W32/Badtrans.B@mm
| W32/Badtrans.B@mm |
Destructivity:  Spreading:  Overall risk: 
|
| • Detected by virus detection files published: 11/24/2001 | • Type: Worm |
| • Virus characteristics first published: 11/24/2001 | • Spreading mechanism: Email |
| • Virus characteristics latest update: 12/18/2003 | • Overall risk: Low |
| • Alias: | • Payload: Backdoor functionality |
| • Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista |
| Virus type |
Spreading mechanism |
Destructivity and payload |
Additional descriptions |
Detection and removal |
||||||||||
|
For users of NVC5: The worm will be detected and removed using def files from 25th Nov 2001 or later. The keylogger utility KDLL.DLL may be safely deleted. For users of NVC4: NVC4 does not have the possibility to delete files that are held open by the system. Therefore, removal of this worm is slightly more complicated than when using NVC5. When running on Windows NT, 2000 or XP: Find and stop the KERNEL32.EXE process using task manager. How to do this: Press Ctrl-Alt-Del. Press the "Task Manager" button. Select the "Processes" window. Find the KERNEL32.EXE process, select it and click on "End Process". Start NVC via "Start|Programs|Norman Virus Control|Norman Virus Control". Select your hard disk(s) and press "Start scan". When running on Windows 95/98: Boot to DOS and perform a scan using the DOS command line scanner supplied. You will normally find this in the \NORMAN\DOS directory. How to do this: Press "start" on the task bar Select "Shut down..."' Select "Restart the computer in DOS mode" When the computer has started with a DOS prompt: type cd \norman\dos type NVC32X /ALD /CL /U The scanner should now clean up the machine by itself. When running on Windows ME: Windows ME does not have the option to boot to DOS directly. However, this is perfectly possible, but you have to use the emergency startup diskette that normally is supplied with your PC. If you don't have an emergency diskette, make a new one by selecting "Start|Settings|Control Panel|Add/Remove Programs|Startup Disk|Create Disk" Once you have a startup diskette, insert it into the A: drive and restart. The rest of the procedure is identical to the one described for Win 95/98. The registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\Kernel32 may be deleted manually using REGEDIT. However, since the RunOnce key normally is cleared after it's been referenced, it's normally enough to reboot twice to remove it. |
||||||||||||||