[ale] Virus alert, possibly from me...

[Geoffrey]

> Matt Shade wrote:
> 
> Hi folks,
> I hate having to send this out, but it's possible I might have passed
Wouldn't have happened if you'd been running Linux. :)

> along a virus.....
> 
> I received an email today at 6:35 PM EST with a single attachment
> IMAGE.DOC.pif.   Since I knew the sender, and the subject was actually
> something discussed recently (Re: Re: Re: [HP3000-L] OT:What's a slide
> rule...), I stupidly opened the attachment. Of course, nothing visible
> was there. However, about 2 minutes later I received "Mail Delivery
> Failed" for an email my computer was trying to send. I immediately
> recognized it as a virus and disconnected the phone line. I found 4
> brand new files in my \winnt\system32 folder - KERNEL32.exe, kdll.dll,
> protocol.dll, and cp_25389.nls. I found the KERNEL.EXE running in Task
> Manager, killed the process, and was able to delete all 4 files. After
> rebooting, I checked the CERT site and found that this is the
> "W32/BadTrans worm" and applied the patch for it.
> 
> If you've received anything form me today, please don't open any
> attachments. I'm clean now, but I do know that I was infected earlier
> this evening.
> 
> http://www.cert.org/incident_notes/IN-2001-14.html
> 
> matt shade
> www.threekay.com
> 
> 

--
Until later: Geoffrey		esoteric at denali.atlnet.com

"...the system (Microsoft passport) carries significant risks to users
that
are not made adequately clear in the technical documentation available."
- David P. Kormann and Aviel D. Rubin, AT&T Labs - Research
- http://www.avirubin.com/passport.html

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.