[Dshield] [Fwd: File on desktop with tilde character as filename]
buster044 at mchsi.com
Fri Jun 6 21:07:20 GMT 2003
Well this sure got my attention; I have had at least eight aneresk labeled files in the last several months, I simply deleted them thinking they were a corrupted file left behind; have ran ad aware pro, evidence elimenator, Norton 2003 pro, and even cleaned system and regestry of junk, and for the last month have not seen them, also had problems with damn Microsoft data minors, yet I think if I get rid of the Microsoft framework that problem will be solved since I do not use it anyway, I sure would apreciate some one with a little more knowledge than I, prey tell, what the trash files apearing on drsktop might mean, or be caused from. Later
----- Original Message -----
From: Johannes B. Ullrich
To: list at dshield.org
Sent: Thursday, June 05, 2003 10:23 PM
Subject: [Dshield] [Fwd: File on desktop with tilde character as filename]
From: Samuel <samuel at socal.rr.com>
To: Dshield at Dshield. Org <dshield at dshield.org>
Subject: File on desktop with tilde character as filename
Date: 05 Jun 2003 19:03:22 -0700
Several times I have received spontaneously a file on my Windows desktop
that has a one-character filename of the tilde character ("~"). The contents
is binary but when I look at it I can see that it contains email addresses
from my address book. The first time (on Friday, May 02) I saw it I zipped
it into a zip file. Since then I have been deleting them when I get them.
Since the first half of May I did not get any on my desktop but I need to
search my entire system in case they exist elsewhere. I received another one
a couple of days ago and I received two today. The first one I received I
was able to see it appear on the desktop immediately after sending a
message. So now I am much more suspicious.
I don't know where it is coming from. I keep my desktop clear enough of
icons that I notice it quite quickly. I tried to search for information but
either it is not malicious and there is not information or the use of the
tilde character makes it difficult to find the information. I assume the use
of the tilde character is intended to slow us down and if so it is quite
I am using Outlook Express and I have the "Warn me when other applications
try to send mail as me." option selected on so I hope there has been no
email sent that I am unaware of.
As you can see by the signature it adds to messages that I am using AVG for
virus protection. I obviously need to get something better. However if this
file is the result of something malicious then I sure want to identify it,
especially if it is something new.
I realize this mailing list is not the primary place to report such a thing.
Where else is a good place to report it and get information about it if it
is malicious? I should not be spending time on this but that is what
everyone says, right?
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.487 / Virus Database: 286 - Release Date: 6/1/2003
Internet Storm Center - SANS Institute
jullrich at sans.org http://isc.sans.org
More information about the list