Menu
New trojan and how to protect yourself

New trojan and how to protect yourself

An extremely dangerous email worm is currently making its rounds through the Internet under the name 'BadTrans'. Emails written in HTML usually contain the tempting slogan 'Take a look to the attachment' and either have an empty subject or a subject only filled with 'Re:'.

Possible attachment names are 'YOU_are_FAT! .TXT' or 'New_Napster_Site.DOC' and can have the ending .mp3, .doc, .pif, .scr or .zip. During the 'Installation' the popup 'Install error' appears with the content 'File data corrupt: probably due to a bad data transmission or bad disk access'. In order to establish itself in the infected system, the worm copies itself to the Windows folder as 'INETD.EXE' and creates backdoors as 'KERN32.EXE', 'Kernel32.exe' or 'Kernel.exe'. It also installs a KeyLogger as 'HKSDLL.DLL' or 'KDLL.DLL' in the system folder. Via entries in the Win.ini and the registry, all components are loaded into the autostart. The worm spreads by independently sending itself to the addresses of unanswered emails from Outlook. On infected computers, it sends the IP address to the author, giving him access to Trojans and KeyLoggers. The leading manufacturers of anti-virus software have already reacted, however, after an update the engine should find 'BadTrans'. To remove the worm manually, you have to delete said files in DOS mode and remove the entries 'HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunOncekernel32 = kern32.exe' and 'HKEY_USERSSoftwareMicrosoftWindows NTCurrentVersionWindowsRUN =% WinDir% INETD.EXE' from the registry. (stands for space)