THIS IS A TEXT-ONLY EXCERPT FROM: http://vil.mcafee.com/dispVirus.asp?virus_k=99069& Please visit that link for a full description of the BadTrans virus. WINDOWS 95/98/ME Restart Windows in Safe Mode (reboot your computer, just before the large WINDOWS startup screen comes up, hit the F5 key). You can recognize that you're in Safe Mode by the text Safe Mode in the 4 corners of the desktop. Click START | RUN, type %WINDIR% and hit ENTER Delete the INETD.EXE file (if present) Click START | RUN, type %WINDIR%\SYSTEM and hit ENTER Delete the following files (if they exist): KERN32.EXE KERNEL32.EXE KDLL.DLL HKSDLL.DLL Click START | RUN, type REGEDIT and hit ENTER Click the (+) next to HKEY_LOCAL_MACHINE Click the (+) next to SOFTWARE Click the (+) next to MICROSOFT Click the (+) next to WINDOWS Click the (+) next to CURRENTVERSION Click RUNONCE Click on KERNEL32 on the right and hit DELETE on the keyboard Restart the computer WINDOWS NT/2000/XP Type CTRL-ALT-DEL at the same time Choose TASK MANAGER and then choose the PROCESS tab Locate the KERNEL32.EXE process, click it, and choose END PROCESS Click START | RUN, type %WINDIR% and hit ENTER Delete the INETD.EXE file (if present) Click START | RUN, type %WINDIR%\SYSTEM32 and hit ENTER Delete the following files (if they exist): KERN32.EXE KERNEL32.EXE KDLL.DLL HKSDLL.DLL Click START | RUN, type REGEDIT and hit ENTER Click the (+) next to HKEY_CURRENT_USER Click the (+) next to SOFTWARE Click the (+) next to MICROSOFT Click the (+) next to WINDOWS NT Click the (+) next to WINDOWS If INETD.EXE is found on the right panel, Double Click on RUN on the right and delete the INETD.EXE value Additional Windows ME Info: NOTE: Windows ME utilizes a backup utility that backs up selected files automatically to the C:\_Restore folder. This means that an infected file could be stored there as a backup file, and VirusScan will be unable to delete these files. These instructions explain how to remove the infected files from the C:\_Restore folder. Disabling the Restore Utility 1. Right click the My Computer icon on the Desktop. 2. Click on the Performance Tab. 3. Click on the File System button. 4. Click on the Troubleshooting Tab. 5. Put a check mark next to "Disable System Restore". 6. Click the Apply button. 7. Click the Close button. 8. Click the Close button again. 9. You will be prompted to restart the computer. Click Yes. NOTE: The Restore Utility will now be disabled. 10. Restart the computer in Safe Mode. 11. Run a scan with VirusScan to delete all infected files, or browse the the file's located in the C:\_Restore folder and remove the file's. 12. After removing the desired files, restart the computer normally. NOTE: To re-enable the Restore Utility, follow steps 1-9 and on step 5 remove the check mark next to "Disable System Restore". The infected file's are removed and the System Restore is once again active.