Active Scan. Scan your PC free
Download Cloud Antivirus Gratis

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.


Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:Badtrans
Technical name:W32/Badtrans
Threat level:Low
Alias:Badtrans.A, I-Worm.BadTrans, Badtrans@MM, W32/Badtrans@MM

It sends itself from an affected computer to all the senders of the e-mail messages marked as unread. It displays a false error message on screen when the infected file is run.

Affected platforms:

Windows XP/2000/NT/ME/98/95

Detection updated on:Nov. 13, 2002
Proactive protection:
Yes, using TruPrevent Technologies
Repair utility:Panda QuickRemover

Brief Description 


Badtrans is a worm that reaches computers in a file with a PIF or SCR extension attached to an e-mail message, which appears to be a reply to a previously sent e-mail message. When the recipient opens the message and runs the attached file, the computer will be affected.

The danger of Badtrans lies in the following:

  • It activates whenever the computer is started up.
  • It has a high capacity to spread by camouflaging itself.

When Badtrans affects a computer, it replies to all the e-mail messages marked as unread. By doing this, it tricks the recipients into believing that they have received a reply to a message that they have sent.

The file that carries Badtrans avoids arousing suspicion by displaying a message that tricks the user into thinking that it is corrupt:

File data corrupt: probably due to bad data transmission or bad disk access.

Visible Symptoms 


A clear indication that you have received Badtrans is a reply to a previously sent message that includes an attachment with a PIF or SCR extension.

When the infected file is run, Badtrans displays an error message that informs the user that the file is corrupt. It displays this message in order to go unnoticed, as the file is not corrupt and carries out its infection.