Return-Path: <lancair.list-request@olsusa.com>
Received: from pop3.olsusa.com ([63.150.212.2] verified)
  by logan.com (CommuniGate Pro SMTP 3.4.5)
  with ESMTP id 782452 for rob@logan.com; Sun, 20 May 2001 11:00:44 -0400
Received: from c0mailgw13.prontomail.com ([216.163.180.10])
          by pop3.olsusa.com (Post.Office MTA v3.5.3 release 223
          ID# 0-71175U5500L550S0V35) with ESMTP id com
          for <lancair.list@olsusa.com>; Sun, 20 May 2001 03:06:53 -0400
Received: by c0mailgw13.prontomail.com (NPlex 5.1.050) id 3B03952A000AB7D7 for lancair.list@olsusa.com; Sun, 20 May 2001 00:11:24 -0700
Received: from 148.71.86.62 by SmtpServer for <colizoli@starband.net>; Sun, 20 May 2001 07:11:20 +0000
Message-ID: <004b01c0e0fc$8dbf9fa0$3e564794@w8s1x1>
From: "drjoe" <colizoli@starband.net>
To: <lancair.list@olsusa.com>
Subject: Fw: possible worm
Date: Sun, 20 May 2001 03:14:36 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Mailing-List: lancair.list@olsusa.com
Reply-To: lancair.list@olsusa.com

          <<<<<<<<<<<<<<<<--->>>>>>>>>>>>>>>>
          <<  Lancair Builders' Mail List  >>
          <<<<<<<<<<<<<<<<--->>>>>>>>>>>>>>>> 
>>
Seems I picked up the 'worm' today.  I swear I never open email attachments
but I still got it somehow. I'm lurking on the Lancair, Zenth and RV 
lists.The first thing I noticed this morning was that'drjoe' appeared under 
the'from' email column for each and every msg dealing with homebuilts.I 
started checking the 'properties' box for these emails and became totally
bewildered as to how I was being designated as the sender.  I started
checking other folders and found that the 'sent items' folder contained
emails for each email found in the 'inbox', in essence, each email I receive
was sent back to the poster with an ATTACHMENT!!!
Do Not Open 
that attachment, it contains the virus.
  I have been working on this virus most of the day with SystemSuite2000.
With updated files the virus is not detected by this program.There is 
a'Real Time Virus Scanner' in SS2000 that does detect the virus but can't 
clear it because it goes undetected in the main program.  SS2000 names this
virus TROJ_BADTRANS.A.  There are 2 files associated (AFAIK):
C:\windows\INETD.EXE and
and C:\windows\system\HKSDLL.DLL.
I have deleted the EXE file via DOS and a change to the win.ini file
but the DLL file keeps reappearing.
  After deleting the EXE file I emailed myself and the attachment is no
longer present.I decided to download email this evening to see if anyone had more
info on this virus and particularly on what it takes to remove the DLL file?
Also, the 'from' email column is back to normal so it seems I'm not
infectious any longer.
Sorry for any problems this has caused the groups.
Sincerly,,,,drjoe

----- Original Message -----
From: "dfs" <dfs@gateway.net>
To: "Lancair list" <lancair.list@olsusa.com>
Sent: Sunday, May 20, 2001 2:16 AM
Subject: possible worm

> Yep! Been getting this thing several times today. Thank goodness for
Norton!
> As far as I know, it has caught them all. It looks like somebody has caught
<SNIP>

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
LML website:   http://www.olsusa.com/Users/Mkaye/maillist.html
LML Builders' Bookstore:   http://www.buildersbooks.com/lancair

Please send your photos and drawings to marvkaye@olsusa.com.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>