SpannerITWks
Premium
join:2005-04-22
| Fun with ( ÿþ ) well sort of ?
The wierdest thing happened to me yesterday, well maybe not The wierdest, but pretty damn wierd lol !
I got an alert from WinPatol, and Only WinPatol, saying on reboot this file - ÿþ - was due for either a NULL or Deletion, it didn't specify which. I quickly copied the file name down + saved it.
Anyways, that's strange i thought, as you would, so i Googled it. The only things that seemed mildy of any worth were connected with CSS + Outlook. Can't imagine what CSS would have to do with anything i had been doing, and i don't use Outlook or Outlook express either, in fact i have always disabled OE on every fresh install.
I did a full on Windows search for - ÿþ - but no show !
So intrigued by this i rebooted, well i couldn't believe what happened, but it did ! I got a Windows Log on PW prompt box ? that i eliminated ages ago on install, so i ESC out of that. Next " nice " surprise, the desktop appears in 680 x 640 mode ? Err, hello what's occurring here then ?
Didn't know to be honest lol, so i thought **** this 4 a lark + restored to a previous known good config. Did nuuuuuuumerous Scans/Searches/ etc etc + nothing dodgy or unusual etc @ all.
Can't say 100% that the - ÿþ - thingy caused this, but i don't know what else it could have been !
What do you make of that then, and does anybody know Anything about that mysterious file - ÿþ - ?
TIA
Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks |
|
onDvine
Premium
join:2005-01-29
So. CA, USA
clubs:
1 edit | I don't know what it might be, Spanner, but since WinPatrol flagged it, you could send a message to Bill (at WinPatrol) and ask for his opinion. He got back to me promptly when I sent a question. |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
 ·Comcast
| reply to SpannerITWks
ÿþ - 4h in Russian?  |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
 ·Verizon Online DSL
 ·Verizon FIOS
| reply to SpannerITWks
"Small y with diaresis, lowercase thorn" is ff fe in hex.
fffe and feff are byte sequence that happens to be used for byte-order detection in unicode text (thus facilitating data exchange between machines with different byte sex).
Looks like some bungled programming around some filename generation.
That doesn't exactly rule out malware, but I don't think the filename was deliberate. If legitimate, it's a lousy choice of name. If the intent is to hide, it's a lousy choice of name. |
|
SpannerITWks
Premium
join:2005-04-22
| reply to SpannerITWks
onDvine
Yes good idea, i'll ask him to take a peek @ this thread.
dadkins
Hmm Rusky ? interesting, hope it's not another " Brick in the Wall " lol.
dave
No connection to another internal PC here, but it could have been an online one i suppose ?
Thanx to all for your insights so far. Any other info would be Very welcome !
Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
·Verizon Online DSL
·Verizon FIOS
| said by SpannerITWks  :Hmm Rusky ? interesting, hope it's not another " Brick in the Wall " lol. Neither of those two characters are Cyrillic, i.e. "Russian". They're both Latin characters, i.e., as used in most Western European languages.
I'm not sure what languages use y-with-diaresis today, but it's just a 'y' with some punctuation on top.
Thorn is used in Icelandic (and old English, come to that). |
|
BillPStudios
Premium
join:2004-04-16
Scotia, NY
| reply to SpannerITWks
Hey Spanner,
As alwaysthank you for your support.
I'm more inclined to think that your ÿþ is just some kind of corruption in either the registry or on the hard drive.
Did you happen to notice if it was located in the Run registry or the Startup?
If you go to the Options page, click on History and it may contain more information.
If all the information isn't displayed you can look at the history file itself.
If you look in the WinPatrol folder there's a text file called "history.txt".
You can open this file with notepad and look at the information on the line with ÿþ you should be able to see if there was a full path or actual file name and also an indication of which Startup entry Scotty found it in.
If you can send a copy of that line from your history.txt file it might help.
Might even post it here so everyone who has offered to help can see what's going on.
Thanks again,
Bill |
|
