Bagel AC virus strangeness on W2003

  • Thread starter Thread starter Peter Lawton
  • Start date Start date
P

Peter Lawton

I've just had a number of viruses appear in email that Symantec AV didn't
catch, it turns out from trend that it's Bagel.AC virus

It comes in a .ZIP file with "price" in the name

If you open the .ZIP file on a machine with WinZIP installed you see:-

price.html 1086 bytes
price.exe 14818 bytes (hidden)

However if you open it with the built in W2003 compressed folder support you
get:-

price.html 1086 bytes and

a 0 byte folder called "price"

It's very worrying that an EXE file can appear as an ordinary folder with no
extension.

I'd already set our W2003 Terminal Servers to display hidden files and to
display the .ZIP extensions for safety, anyone any idea how the virus is
hiding the .EXE extension and how I could get W2003 to display it?

Thanks
 
There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

You mean W32/Bagle.aq!zip Bagle.ac is old and SAV/NAV would have caught it.

Dave





| I've just had a number of viruses appear in email that Symantec AV didn't
| catch, it turns out from trend that it's Bagel.AC virus
|
| It comes in a .ZIP file with "price" in the name
|
| If you open the .ZIP file on a machine with WinZIP installed you see:-
|
| price.html 1086 bytes
| price.exe 14818 bytes (hidden)
|
| However if you open it with the built in W2003 compressed folder support you
| get:-
|
| price.html 1086 bytes and
|
| a 0 byte folder called "price"
|
| It's very worrying that an EXE file can appear as an ordinary folder with no
| extension.
|
| I'd already set our W2003 Terminal Servers to display hidden files and to
| display the .ZIP extensions for safety, anyone any idea how the virus is
| hiding the .EXE extension and how I could get W2003 to display it?
|
| Thanks
|
|
 
No, I mean W2003 is displaying a .EXE file within a .ZIP file as a folder
without an extension - why I'm asking here is not really to do with the
virus at all, it's to do with how Windows 2003 displays the contents of
compressed folders.

AV groups aren't going to tell me how to change W2003 registry to display
all the extensions properly within a compressed folder.

Thanks
 
Back
Top