Q-C Online support pages
Technical support article

About the "Bad Transmission" or "BadTrans" Worm



Also Known As: W32/Badtrans-A, W32/Badtrans@MM, BadTrans, IWorm_Badtrans, I-Worm.Badtrans, TROJ_BADTRANS.A

W32.Badtrans.@mm is the latest virus spreading through the Internet over E-mail using Outlook and Outlook Express. It is a MAPI worm that replies to all unread mails in your e-mail message folders, whether they are new or old. When it comes to you, the recipient, it will be from someone you know, most likely it will be a reply to a message you sent to them. The original verion had text of: "Take a look to the attachment". The latest version of this virus comes with no message body at all, only the attachment. Common file names for the attachments are listed below.

When the older verions of worm is executed, it drops the backdoor Trojan Hkk32.exe in the \Windows folder, and then executes it. It then copies itself into the Windows folder as inetd.exe, adds a run= line to the Win.ini, and displays the following message:



The next time that the computer is rebooted, the worm will wait for 5 minutes, then it will use MAPI to find all unread email messages and reply to all of them. The worm also drops a file kern32.exe, which is a password-stealing Trojan, Troj/Keylog-C, into the Windows system directory and changes the registry key
\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kernel32=kern32.exe
Both virus variations make it so that the Trojan runs at Windows startup. When the Trojan runs, it attempts to send user-confidential information such as passwords, operating system details and keyboard keys pressed to an attacker. The worm will attach itself to the e-mail, using several different file names. Most appear as if the file has multiple extensions, such as:

Pics.ZIP.scr
images.pif
README.TXT.pif
New_Napster_Site.DOC.scr
news_doc.scr
hamster.ZIP.scr
YOU_are_FAT!.TXT.pif
searchURL.scr
SETUP.pif
Card.pif
Me_nude.AVI.pif
Sorry_about_yesterday.DOC.pif
s3msong.MP3.pif
docs.scr
Humor.TXT.pif
fun.pif

To remove this or any other virus, update your anti-virus software immediately and run a thorough scan of your machine. Your best defense against a virus is to always remember to never download any strange attachment, especially if you do not know who it is coming from. If you do not know what a specific attachment is, reply to the person who sent it to you and ask, do not download. Your second line of defense should be having, and running, an up to date Anti-Virus application. For more information on virus updates and anti-virus software, visit our Virus Information section.


Local events heading








  Today is Thursday, July 24, the 205th day of 2014. There are 160 days left in the year.

1864 -- 150 years ago: The Rev. R.J. Humphrey, once a clergyman in this city, was reported killed in a quarrel in New Orleans.
1889 -- 125 years ago: The Rock Island Citizens Improvement Association held a special meeting to consider the proposition of consolidating Rock Island and Moline.
1914 -- 100 years ago: The home of A. Freeman, 806 3rd Ave., was entered by a burglar while a circus parade was in progress and about $100 worth of jewelry and $5 in cash were taken.
1939 -- 75 years ago: The million dollar dredge, Rock Island, of the Rock Island district of United States engineers will be in this area this week to deepen the channel at the site of the new Rock Island-Davenport bridge.
1964 -- 50 years ago: The Argus "walked" to a 13-0 victory over American Container Corporation last night to clinch the championship of Rock Island's A Softball League at Northwest Douglas Park.
1989 -- 25 years ago: The Immediate Care Center emergency medical office at South Park Mall is moving back to United Medical Center on Sept. 1. After nearly six years in operation at the mall, Care Center employees are upset by UMC's decision. The center is used by 700 to 800 people each month.








(More History)