Leave bad virus be

Leave bad virus be

W32.Badtrans variants of an old 32-bit Microsoft Windows worm last month infected tens of thousands of computers.

On PCs without the latest security patches, even selecting an infected Microsoft Outlook e-mail for deletion will activate the virus. Once running, the worm replicates itself by mass-mailing to every unopened message address in the Outlook inbox.

It hides in the system directory as files named kern32.exe, kernel32.exe, kdll.dll or hksdll.dll.. It also drops a Trojan horse into infected systems to scan for passwords, log-in names and credit card information. It attempts to e-mail what it finds, along with IP addresses, back to the virus creator.

Deleting the above files can manually destroy Badtrans. Updating security patches prevents accidental execution by selecting its e-mail vector for deletion.

The GCN Lab tested antivirus programs from McAfee.com Corp. of Sunnyvale, Calif., Symantec Corp. of Cupertino, Calif., and Trend Micro Inc. of Tokyo on Badtrans-infected computers. All the programs required the latest updates to be effective. A free Web virus scanner at www.housecall.antivirus.com can detect Badtrans but not clean it without download of a 30-day trial version of Trend Micro's PC-cillin.

Last week a similar worm called Goner began making the rounds. Less dangerous than Badtrans, Goner works only if a user runs an attached .exe file disguised as a screen saver.

About the Author

John Breeden II is a freelance technology writer for GCN.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected