Warning - PC Virus

[Jodee]

Carrie/Justine/Rachel/everyone, you may or may not be aware of a pc virus that is doing the rounds. I am mentioning it here as my problem seems to have started when I received what I thought was a reply to an old email I sent to the Mumsnet team, with an attachment. I tried to click on the attachment to open it and it was blank. So if you get an odd email, which may appear to come from a friendly source, starting 'Re: XXXX' with an attachment, DO NOT open it, delete straight away. The virus then sends similar emails to everyone in your addressbook.
My DH has been attempting since yesterday night to sort this problem and we are still working on it.

I get this sort of thing regulary, I think the last one was from Angie and Mike re Yoga! The best way to spot them is if they have attachments. Just delete anything you do not recognise as friendly.

I've had 3 virus messages in the last two days. They are a bit of a pain but www.symantec.com has a good virus checker that will help identify what has been infected and what with. I believe there are other websites that do the same. I now update my virus software each week. Although my virus checker has picked up all 3 messages before they did any harm I never open attachments unless I know the person sending it.

I too had one sent to me re Mumsnet with an a attachment. I thought it strange to be receiving something without notification so deleted it. I have run a virus check, firewall etc and my machine is clean. There seem to be a lot of viruses (virii?!) around, also on UKP. Everyone please update even after the weekend as new virus are in circulation

Another good anti-virus checker is Grisoft.com Download it for free from the internet. I got 3 viruses in the summer which completely wiped out my pc. The trouble with the one's that infect other people's address books is that you may well open the attachment since you may be half-expecting one from that person.

Help!!!! I've opened it from you Jodee, what happens now??? I'm really scared this isn't my computer, please help......

I opened one from Rachel on the Mumsnet team with attachments! I shall now email everyone I know to tell them not to open anything strange from me. How do you know if you've been affected by this? My computer seems fine enough.

Does anyone know what it is called yet? My computer (or rather my dad's - eek!) has no virus protection on it so would like to remove it by downloading the right tool.I have checked with friends and it has been passed on to them through my address book. Sorry I'm really stressing about this, help please, Jodee? Anyone?

Hi, The virus that is doing the rounds at the moment is called W32.Badtrans.B. There is a page that describes it here

The latest versions of Norton AntiVirus, Sophos, McAfee and the other virus checkers can clean this virus from your PC if you suspect you might have it.

There's more on it here too. You should take steps to get rid of it if you think you may have it as it opens up your computer to control from outside, and also attempts to steal your passwords.

I got it from mumsnet too - bought Norton anti-virus (which I should have had anyway) and then checked the website for details of how to get rid of it. Its gone now, hurrah. But not before it sent itself to everyone in my address book as well as lots of completely randome people....

I also received an e-mail from Rachel@mumsnet which contained the virus. We had only updated our Norton virus protection on Friday, and it apparently was picked up by them on Saturday morning. Just our luck - it took 3 hrs to sort out!

Lizzer - find www.grisoft.com and download their anti-virus stuff. It's free and, so far, is keeping my pc safe despite getting a virus about 6 weeks ago. Don't open any unexpected attachments. I only know from bitter experience.

Have just logged onto grisoft.com and am downloading the anti-virus software as we speak, but it will take an hour to do the first part of the download! This'll cost a bomb!

My email was from Rachel@Mumsnet titled Moderators and had two attachments called SEARCHURL and text5, both of which I opened in my bewilderment at getting an email from one of the Mumsnet team. I still have this email, can anyone tell me what to do with it? Should I send it to anyone who might be able to trace the sender?

Also, I'm still not sure if I'm infected with the virus as my computer is running fine and no-one from my address book has mailed me to say they have received such an email from me. It's just that this download is going to take forever and although it says it is free, it will cost a packet on my phone bill, which is not what you need just before Christmas!

message withdrawn

Lots of Baby World members have had this virus too, myself included. Fortunately Norton anti-virus was able to stop it from doing any damage.
Funny though how members of two parenting sites have been affected.

Robinw, I have people at the Home Office and the Dept of Health, plus a couple at universities, in my address book - does this mean that if one does slip through I won't have to worry so much? It'll still be in my computer, won't it?

