1. /
  2. Security Response/
  3. W32.Badtrans.B@mm


Risk Level 2: Low

November 24, 2001
February 13, 2007 11:37:49 AM
Also Known As:
I-Worm.BadtransII [KAV], Badtrans.B@mm [Norman], W32/Badtrans.B [Panda], WORM_BADTRANS.B [Trend], W32/Badtrans-B [Sophos], W32/Badtrans.B@mm [F-Secure], W32/BadTrans@MM [McAfee], Win32.Badtrans.29020 [CA], Worm/Badtrans.B [Vexira]
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
CVE References:

Due to a decreased rate of submissions, Symantec Security Response has downgraded the threat level of this worm from Category 3 to Category 2 as of May 5, 2003.

W32.Badtrans.B@mm is a MAPI worm that emails itself out using different file names. It also creates the file \Windows\System\Kdll.dll. It uses functions from this file to log keystrokes.

Antivirus Protection Dates

  • Initial Rapid Release version November 24, 2001
  • Latest Rapid Release version June 24, 2014 revision 006
  • Initial Daily Certified version November 24, 2001
  • Latest Daily Certified version July 19, 2013 revision 002
  • Initial Weekly Certified release date November 24, 2001
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment


  • Wild Level: Medium
  • Number of Infections: More than 1000
  • Number of Sites: More than 10
  • Geographical Distribution: High
  • Threat Containment: Moderate
  • Removal: Moderate


  • Damage Level: Low


  • Distribution Level: High
Writeup By: Peter Ferrie

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report