[dshield] [Dshield] [Fwd: File on desktop with tilde character as filename]

R Shady RShady at stny.rr.com
Fri Jun 6 11:03:12 GMT 2003

You may want to follow this discussion at: 

Johannes B. Ullrich wrote:

>-----Forwarded Message-----
>From: Samuel <samuel at socal.rr.com>
>To: Dshield at Dshield. Org <dshield at dshield.org>
>Subject: File on desktop with tilde character as filename
>Date: 05 Jun 2003 19:03:22 -0700
>Several times I have received spontaneously a file on my Windows desktop
>that has a one-character filename of the tilde character ("~"). The contents
>is binary but when I look at it I can see that it contains email addresses
>from my address book. The first time (on Friday, May 02) I saw it I zipped
>it into a zip file. Since then I have been deleting them when I get them.
>Since the first half of May I did not get any on my desktop but I need to
>search my entire system in case they exist elsewhere. I received another one
>a couple of days ago and I received two today. The first one I received I
>was able to see it appear on the desktop immediately after sending a
>message. So now I am much more suspicious.
>I don't know where it is coming from. I keep my desktop clear enough of
>icons that I notice it quite quickly. I tried to search for information but
>either it is not malicious and there is not information or the use of the
>tilde character makes it difficult to find the information. I assume the use
>of the tilde character is intended to slow us down and if so it is quite
>I am using Outlook Express and I have the "Warn me when other applications
>try to send mail as me." option selected on so I hope there has been no
>email sent that I am unaware of.
>As you can see by the signature it adds to messages that I am using AVG for
>virus protection. I obviously need to get something better. However if this
>file is the result of something malicious then I sure want to identify it,
>especially if it is something new.
>I realize this mailing list is not the primary place to report such a thing.
>Where else is a good place to report it and get information about it if it
>is malicious? I should not be spending time on this but that is what
>everyone says, right?
>Outgoing mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.487 / Virus Database: 286 - Release Date: 6/1/2003

More information about the list mailing list