W32.Badtrans.gen@mm
Aliases: W32/Badtrans-A, W32/Badtrans@MM, BadTrans, I-Worm.Badtrans, WORM_BADTRANS.A
Variants: N/A
Classification: Malware
Category: Computer Worm
Status: Active and Spreading
Spreading: Fast
Geographical info: Europe, US, Asia
Removal: Easy
Platform: W32
Discovered: 11 Apr 2001
Damage: Medium
Characteristics: The W32.Badtrans.gen@mm worm is a MAPI or Messaging Application Programming Interface worm that can reply to every unread message in a user’s email message folder. It is also known to install a backdoor Trojan in a compromised system.
W32.Badtrans.gen@mm Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Badtrans.gen@mm from your computer.
More details about W32.Badtrans.gen@mm
The W32.Badtrans.gen@mm worm spreads under Win32 systems. It sends e-mail messages with the infected attached files. It also installs a Trojan component the spies to steal information from the compromised system. The W32.Badtrans.gen@mm worm installs the Hkk32.exe backdoor Trojan in the C:\ Windows folder then runs it. It will then copy its code in the folder C:\ Windows as the file inetd.exe and then add to the Win.ini file the run=line. It will then show a popup message with the title ‘Install Error’. The message says ‘File data corrupt: probably due to bad data transmission or bad disk access’. When the infected system is restarted, the malware will wait for a few minutes then utilize MAPI to locate unread email messages and respond to them.This virus allegedly has a multi-component structure that consists of two different components dropped on a disk as different files and run as stand-alone or exclusive programs (e-mail Worm and Trojan). The "Worm" routine is the main component, keeping a "Trojan" program body in its code, and installs it into the system while infecting a new machine. This virus will likewise attach itself to the email and use the following filenames: Humor.TXT.pif, fun.pif, docs.scr, s3msong.MP3.pif, Sorry_about_yesterday.DOC.pif, Me_nude.AVI.pif, Card.pif, SETUP.pif, searchURL.scr, YOU_are_FAT!.TXT.pif, hamster.ZIP.scr, news_doc.scr, New_Napster_Site.DOC.scr, README.TXT.pif, images.pif, and Pics.ZIP.scr. The W32.Badtrans.gen@mm worm component operates like the "I-Worm.ZippedFiles"(aka ExploreZip) worm: by using Windows MAPI functions. Through thia, it gains access to the Inbox and replies to all unread messages.
Browse for more malware information
- W32.Badtrans.gen@mm
- W32.Bagif
- W32.Bagz@mm
- W32.Bakain
- W32.Baki.A
- W32.Banish.A@mm
- W32.Banleed.A
- W32.Banwarum.G@mm
- W32.Banwor
- W32.Barten@mm
- W32.Basbot
- W32.Beagle!gen
- W32.Beagle.A@mm
- W32.Benjamin.Worm
- W32.Besam
- W32.Bezilom.Worm
- W32.Bibrog.B@mm
- W32.Binghe
- W32.Bitter
- W32.Bizex.Worm
- W32.Blackmal.B@mm
- W32.Blastclan
- W32.Blatic.A
- W32.Blebla.Worm
- W32.Bluven
- W32.Bobax!gen
- W32.Bolgi.Worm
- W32.Borm
- W32.Botou
- W32.Bratsters
Contact Us
|
Privacy Policy
|
Site Map
Copyright © Uniblue Systems Limited 2007. All rights reserved.