Neteller has infected email system

Discussion in 'Credit Talk' started by breeze, Jun 3, 2001.

  1. breeze

    breeze Well-Known Member

    I was trying out their site, wrote to CS, got badtrans32@MM for an answer!!

    Hmmm...not sure I want to do business at a commercial site that let their email get infected. I mean, you have to be really dumb to open the file without scanning it first. Wonder what else they do dumb?

  2. breeze

    breeze Well-Known Member

    Would one of you tech folks tell me if that w32/BadTrans trojan can steal the financial information on that site?? Seriously, they have my bank acct number stored there.



    GEORGE Well-Known Member

    I'M NO COMPUTER EXPERT...but what I have herd is an E-MAIL virus seeks to find all your E-MAIL addresses you have on your computer, and sends the infected stuff to everyone you know...I think it is addressed with your name on it...
  4. breeze

    breeze Well-Known Member

    This one steals information from the system it is infecting. It didn't get me - I didn't open the file.

  5. Nave

    Nave Well-Known Member

    Someone on their end must have the virus and edited or created the document you requested (or the default CS response doc). This virus can steal or leach info (IP address and password etc) and will send it back to the author. I would notify the company that they have a problem which may be serious. It is a good thing you did not open the document.

    Here is information from


    Once running, the trojan attempts to mail the victim's IP Address to the author. Once this information is obtained, the author can connect to the infected system via the Internet and steal personal information such as usernames, and passwords. In addition, the trojan also contains a keylogger program which is capable of capturing other vital information such as credit card and bank account numbers and passwords.
  6. breeze

    breeze Well-Known Member

    Thanks Nave. Yeah, it's looks like it's on one of the workstations - return address was csr2.

    I emailed their admin, and the contact for telus -

    I had the stupid thing a few aweeks ago - I got it the day after it came out - in an email from someone I know, of course. :) It was so new, I hadn't updated my virus software. I updated, of course, when I discovered what it was, but that kern32 thingy, I had to delete in DOS mode.

    I don't have outlook set up with an email server, so I don't think it could do it's thing.

    These guys are running NT servers (I got DaveLV on yahoo a few minutes ago). I think he's right when he says not do deal with them. Their security is pretty lax if they haven't updated their virus software since April.

    I just want to get my info off their site!!

    I will call them tomorrow and tell them to delete it all - they don't have any way for a customer to delete info, or it would be gone already.

  7. bbauer

    bbauer Banned


    I just checked and I have a kernel32.dll and two other files named kernel32.dl_. Those last two are just files that have not been expanded into the full .dll files, of course, but do those files connected to the virus or are they for something else?

    In otherwords, given those 3 files, is it likely that I have the virus or not?

    I only used the find files in windows to search, but I have a dos program named or .exe that finds even hidden directories and files as well as an old, old DS program that finds and deletes stuff that can't be deleted by anything else. When I get down to the rough ones, I use 4dos to do the deletions because it's a lot more capable than standard dos. 4dos will change the attributes on hidden files and directories and delete the changed files and then change the attributes on hidden directories and rd those too then show the tree in graphical format so you can see if you got them all or not, all in one fell swoop.

    Also, 4dos can stack commands endlessly out to 500+ characters long, so you can do an awful lot with one command, then recall that command with the up or down arrow keys and do it again and again. and you sure can't do that in regular dos.
  8. breeze

    breeze Well-Known Member

    Bill, if you have been infected, and you use Norton or MacAfee virus scanners, and they are up to date, they can find it but can't clean it.

    here is the info:

    If you have it, follow the manual cleaning instructions. I could not delete the kern32.exe file because it was "in use by windows" - so had to reboot in DOS mode to delete it.

    The first sympton is people start asking you about an email attachment you sent them that they downloaded but couldn't open.

  9. breeze

    breeze Well-Known Member

    Bill, kern32.dll is not the virus kern32. The virus is kern32.exe

  10. bbauer

    bbauer Banned

    Thanks a lot, Breeze.

    I think I will wait till tonite just before I go to bed and drop to dos and load 4dos and do a

    global /I /h erase /y /s /f /v /w *.??_ command and let it clean off all those unexpanded files on my hard drives. Ought to give me quite a bit more room because there are probably lots of files out there with extensions of .dl_ or whatever that could free up quite a bit of drive space.

    Can you think of any good reasons why I should not do that?
  11. breeze

    breeze Well-Known Member

    None at all. My knowledge of DOS is as extensive as my knowledge of Chinese law. :D

  12. breeze

    breeze Well-Known Member

    Bill, I had to look up how to delete something in DOS. It's been a long time, and I never knew very much anyway.

    I was on AOL when there was only DOS front-end software. Still have it, I think. It's on 2 floppy disks.

  13. GEORGE

    GEORGE Well-Known Member


  14. breeze

    breeze Well-Known Member

    tee hee You silly!

  15. Nave

    Nave Well-Known Member

    YES it's also "those" in Brooklyn-eese :)) (soma dees soma dos whateva yous want)
  16. bbauer

    bbauer Banned

    Dos on 2 floppies would have to be from back about DOS 3.0
    The last version of DOS that came out was 6.22 and it was 5 floppies. Even then, it still could not compare with 4dos for ease of use and versatility.

    For instance, using 4dos, (not to be confused with DOS 4.0) if I really want to get after the deletion process, I will use:

    global /I /h attrib -ahrs *.* ^ global /I /h erase /f /w /x /y /z *.* ^ global /I /h rd *.* ^ tree

    4 separate commands all stacked one after the other. The first one changes all the file and directory attributes to read/write making all the hidden ones readable. Then the second command erases all of them and the 3rd command removes all the directories and the 4th command shows the directory tree so you can see if it really did get them all or not. It usually does not, so you may have to repeat the command several times in order to get the job completely done. When you get done with it, your hard drive is pretty well cleaned out except for the master boot record.

    Pretty neat.
  17. GEORGE

    GEORGE Well-Known Member

    (soma dees soma dos whateva yous want)

  18. breeze

    breeze Well-Known Member


    I meant the AOL program is on 2 disks. Although I do remember DOS 3.0. It was on a radio shack computer that had no hard drive. Had to boot from a floppy. :)

  19. breeze

    breeze Well-Known Member

    Donuts??? What meeting?? Can I come to your meeting, George? Please?

  20. Nave

    Nave Well-Known Member

    Re: Neteller has DONUTS

    Whatever the meeting is about - I'm in...any cinnamon twists? See ya Friday.

Share This Page