Received an email in my Pprune inbox from a Miss Tracey Smiley, subject Re:, File size 42k. Knowing Pprune to be spam free (it says so!) and confident in my virus checker, I attempted to open the letter, only to get a url as follows: cid:EA4DMGBP9p and a message that this page could not be opened.

I did a virus scan afterwards, though not on my whole C drive, and turned up nothing. Anybody got any ideas?

I've saved the message should the moderators be interested, though how I would forward it has got me beat. :)
cid:EA4DMGBP9p

Binoculars
See the thread on w32/badtrans/mm.
I had the same type of email from Andy Hughes.
Since I had already experienced the w32/badtrans/mm virus I just deleted it.
My Norton Anti-virus didn't spot it, but it did no harm.

Thanks Cossack. Always feel a dill starting a new thread on something that's got two pages devoted to it elsewhere, but if you don't check each thread you don't know.

:rolleyes:

cossack

This is a new virus. Are your definitions up to date?

W32.Badtrans.B@mm
Discovered on: November 24, 2001
Last Updated on: November 29, 2001 at 05:04:14 PM PST
Due to the increased rate of submissions, Symantec Security Response has upgraded the threat level of this worm from level 3 to level 4 as of November 26, 2001.
W32.Badtrans.B@mm is a MAPI worm that emails itself out using different file names. It also creates the file \Windows\System\Kdll.dll. It uses functions from this file to log keystrokes.

Defs were updated on my return from holiday on 29/11.
Said email was received yesterday.
Just downloaded another update though. :)

TR4A, thanks for the "heads-up" on Kdll.dll. Sure enough it was right there in C:\Windows\System created at the time of the offending Virus download. However it seemed not to have been modified afterwards.

Have suitably hidden it in case Windows wants it back for some reason.