How to Remove BadTrans - Delete BadTrans.a, BadTrans.b, INETD.EXE, KERN32.EXE, KERNEL32.EXE



	Spyware Doctor
	PestPatrol Anti-Spyware
	WinTasks 5 Pro
	McAfee VirusScan
	WebMail Spy
	Panda Antivirus + Firewall 2007
	BPS Adware and Spyware Remover
	X-Cleaner
	iSpyNOW
	Smart Protector Pro
	Anti-Keylogger CE
	BlazingTools Perfect Keylogger
	SpeedUpMyPC



	Anti-Keylogger
	Anti-Spam
	Anti-Virus
	Online Privacy
	PC Monitoring
	Personal Firewall
	Spyware Remover
	System Tool



	How to Detect and Remove eUniverse Hijacker
	How to Detect and Remove CoolWebSearch Hijacker
	How to Detect and Remove NetSky.P Worm Virus
	How to Detect and Remove MoneyTree Dialer
	How to Detect and Remove n-NASE Adware
	How to Detect and Remove Spector Keylogger
	How to Detect and Remove SDBot Backdoor
	How to Detect and Remove CnsMin Hijacker
	How to Detect and Remove Web_Rebates Adware
	How to Detect and Remove TV Media Display Adware

Home » Articles » Removal Instructions for Trojans » BadTrans

Removal Instructions for BadTrans

About BadTrans

Badtrans.a details:
This mass mailing worm attempts to send itself using Microsoft Outlook by replying to unread email messages. It also drops a remote access trojan

Badtrans.b details:
This mass mailing worm attempts to send itself using Microsoft Outlook by replying to unread and read email messages. It also mails itself to email addresses found within files that exist on your system. It drops a keylogging trojan into the SYSTEM directory as KDLL.DLL. This trojan logs keystrokes for the purpose of stealing personal information (such as credit card and bank account numbers and passwords). This information is later emailed to the virus author(s).

Removal Instructions

Automatic Removal:

BadTrans can be detected and removed Automatically by McAfee VirusScan.

Manual Removal:

Windows 95/98/ME

Restart Windows in Safe Mode (reboot your computer, just before the large WINDOWS startup screen comes up, hit the F5 key). You can recognize that you're in Safe Mode by the text Safe Mode in the 4 corners of the desktop.
Click START | RUN, type %WINDIR% and hit ENTER
Delete the INETD.EXE file (if present)
Click START | RUN, type %WINDIR%\SYSTEM and hit ENTER
Delete the following files (if they exist):
Click START | RUN, type REGEDIT and hit ENTER
Click the (+) next to HKEY_LOCAL_MACHINE
Click the (+) next to SOFTWARE
Click the (+) next to MICROSOFT
Click the (+) next to WINDOWS
Click the (+) next to CURRENTVERSION
Click RUNONCE
Click on KERNEL32 on the right and hit DELETE on the keyboard
Restart the computer

Windows NT/2000/XP

Type CTRL-ALT-DEL at the same time
Choose TASK MANAGER and then choose the PROCESS tab
Locate the KERNEL32.EXE process, click it, and choose END PROCESS
Click START | RUN, type %WINDIR% and hit ENTER
Delete the INETD.EXE file (if present)
Click START | RUN, type %WINDIR%\SYSTEM32 and hit ENTER
Delete the following files (if they exist):
Click START | RUN, type REGEDIT and hit ENTER
Click the (+) next to HKEY_CURRENT_USER
Click the (+) next to SOFTWARE
Click the (+) next to MICROSOFT
Click the (+) next to WINDOWS NT
Click the (+) next to WINDOWS
If INETD.EXE is found on the right panel, Double Click on RUN on the right and delete the INETD.EXE value