How To Fix Badtrans & Ethan Virus
Darrin McKeehen
dmckeehen at HOTMAIL.COM
Tue Apr 17 10:52:02 EDT 2001
This was just sent to me by a friend.
I hope that it helps!
Peace,
Darrin
~~~~~~~~~~~~~~~~
If you received an email from Chris Imburgia with an attachment, and tried
to open the attachment (even if it reported an error!), then you most likely
have the following viruses:
W32.Badtrans.13312 at mm
W97M.Ethan.B
The problem is, most virus programs DO NOT DETECT the W32.Badtrans virus! In
particular, I tried McAfee VirusScan, Computer Associates InoculateIT, and
Command Virus, and they reported my computer as clean, when I know for a
fact it was still infected (Outlook was still sending email worms to people
that emailed me).
The one product I found that detected both viruses is Norton AntiVirus. You
can run this virus scanner for free at
http://security.norton.com/default.asp?productid=sarc&langid=us&venid=sym
Since it is free, it will only report the viruses and won't fix them for
you. Write down the location of the infected files.
To get rid of the Ethan virus (which only infects Word documents), you can
either delete the infected documents (and then don't forget to empty the
Recycle bin!), or get InoculateIT from http://antivirus.ca.com/ which will
disinfect the documents. However, that program won't detect or fix the
W32.Badtrans virus.
To get rid of the W32.Badtrans virus on a Win2k system, you need to do the
following. Restart your computer. Hold F8 while Windows is starting up.
Select "boot in safe mode". After it has booted, open a command prompt and
delete the following files:
The file C:\WINNT\hkk32.exe is infected with W32.Badtrans.13312 at mm
The file C:\WINNT\INETD.EXE is infected with W32.Badtrans.13312 at mm
The file C:\WINNT\system32\hksdll.dll is infected with
W32.Badtrans.13312 at mm
The file C:\WINNT\system32\KERN32.EXE is infected with
W32.Badtrans.13312 at mm
The virus also leaves some entries in your registry. This will cause Windows
to report an error when you start up, because it can't find the files you
just deleted. Here's how to fix your registry:
Go to Start->Run and type regedit.
Choose Edit->Find and look for "kern32.exe". Delete all occurrences of the
file.
Choose Edit->Find and look for "inetd.exe". Delete all occurrences of the
file.
Restart your computer, and everything should be nice and clean.
James
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
More information about the boc-l
mailing list