Return To Home Page Search Fire Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info Prognet Privacy Statement

Click here to view product details, fire framework, screen shots, Y2K statement, etc.Download fire evaluation copy, updates, upgrades, user manual, free utils and lot more.Customers can enjoy technical support, security tips, FAQ, free virus alert mail, etc. Online ordering, renewal form and upgrade details.Resellers, dealers and distributors can enter here.Click here to view latest virus alerts, virus information center, virus calendar, etc.Latest news and other press releases.About Prognet Technologies Pvt. Ltd, technical team, clients, events and lot more.

 

Badtrans.b Worm

Information about badtrans.b worm:

                     BadTrans.B is modified variant of original BadTrans worm. This encrypted worm uses Windows address book to collect e-mail address. It also drops Trojan.PSW.Hooker.b in the victims PC. The virus author can steal username and password details using this password stealer.

                     I-worm/BadTrans.B arrives as an e-mail attachment. The attachments are embedded within the e-mail and it won't visible to the user. When the user views the attachment the embedded code is executed automatically and it drops the virus. Microsoft released security patches to close this security hole. If you haven't installed, you can get a copy at http://www.microsoft.com/windows/ie/download/critical/Q290108/default.asp

The worm attachment name will be one of the following.

fun.pif
Card.pif
YOU_are_FAT!.TXT.pif
images.pif
Humor.TXT.pif
hamster.ZIP.scr
New_Napster_Site.DOC.scr
news_doc.scr
Me_nude.AVI.pif
Pics.ZIP.scr
README.TXT.pif
SETUP.pif
searchURL.scr
docs.scr
s3msong.MP3.pif
Sorry_about_yesterday.DOC.pif

                     The worm also decrypts and drops KERNEL32.EXE and KDLL.DLL in the Windows system folder. The password stealer is activated on next startup by adding the registry.

Remvoing Badtrans.b from your computer:

Fire has incorporated I-Worm/BadTrans.B in its signature file to protect Fire users from this worm attack. Fire anti-virus users can update this signature file by using online update facility. It is available with the registered version of Fire anti-virus Kit.

If you are already infected with this worm, download and install security patches from the link http://www.microsoft.com/windows/ie/download/critical/Q290108/default.asp according to your Internet Explorer version. Then run registered version of Fire anti-virus and choose delete option to remove the worm components.

                   You can check the system manually. I-Worm/BadTrans.B worm creates the file "KERNEL32.EXE", "KDDLL.DLL" in the Windows system folder. The presence of these files ensures you are infected with this worm.

                     A free download of FireLite [ 1100KB] version is also available to detect I-Worm/BadTrans.B. Fire anti-virus kit removes I-Worm/BadTrans.B without problems. If you find this worm, use registered version of Fire to remove. To get the registered version of Fire call us at 044-28170440 or mail to service@fireav.com or purchase Fire online using

[Analysis: Mr.Ramesh, Mr. Stanley Rakesh, Prognet Technologies Pvt. Ltd, April. 2001]

Go to top of the page
.