Badtrans virus menaces e-mail

Badtrans virus menaces e-mail

As if feds did not have enough to worry about when it comes to hazardous mail, now a new virus is making opening e-mail dangerous.

A variant of an older virus is making the rounds this week, with more than 40,000 computers infected, according to computer security specialists. The new virus is called [email protected] Its name means that it is a Windows 32-bit virus and when it installs, it generates an install error message based on a bad transmission of a file.

On PCs that do not have the latest security patches, the simple act of selecting the infected mail message, such as to delete the file, will instead cause the virus to run. Once running, the virus attempts to replicate itself by performing a mass mailing that replies to every unopened letter within an inbox.

The virus will also replicate and hide within the system directory as files named either KERN32.exe, KERNEL32.EXE, KDLL.DLL or HKSDLL.DLL. The presence of those files and backsent e-mails from companies and people to whom you never sent mail indicates badtrans infection.

The virus also has an insidious purpose. It drops a Trojan horse into the system that scans for passwords, log-in names and credit card information, and then e-mails what it finds along with IP addresses back to the virus creator at one of about 15 addresses.

The Badtrans virus, once detected, is relatively easy to destroy. Deleting the files noted above from MS-DOS can manually destroy Badtrans. Updating the security patches on computers running Windows will prevent initiating the virus after selecting an infected message to delete.

The GCN Lab has tested antivirus programs from Corp. of Sunnyvale, Calif., Symantec Corp. of Cupertino and Trend Micro Inc. of Tokyo on infected computers. They all will kill the virus but need the latest updates to be effective.

The free Web virus scanner at can detect the presence of the virus, but may not be able to clean it without downloading the 30-day free trial version of PC-cillin, also from Trend Micro. McAfee and Symantec have detailed information about the virus at and at[email protected], respectively.

About the Author

John Breeden II is a freelance technology writer for GCN.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected