www.security.vt.edu | computing.vt.edu
you are here: Anti-Virus Home > Virus Alerts > Badtrans.B Virus

W32.Badtrans.B@mm Virus/ MAPI worm

November 29, 2001


The W32.Badtrans.B@mm virus is a MAPI worm comes via email with one of several attachment names and a combination of two appended extensions. It also installs a Trojan that logs the keystrokes on the infected on computer to catch passwords typed on the computer, then e-mails the passwords in the form of a text document. The worm spreads via an exploit in Outlook which allows the virus to execute without the user actually opening the file. It creates the file \Windows\System\Kdll.dll, which is used to log your keystrokes. Norton AntiVirus users should run LiveUpdate to make sure they are up to date. Updated Norton virus definitions will prevent infection.

Information on the security exploit and a preventive patch are availible at:
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp External Link

More information on the virus and removal instructions are availible at:
http://www.sarc.com/avcenter/venc/data/w32.badtrans.b@mm.html External Link

 

last modified: 1/26/2004 11:25:26 AM Feedback | Privacy Statement | Acceptable Use Standard

©2001 Virginia Tech University Computing Support.