ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
clubs: | reply to EGeezer
Re: Mom was not very wise...
Hi Geezer, it came across an IM. Would there be headers?
Doc, I ran it through Jotti's and it was suspicious but nothing has been seen before. |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| said by ptrowski  :Doc, I ran it through Jotti's and it was suspicious but nothing has been seen before. What was suspicious? That is very vague. Did the scan result say it was a Windows PE file that was renamed or is it actually a real image file just trying to sell something like narcotic pills, stocks, male enhancement capsules or other type garbage?
You can use FileAlyzer to read the beginning of the file to see what it really is.
A Windows PE file will start with:
MZ
While a .GIF Image File will start with:
Gif89
And a .JPG Image File will start with:
ÿØÿà..JFIF
Regards,
Doctor Olds
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
clubs: | I used the two scanners listed in the FAQ here. At this point I ran it through the Tuneup Shredder so I don't have it to scan again. |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| said by ptrowski :I used the two scanners listed in the FAQ here. At this point I ran it through the Tuneup Shredder so I don't have it to scan again. OK, no problem. Get setup for the next time.  FileAlyzer is written by the Spybot Search & Destroy guys. Good Stuff in other words.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
clubs: | Thanks Doc. I ran it though both of them, and it said that is seem suspicious (noticed it was a zip file, and figured at that point I wouild just shred it. |
|
EGeezer
Summer is passing
Premium
join:2002-08-04
Country!
 ·RoadRunner Cable
 ·AT&T CallVantage
| said by ptrowski :Thanks Doc. I ran it though both of them, and it said that is seem suspicious (noticed it was a zip file, and figured at that point I wouild just shred it. If the file name was photo001-03-31-2008.jpg.zip , then I have no doubt that it was malware. People don't usually zip up pictures to send them. If they did, I'd expect the filename to be photo001-03-31-2008.zip (without the jpg in it).
Also sorry for confusion, I erroneously assumed it was an email, and don't know how to capture the information from an IM.
--
Mayors of New York come from nowhere and go nowhere.
Wallace Sayre (apparently, so do governors... ) |
|
ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
clubs:
 ·AT&T DSL Service
·ViaTalk
| said by EGeezer :said by ptrowski :Thanks Doc. I ran it though both of them, and it said that is seem suspicious (noticed it was a zip file, and figured at that point I wouild just shred it. If the file name was photo001-03-31-2008.jpg.zip , then I have no doubt that it was malware. People don't usually zip up pictures to send them. If they did, I'd expect the filename to be photo001-03-31-2008.zip (without the jpg in it). Also sorry for confusion, I erroneously assumed it was an email, and don't know how to capture the information from an IM. It depends on how it was viewed. If it was a folder view, it was ZIP. IF it was the file, it showed as an executable. |
|
EGeezer
Summer is passing
Premium
join:2002-08-04
Country! | So the filename was photo001-03-31-2008.jpg.exe ? If so, malware for sure.. |
|
ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
clubs:
·AT&T DSL Service
·ViaTalk
| said by EGeezer :So the filename was photo001-03-31-2008.jpg.exe ? If so, malware for sure.. Yep, that's what I thought. But it was interesting that none of the scanners seemed to hit it or log it in. |
|
rawwhide
join:2000-09-03
The Moon
clubs:
·AT&T DSL Service
| said by ptrowski :said by EGeezer :So the filename was photo001-03-31-2008.jpg.exe ? If so, malware for sure.. Yep, that's what I thought. But it was interesting that none of the scanners seemed to hit it or log it in. I think we are all still slightly confused here. Are you saying that the file was .zip and within that .zip was an executable named photo001-03-31-2008.jpg.exe or just an image photo001-03-31-2008.jpg?
--
Tin-Foilers Union of America!!
Tin-Foilers Union Local 101... |
|
ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
clubs:
·AT&T DSL Service
·ViaTalk
| said by rawwhide :said by ptrowski :said by EGeezer :So the filename was photo001-03-31-2008.jpg.exe ? If so, malware for sure.. Yep, that's what I thought. But it was interesting that none of the scanners seemed to hit it or log it in. I think we are all still slightly confused here. Are you saying that the file was .zip and within that .zip was an executable named photo001-03-31-2008.jpg.exe or just an image photo001-03-31-2008.jpg? When it was stored in the received folder from MSN messenger, it looked like a zip file. When I copied it to the desktop, it looked like an executable. |
|
rawwhide
join:2000-09-03
The Moon
clubs:
·AT&T DSL Service
| said by ptrowski :MSN messenger All this time I thought it was an AOL or Yahoo instant message. 
--
Tin-Foilers Union of America!!
Tin-Foilers Union Local 101... |
|
rawwhide
join:2000-09-03
The Moon
clubs:
·AT&T DSL Service
edit:
April 9th, @11:32AM
| reply to ptrowski
When you say you copied it you actually copied the zip file or the contents of the zip file? What were the names(including the extensions) of the files before and after this copy?
--
Tin-Foilers Union of America!!
Tin-Foilers Union Local 101... |
|
ptrowski
Got Helix?
Premium
join:2005-03-14
Putnam, CT
clubs: | Just the file, I would not open it. |
|
