Win32.Badtrans.B@mm Detection & Clean A removal tool for the Badtrans virus
Download

Win32.Badtrans.B@mm Detection & Clean Ranking & Summary

Win32.Badtrans.B@mm Detection & Clean Tags

virus Free Removal Worm Virus Removal W32.Badtrans W32/Badtrans-A W32/Badtrans-B Badtrans.b Worm Badtrans.b Scanner Remove Badtrans.b BadTrans.B unlock Badtrans.b delete Badtrans.b Badtrans remover Badtrans worm Badtrans virus removal software virus removal tool

Win32.Badtrans.B@mm Detection & Clean Description

Win32.Badtrans.B@mm Detection & Clean is a small utility that can help you get rid of the malware infection.The virus comes in the following format:From: e-mail address of the infected sender or one of the following e-mail addresses:"Anna" aizzo@home.com"JUDY" JUJUB271@AOL.COM"Rita Tulliani" powerpuff@videotron.ca"Tina" tina0828@yahoo.com"Kelly Andersen" Gravity49@aol.com" Andy" andy@hweb-media.com"Linda" lgonzal@hotmail.com"Mon S" spiderroll@hotmail.com"Joanna" joanna@mail.utexas.edu"JESSICA BENAVIDES" jessica@aol.com"Administrator" administrator@border.net"Admin" admin@gte.net"Support" support@cyberramp.net"Monika Prado" monika@telia.com"Mary L. Adams" mary@c-com.netSubject: Empty or having the following content:RE:RE: Body: EmptyAttachment: The name of the attachement is formed using one of the following words: funHumordocsinfoSorry_about_yesterdayMe_nude CardSETUPstuffYOU_are_FAT!HAMSTERnews_docNew_Napster_SiteREADMEimagesPicsThe extension of the attachment could be a combination of .MP3., .DOC., .ZIP., with .scr., .pif. or just .scr or .pif.The worm is using the IFRAME vulnerability and it will be executed on computers with Outlook Express just by preview. Computers with security patch will be infected only by executing the attachment.After execution the worm copies itself in Windows %System% directory under the kernel32.exe name, and it will drop the kdll.dll at the same location.To ensure that it will be executed at restart it adds the following registry key:with value kernel32.exe.Then it will delete itself from the location where it was executed, and it will gather computer information (like User name, computer name, RAS information, passwords, so on) and sends it to the following e-mail address: uckyjw@hotmail.comThe Worm has two methods of getting e-mail addresses:It search them in *ht* and *.asp files in Internet Cache directory or it gets them with MAPI functions from e-mails received by the infected user.It will not send itself twice to the same address because it keeps the already used e-mail addresses in %SYSTEM%\PROTOCOL.DLL.

Win32.Badtrans.B@mm Detection & Clean Related Software