[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Virus alert, possibly from me...

Subject: [ale] Virus alert, possibly from me...
From: mshade at threekay.com (Matt Shade)
Date: Thu, 29 Nov 2001 23:52:39 -0500



Hi folks,
I hate having to send this out, but it's possible I might have passed along 
a virus.....
??
I received an email??today at 6:35 PM EST with a single 
attachment IMAGE.DOC.pif.???? Since I knew the sender, and the subject 
was actually something discussed recently (Re: Re: Re: [HP3000-L] OT:What's a 
slide rule...), I stupidly opened the attachment. Of course, nothing visible was 
there. However, about 2 minutes later I received "Mail Delivery Failed" for an 
email my computer was trying to send. I immediately recognized it as a virus and 
disconnected the phone line. I found 4 brand new files in my \winnt\system32 
folder - KERNEL32.exe, kdll.dll, protocol.dll, and cp_25389.nls. I found the 
KERNEL.EXE running in Task Manager, killed the process, and was able to delete 
all 4 files. After rebooting, I checked the CERT site and found that this is the 
"W32/BadTrans worm" and applied the patch for it. 
??
If you've received anything form me today, please don't open any 
attachments. I'm clean now, but I do know that I was infected earlier this 
evening.
??
<A 
href="http://www.cert.org/incident_notes/IN-2001-14.html";>http://www.cert.org/incident_notes/IN-2001-14.html
??
matt shade<A 
href="http://www.threekay.com";>www.threekay.com
??
??

Prev by Date: [ale] Linux and Sun
Next by Date: [ale] Bellsouth DSL modems....again
Previous by thread: [ale] Linux and Sun
Next by thread: [ale] Virus alert, possibly from me...
Index(es):
- Date
- Thread