onDvine
Don't Litter. Spay or neuter your pets.
Premium
join:2005-01-29
So. CA, USA
| reply to ptrowski
Re: Mom was not very wise...
Slightly O/T: I Googled ahsanhyd@hotmail to see if anybody else had mentioned problems from that sender (nobody has). Did find a link to your post, less than an hour old. Damn, that's fast!
--
Nobody can bring you peace but yourself. ▪R.W. Emerson |
|
ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
clubs: | Same here...although it did look like it was from India. Hardly one of her friends. Ran it though the online scanners, came up suspicious but not tagged.
Time to sweep her system. |
|
onDvine
Don't Litter. Spay or neuter your pets.
Premium
join:2005-01-29
So. CA, USA
| said by ptrowski  :Same here...although it did look like it was from India. Hardly one of her friends. ... Sorry. Somehow missed the part where you said:
... tried a good search on the IM name ... Hopefully next time she'll pay closer attention to the sender name. Good luck with it.  |
|
ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
clubs:
 ·ViaTalk
 ·AT&T DSL Service
| said by onDvine :said by ptrowski :Same here...although it did look like it was from India. Hardly one of her friends. ... Sorry. Somehow missed the part where you said: ... tried a good search on the IM name ... Hopefully next time she'll pay closer attention to the sender name. Good luck with it. Sorry, I did not mean for that to come out snippy. I was more thinking aloud.
So far nothing has popped up. |
|
onDvine
Don't Litter. Spay or neuter your pets.
Premium
join:2005-01-29
So. CA, USA
edit:
April 8th, @08:35PM
| said by ptrowski :... I did not mean for that to come out snippy. ... It didn't at all.
Mostly I was commenting on how fast your post showed up in Google. Had nothing helpful to contribute. |
|
EGeezer
Summer is passing
Premium
join:2002-08-04
Country!
 ·RoadRunner Cable
·AT&T CallVantage
| reply to ptrowski
said by ptrowski :Same here...although it did look like it was from India. Hardly one of her friends. Ran it though the online scanners, came up suspicious but not tagged. Time to sweep her system. A brief look at the headers and message source will tell you where it came from -
--
Mayors of New York come from nowhere and go nowhere.
Wallace Sayre (apparently, so do governors... ) |
|
ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
clubs: | Hi Geezer, it came across an IM. Would there be headers?
Doc, I ran it through Jotti's and it was suspicious but nothing has been seen before. |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| said by ptrowski :Doc, I ran it through Jotti's and it was suspicious but nothing has been seen before. What was suspicious? That is very vague. Did the scan result say it was a Windows PE file that was renamed or is it actually a real image file just trying to sell something like narcotic pills, stocks, male enhancement capsules or other type garbage?
You can use FileAlyzer to read the beginning of the file to see what it really is.
A Windows PE file will start with:
MZ
While a .GIF Image File will start with:
Gif89
And a .JPG Image File will start with:
ÿØÿà..JFIF
Regards,
Doctor Olds
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
clubs: | I used the two scanners listed in the FAQ here. At this point I ran it through the Tuneup Shredder so I don't have it to scan again. |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| said by ptrowski :I used the two scanners listed in the FAQ here. At this point I ran it through the Tuneup Shredder so I don't have it to scan again. OK, no problem. Get setup for the next time.  FileAlyzer is written by the Spybot Search & Destroy guys. Good Stuff in other words.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
clubs: | Thanks Doc. I ran it though both of them, and it said that is seem suspicious (noticed it was a zip file, and figured at that point I wouild just shred it. |
|
EGeezer
Summer is passing
Premium
join:2002-08-04
Country!
·RoadRunner Cable
·AT&T CallVantage
| said by ptrowski :Thanks Doc. I ran it though both of them, and it said that is seem suspicious (noticed it was a zip file, and figured at that point I wouild just shred it. If the file name was photo001-03-31-2008.jpg.zip , then I have no doubt that it was malware. People don't usually zip up pictures to send them. If they did, I'd expect the filename to be photo001-03-31-2008.zip (without the jpg in it).
Also sorry for confusion, I erroneously assumed it was an email, and don't know how to capture the information from an IM.
--
Mayors of New York come from nowhere and go nowhere.
Wallace Sayre (apparently, so do governors... ) |
|
ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
clubs:
·ViaTalk
·AT&T DSL Service
| said by EGeezer :said by ptrowski :Thanks Doc. I ran it though both of them, and it said that is seem suspicious (noticed it was a zip file, and figured at that point I wouild just shred it. If the file name was photo001-03-31-2008.jpg.zip , then I have no doubt that it was malware. People don't usually zip up pictures to send them. If they did, I'd expect the filename to be photo001-03-31-2008.zip (without the jpg in it). Also sorry for confusion, I erroneously assumed it was an email, and don't know how to capture the information from an IM. It depends on how it was viewed. If it was a folder view, it was ZIP. IF it was the file, it showed as an executable. |
|
EGeezer
Summer is passing
Premium
join:2002-08-04
Country! | So the filename was photo001-03-31-2008.jpg.exe ? If so, malware for sure.. |
|
ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
clubs:
·ViaTalk
·AT&T DSL Service
| said by EGeezer :So the filename was photo001-03-31-2008.jpg.exe ? If so, malware for sure.. Yep, that's what I thought. But it was interesting that none of the scanners seemed to hit it or log it in. |
|
rawwhide
join:2000-09-03
The Moon
clubs:
·AT&T DSL Service
| said by ptrowski :said by EGeezer :So the filename was photo001-03-31-2008.jpg.exe ? If so, malware for sure.. Yep, that's what I thought. But it was interesting that none of the scanners seemed to hit it or log it in. I think we are all still slightly confused here. Are you saying that the file was .zip and within that .zip was an executable named photo001-03-31-2008.jpg.exe or just an image photo001-03-31-2008.jpg?
--
Tin-Foilers Union of America!!
Tin-Foilers Union Local 101... |
|
ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
clubs:
·ViaTalk
·AT&T DSL Service
| said by rawwhide :said by ptrowski :said by EGeezer :So the filename was photo001-03-31-2008.jpg.exe ? If so, malware for sure.. Yep, that's what I thought. But it was interesting that none of the scanners seemed to hit it or log it in. I think we are all still slightly confused here. Are you saying that the file was .zip and within that .zip was an executable named photo001-03-31-2008.jpg.exe or just an image photo001-03-31-2008.jpg? When it was stored in the received folder from MSN messenger, it looked like a zip file. When I copied it to the desktop, it looked like an executable. |
|
rawwhide
join:2000-09-03
The Moon
clubs:
·AT&T DSL Service
| said by ptrowski :MSN messenger All this time I thought it was an AOL or Yahoo instant message. 
--
Tin-Foilers Union of America!!
Tin-Foilers Union Local 101... |
|
rawwhide
join:2000-09-03
The Moon
clubs:
·AT&T DSL Service
edit:
April 9th, @11:32AM
| reply to ptrowski
When you say you copied it you actually copied the zip file or the contents of the zip file? What were the names(including the extensions) of the files before and after this copy?
--
Tin-Foilers Union of America!!
Tin-Foilers Union Local 101... |
|
ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
clubs: | Just the file, I would not open it. |
|
