Virus Badtrans
This is a worm that replies to all unread messages in your email message folders and drops a backdoor Trojan.
This Worm creates a copy of itself, INETD.EXE, in the Windows directory and then drops the files KERN32.EXE and CP_23421.NLS.
The next time that the computer is restarted, the worm waits for five minutes and then find all unread email messages and reply to all of them. The worm attaches itself to the message. The worm distributes its copy in several ways. It replies to incoming messages and sends emails with itself to the email address found in the “*.HT ” and “.ASP” files.
To execute itself on the next Windows startup, it creates the following registry entry that executes the KERNEL32.EXE file upon Windows startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\RunOnce\kernel32 = “kernel32.exe”
It also can add an entry "C:\%WINDIR%\INETD.EXE" under the RUN key of WIN.INI file. Where %WINDIR% is the Windows directory. It does this in order to execute at every Windows start up.
© Copyright 2000-2008 AnVir Software. All Rights Reserved.
