Badtrans virus menaces e-mail

Badtrans virus menaces e-mail

As if feds did not have enough to worry about when it comes to hazardous mail, now a new virus is making opening e-mail dangerous.

A variant of an older virus is making the rounds this week, with more than 40,000 computers infected, according to computer security specialists. The new virus is called W32.Badtrans.B@mm. Its name means that it is a Windows 32-bit virus and when it installs, it generates an install error message based on a bad transmission of a file.

On PCs that do not have the latest security patches, the simple act of selecting the infected mail message, such as to delete the file, will instead cause the virus to run. Once running, the virus attempts to replicate itself by performing a mass mailing that replies to every unopened letter within an inbox.

The virus will also replicate and hide within the system directory as files named either KERN32.exe, KERNEL32.EXE, KDLL.DLL or HKSDLL.DLL. The presence of those files and backsent e-mails from companies and people to whom you never sent mail indicates badtrans infection.

The virus also has an insidious purpose. It drops a Trojan horse into the system that scans for passwords, log-in names and credit card information, and then e-mails what it finds along with IP addresses back to the virus creator at one of about 15 addresses.

The Badtrans virus, once detected, is relatively easy to destroy. Deleting the files noted above from MS-DOS can manually destroy Badtrans. Updating the security patches on computers running Windows will prevent initiating the virus after selecting an infected message to delete.

The GCN Lab has tested antivirus programs from Corp. of Sunnyvale, Calif., Symantec Corp. of Cupertino and Trend Micro Inc. of Tokyo on infected computers. They all will kill the virus but need the latest updates to be effective.

The free Web virus scanner at can detect the presence of the virus, but may not be able to clean it without downloading the 30-day free trial version of PC-cillin, also from Trend Micro. McAfee and Symantec have detailed information about the virus at and at, respectively.

About the Author

John Breeden II is a freelance technology writer for GCN.

inside gcn

  • high performance computing (Gorodenkoff/

    Does AI require high-end infrastructure?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group