W32.Badtrans.B@mm Virus/ MAPI worm

November 29, 2001

The W32.Badtrans.B@mm virus is a MAPI worm comes via email with one of several attachment names and a combination of two appended extensions. It also installs a Trojan that logs the keystrokes on the infected on computer to catch passwords typed on the computer, then e-mails the passwords in the form of a text document. The worm spreads via an exploit in Outlook which allows the virus to execute without the user actually opening the file. It creates the file \Windows\System\Kdll.dll, which is used to log your keystrokes. Norton AntiVirus users should run LiveUpdate to make sure they are up to date. Updated Norton virus definitions will prevent infection.

Information on the security exploit and a preventive patch are availible at:
http://www.microsoft.com/technet/security/bulletin/MS01-020.php External Link

More information on the virus and removal instructions are availible at:
http://www.sarc.com/avcenter/venc/data/w32.badtrans.b@mm.html External Link