32 is a standard windows file that you must have. Dont' just starting deleting files please. Note in Azaleas post, it's kernel.32.exe with an extra 'dot'. I don't know which files the virus has, but it's important that you know exactly what you're doing if you go deleting files. What she said about going to Norton or Mcafee is important.

I just did a complete search, it's gone!!! I talked to Earthlink support last night and he highly recommended Pegasus or Eudora as good email programs. Dave, he really likes Linux too!! He said once a person figured out how to use it, it was much better. He said no virus had ever been written for Linux, mostly because people have too much respect for it. (seems like no one has respect for Windows!!)

I got it again!!!!!! This thing is a pain in the butt!!!!!
I'm not sure how to get it out of my computer. I have mcafee and I followed the instructions but ther is 1 file that I can't get it out of!!!! I guess it's back to the drawling board!
sue

Sue
Is it in System Restore? If so you will have to disable it. Then you will have to use a start-up disk and reinstall windows.

sue i have 2 files left i cant seem to get rid of and oneis that one mentioned above that i need. I did a scan on my puter and found another one last night-looks like im calling mcafee today!

Ohoh tiG, I hope i did'nt delete something I should'nt have.I can't remember everything but I do remember it said doc. on some of them and I think they were in temperary file when I looked at them in the isolation box. Oh well I can still get DG and this is where I am all the time when not at DD house.

the kernel32 that you need won't be in temp files or anything like that. your computer wouldn't work without it:)

i did a seach for kernel.32. and it showed 0 files found. i then did one for kernel and it showed 1. it said it was an application and the date on it was 10/4/2000..last year sometimes.
i then did one for kdll and it once again said 0 files found. is it safe to say that im uninfected at this time?
jen

sounds like it Jen, but run a scan in case it's something else. There is another virus that hit recently too. Oh, and not all files will show, it depends on your settings. An uptodate online scan sounds to me like the best test right now.

Mine crashed yesterday and I don't even correspond with members through e-mail - don't know where it came from, but appears from the news of my master fixit man that I may have lost everything all photos, thousands of music and video - wish me luck