Mailing List lml@lancaironline.net Message #9808
From: drjoe <colizoli@starband.net>
Subject: Fw: possible worm
Date: Sun, 20 May 2001 03:14:36 -0400
To: <lancair.list@olsusa.com>
 Message Header

Undecoded Message
         <<<<<<<<<<<<<<<<--->>>>>>>>>>>>>>>>
          <<  Lancair Builders' Mail List  >>
          <<<<<<<<<<<<<<<<--->>>>>>>>>>>>>>>>
>>
Seems I picked up the 'worm' today.  I swear I never open email attachments
but I still got it somehow. I'm lurking on the Lancair, Zenth and RV
lists.The first thing I noticed this morning was that'drjoe' appeared under
the'from' email column for each and every msg dealing with homebuilts.I
started checking the 'properties' box for these emails and became totally
bewildered as to how I was being designated as the sender.  I started
checking other folders and found that the 'sent items' folder contained
emails for each email found in the 'inbox', in essence, each email I receive
was sent back to the poster with an ATTACHMENT!!!
Do Not Open
that attachment, it contains the virus.
  I have been working on this virus most of the day with SystemSuite2000.
With updated files the virus is not detected by this program.There is
a'Real Time Virus Scanner' in SS2000 that does detect the virus but can't
clear it because it goes undetected in the main program.  SS2000 names this
virus TROJ_BADTRANS.A.  There are 2 files associated (AFAIK):
C:\windows\INETD.EXE and
and C:\windows\system\HKSDLL.DLL.
I have deleted the EXE file via DOS and a change to the win.ini file
but the DLL file keeps reappearing.
  After deleting the EXE file I emailed myself and the attachment is no
longer present.I decided to download email this evening to see if anyone had more
info on this virus and particularly on what it takes to remove the DLL file?
Also, the 'from' email column is back to normal so it seems I'm not
infectious any longer.
Sorry for any problems this has caused the groups.
Sincerly,,,,drjoe

----- Original Message -----
From: "dfs" <dfs@gateway.net>
To: "Lancair list" <lancair.list@olsusa.com>
Sent: Sunday, May 20, 2001 2:16 AM
Subject: possible worm

> Yep! Been getting this thing several times today. Thank goodness for
Norton!
> As far as I know, it has caught them all. It looks like somebody has caught
<SNIP>

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
LML website:   http://www.olsusa.com/Users/Mkaye/maillist.html
LML Builders' Bookstore:   http://www.buildersbooks.com/lancair

Please send your photos and drawings to marvkaye@olsusa.com.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster