Q-C Online support pages
Technical support article
About the "Bad Transmission" or "BadTrans" Worm
Also Known As: W32/Badtrans-A, W32/Badtrans@MM, BadTrans, IWorm_Badtrans, I-Worm.Badtrans, TROJ_BADTRANS.A
W32.Badtrans.@mm is the latest virus spreading through the Internet over E-mail using Outlook and Outlook Express. It is a MAPI worm that replies to all unread mails in your e-mail message folders, whether they are new or old. When it comes to you, the recipient, it will be from someone you know, most likely it will be a reply to a message you sent to them. The original verion had text of: "Take a look to the attachment". The latest version of this virus comes with no message body at all, only the attachment. Common file names for the attachments are listed below.
When the older verions of worm is executed, it drops the backdoor Trojan Hkk32.exe in the \Windows folder, and then executes it. It then copies itself into the Windows folder as inetd.exe, adds a run= line to the Win.ini, and displays the following message:
The next time that the computer is rebooted, the worm will wait for 5 minutes, then it will use MAPI to find all unread email messages and reply to all of them. The worm also drops a file kern32.exe, which is a password-stealing Trojan, Troj/Keylog-C, into the Windows system directory and changes the registry key
Both virus variations make it so that the Trojan runs at Windows startup. When the Trojan runs, it attempts to send user-confidential information such as passwords, operating system details and keyboard keys pressed to an attacker.
The worm will attach itself to the e-mail, using several different file names. Most appear as if the file has multiple extensions, such as:
To remove this or any other virus, update your anti-virus software immediately and run a thorough scan of your machine. Your best defense against a virus is to always remember to never download any strange attachment, especially if you do not know who it is coming from. If you do not know what a specific attachment is, reply to the person who sent it to you and ask, do not download. Your second line of defense should be having, and running, an up to date Anti-Virus application. For more information on virus updates and anti-virus software, visit our Virus Information section.