[Dshield] [Fwd: File on desktop with tilde character as filename]

richard buster044 at mchsi.com
Fri Jun 6 21:07:20 GMT 2003


Well this sure got my attention; I have had at least eight aneresk labeled files in the last several months, I simply deleted them thinking they were a corrupted file left behind; have ran ad aware pro, evidence elimenator, Norton 2003 pro, and even cleaned system and regestry  of junk, and for the last month have not seen them, also had problems with damn Microsoft data minors, yet I think if I get rid of the Microsoft framework that problem will be solved since I do not use it anyway, I sure would apreciate some one with a little more knowledge than I, prey tell, what the trash files apearing on drsktop might mean, or be caused from. Later
  ----- Original Message ----- 
  From: Johannes B. Ullrich 
  To: list at dshield.org 
  Sent: Thursday, June 05, 2003 10:23 PM
  Subject: [Dshield] [Fwd: File on desktop with tilde character as filename]


  -----Forwarded Message-----

  From: Samuel <samuel at socal.rr.com>
  To: Dshield at Dshield. Org <dshield at dshield.org>
  Subject: File on desktop with tilde character as filename
  Date: 05 Jun 2003 19:03:22 -0700

  Several times I have received spontaneously a file on my Windows desktop
  that has a one-character filename of the tilde character ("~"). The contents
  is binary but when I look at it I can see that it contains email addresses
  from my address book. The first time (on Friday, May 02) I saw it I zipped
  it into a zip file. Since then I have been deleting them when I get them.
  Since the first half of May I did not get any on my desktop but I need to
  search my entire system in case they exist elsewhere. I received another one
  a couple of days ago and I received two today. The first one I received I
  was able to see it appear on the desktop immediately after sending a
  message. So now I am much more suspicious.

  I don't know where it is coming from. I keep my desktop clear enough of
  icons that I notice it quite quickly. I tried to search for information but
  either it is not malicious and there is not information or the use of the
  tilde character makes it difficult to find the information. I assume the use
  of the tilde character is intended to slow us down and if so it is quite
  successful.

  I am using Outlook Express and I have the "Warn me when other applications
  try to send mail as me." option selected on so I hope there has been no
  email sent that I am unaware of.

  As you can see by the signature it adds to messages that I am using AVG for
  virus protection. I obviously need to get something better. However if this
  file is the result of something malicious then I sure want to identify it,
  especially if it is something new.

  I realize this mailing list is not the primary place to report such a thing.
  Where else is a good place to report it and get information about it if it
  is malicious? I should not be spending time on this but that is what
  everyone says, right?



  ---
  Outgoing mail is certified Virus Free.
  Checked by AVG anti-virus system (http://www.grisoft.com).
  Version: 6.0.487 / Virus Database: 286 - Release Date: 6/1/2003
  -- 
  ----------
  Johannes Ullrich
  Internet Storm Center - SANS Institute
  jullrich at sans.org  http://isc.sans.org





More information about the list mailing list