It sends itself from an affected computer to all the senders of the e-mail messages marked as unread. It displays a false error message on screen when the infected file is run.

Windows XP/2000/NT/ME/98/95

Badtrans is a worm that reaches computers in a file with a PIF or SCR extension attached to an e-mail message, which appears to be a reply to a previously sent e-mail message. When the recipient opens the message and runs the attached file, the computer will be affected.

The danger of Badtrans lies in the following:

• It activates whenever the computer is started up.
• It has a high capacity to spread by camouflaging itself.

When Badtrans affects a computer, it replies to all the e-mail messages marked as unread. By doing this, it tricks the recipients into believing that they have received a reply to a message that they have sent.

The file that carries Badtrans avoids arousing suspicion by displaying a message that tricks the user into thinking that it is corrupt:

File data corrupt: probably due to bad data transmission or bad disk access.

A clear indication that you have received Badtrans is a reply to a previously sent message that includes an attachment with a PIF or SCR extension.

When the infected file is run, Badtrans displays an error message that informs the user that the file is corrupt. It displays this message in order to go unnoticed, as the file is not corrupt and carries out its infection.