Thanks for that tip, Robinw. My son is in the Civil Service - I'll just bombard him with emails every day, now!

Lizzer, so sorry your computer got stuffed up, what a pain.
If you think your pc is 'clean', you may want to double check just to be on the safe side. If you follow the following route:
Click on Start; Run; type in 'regedit' [without the quotes] ; click on hkeylocalmachine; software; microsoft; windows; current version; run once. At this point, you have a window on the rh side. If 'kernel32.exe' is present, then you have the virus. Right click the mouse to give you an option to delete.
If this doesn't resolve the problem and you have the Norton anti-virus software, you can click on the live updates link and you can download the software to remove the virus.
We didn't have the Norton anti-virus set up and had to buy it.

Once you have received most viruses - if you open the attachment to the message, the computer is affected. Unfortunately, with this particular virus, previewing the message can be enough unless you have a recently fixed version of Microsoft Outlook / Outlook Express installed. If you are running a Windows machine with windows 98 or 2000 on it, you should have a "windows update" icon on your start menu. If you click this, you go to a microsoft website. Click on "Product updates". This should then give you a list of available updates. You should check this periodically, and install anything that Microsoft labels as a "critical update". This is where they put their security patches that close the loopholes that viruses like this exploit.

Unfortunately, once you have the virus on your machine, doing this isn't enough - you need to get an antivirus program and install it to clean the existing infection - or follow the manual removal instructions that are posted on various websites. This last option is not for the faint-hearted though, as it can get tricky.

Also, although it's not necessary to open an attachment in this case, you should be very wary of opening any attachment that ends in one of .exe, .pif, .scr and so on. Some viruses will send an attachment called something.doc.pif hoping you will see the .doc and assume it's a word document whereas in fact it's an executable program file. I'd recommend not ever directly opening attachments, unless you are absolutely sure that you know what it is and that you were expecting it.

Also, this particular virus does something slightly tricky. If you look at the "from" line in the message, it might say "Joe Bloggs", who you know as "[email protected]" for example. However, if you look at the return email address, it will likely be "[email protected]" - in Outlook click on the from line in the message, right click and choose "properties" to display the underlying email address. So even if you or the anti-virus measure at some company responds saying a message is suspect, or got rejected by a virus filter, the inadvertent sender might not see the response and realise something was wrong.

This seems to have been a fairly major problem in the UK over the last couple of days. The BBC are reporting it now too - here. There is also a fairly technical explanation of it at messagelabs, which is one of the services corporations use to scan their incoming email.

message withdrawn

message withdrawn

Thankyou for all your help, I really wish my Brother was about at the mo as he is computer wiz and would sort it out for me, but alas he is a hundreds of miles away and my frantic phone calls are just stressing him out

I guess I will have to sort it myself, about time I learnt something about the thing I spend an awful lot of time sitting in front of nowadays...

Jodee, have done what you said. It was there ('kernel...') so deleted it. Do you know what I need to do now? I haven't got any anti virus stuff on the pc at all. It doesn't yet appear to have done anything 'bad', but I'm really concerned about the passwords thing - its not like we do any business on the computer and my banking is hardly worth nicking - being that it is max overdrawn at all times!

I am so sorry for being a pain in the bum about this but I was so angry at myself yesterday for opening it when I KNEW it looked as suspicious as hell, oh why am I such a fool...??!! (Don't need an answer for that incase you were wondering!)

After this I swear I'll never even open another email before triple checking it

If its any consolation Lizzer it doesn't make much difference if you open the latest one or not - one you've clicked on the message that's enough. Its worth using the virus checker at symantec.com to check if anything else if infected. Clear as many files off your machine as possible first as it can take a lot longer than the 20 minutes it says. It would be best to change any password that is connected with a financial site.

Hi Robinw,
We use the latest version of Norton Antivirus, and it's set up to do live updates of virus definitions. However, a problem on Rachel's computer prevented the most recent update from "taking", so the virus slipped through. By the way, we don't maintain a central address book. Our membership records are on a secure Unix server that is not accessible to anyone's email or any user, so it wasn't compromised at any time. The people who appear to have got messages from Rachel are people she had corresponded with personally about competition prizes and so on.

Regards,
Steven