[ale] Virus alert, possibly from me...

Steven A. DuChene linux-clusters at mindspring.com
Fri Nov 30 00:47:26 EST 2001


Dude:
This is a Linux user's mailing list. Linux "USERS" don't get viruses. :-)

On Thu, Nov 29, 2001 at 11:52:39PM -0500, Matt Shade wrote:
> Hi folks,
> I hate having to send this out, but it's possible I might have passed along a virus.....
> 
> I received an email today at 6:35 PM EST with a single attachment IMAGE.DOC.pif.   Since I knew the sender, and the subject was actually something discussed recently (Re: Re: Re: [HP3000-L] OT:What's a slide rule...), I stupidly opened the attachment. Of course, nothing visible was there. However, about 2 minutes later I received "Mail Delivery Failed" for an email my computer was trying to send. I immediately recognized it as a virus and disconnected the phone line. I found 4 brand new files in my \winnt\system32 folder - KERNEL32.exe, kdll.dll, protocol.dll, and cp_25389.nls. I found the KERNEL.EXE running in Task Manager, killed the process, and was able to delete all 4 files. After rebooting, I checked the CERT site and found that this is the "W32/BadTrans worm" and applied the patch for it. 
> 
> If you've received anything form me today, please don't open any attachments. I'm clean now, but I do know that I was infected earlier this evening.
> 
> http://www.cert.org/incident_notes/IN-2001-14.html
> 
> matt shade
> www.threekay.com
> 
> 

-- 
Steven A. DuChene      linux-clusters at mindspring.com
                      sduchene at mindspring.com

        http://www.mindspring.com/~sduchene/

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list