G
Guest
Does anyone know what the "~" file is? It keeps appearing on my desktop every once and awhile. I move it to the recycle bin but am afraid to empty it.......any ideas??
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
D
David H. Lipman
Its a bug in Outlook Express. It is a copy of your Windows Address Book. If you rename it
to TEST.WAB you can open it and see your addressbook.
You can delete it.
Dave
| Does anyone know what the "~" file is? It keeps appearing on my desktop every once and
awhile. I move it to the recycle bin but am afraid to empty it.......any ideas??
|
to TEST.WAB you can open it and see your addressbook.
You can delete it.
Dave
| Does anyone know what the "~" file is? It keeps appearing on my desktop every once and
awhile. I move it to the recycle bin but am afraid to empty it.......any ideas??
|
M
Michael Solomon \(MS-MVP Windows Shell/User\)
First, be sure your antivirus software has the latest definitions and run a
virus scan.
Second, download, install and run Ad Aware:
www.lavasoftusa.com
Note: you should always be well backed up before running an application of
this type.
virus scan.
Second, download, install and run Ad Aware:
www.lavasoftusa.com
Note: you should always be well backed up before running an application of
this type.
D
David H. Lipman
As a virus, worm or Trojan, what can an extentionless, single character named, file do ?
How would it infect a platform ?
Dave
| First, be sure your antivirus software has the latest definitions and run a
| virus scan.
|
| Second, download, install and run Ad Aware:
| www.lavasoftusa.com
| Note: you should always be well backed up before running an application of
| this type.
|
|
| --
| Michael Solomon MS-MVP
| Windows Shell/User
| Backup is a PC User's Best Friend
| DTS-L.Org: http://www.dts-l.org/
|
| | > Does anyone know what the "~" file is? It keeps appearing on my desktop
| > every once and awhile. I move it to the recycle bin but am afraid to
| > empty it.......any ideas??
| >
|
|
How would it infect a platform ?
Dave
| First, be sure your antivirus software has the latest definitions and run a
| virus scan.
|
| Second, download, install and run Ad Aware:
| www.lavasoftusa.com
| Note: you should always be well backed up before running an application of
| this type.
|
|
| --
| Michael Solomon MS-MVP
| Windows Shell/User
| Backup is a PC User's Best Friend
| DTS-L.Org: http://www.dts-l.org/
|
| | > Does anyone know what the "~" file is? It keeps appearing on my desktop
| > every once and awhile. I move it to the recycle bin but am afraid to
| > empty it.......any ideas??
| >
|
|
M
monty
Great question. I get this on my desk too.
D
David H. Lipman
Monty:
I was being facetious with him. In that form even a virus would be benign. There are NO
viruses or Trojans that use a disk file that has no extension. Worms don't necessarily use
disk files, they use network protocols (and maybe a disk file as well as many have multiple
infection methods). Certain exploits like MIME use email as the conveyance.
If you rename the file to TEST.WAB you will see it is a copy of your Windows Address Book.
It is a bug in OE that produces this. Just delete it.
Dave
| Great question. I get this on my desk too.
| | > As a virus, worm or Trojan, what can an extentionless, single character
| named, file do ?
| >
| > How would it infect a platform ?
| >
| > Dave
| >
| >
| >
| message
| > | > | First, be sure your antivirus software has the latest definitions and
| run a
| > | virus scan.
| > |
| > | Second, download, install and run Ad Aware:
| > | www.lavasoftusa.com
| > | Note: you should always be well backed up before running an application
| of
| > | this type.
| > |
| > |
| > | --
| > | Michael Solomon MS-MVP
| > | Windows Shell/User
| > | Backup is a PC User's Best Friend
| > | DTS-L.Org: http://www.dts-l.org/
| > |
| > | | > | > Does anyone know what the "~" file is? It keeps appearing on my
| desktop
| > | > every once and awhile. I move it to the recycle bin but am afraid to
| > | > empty it.......any ideas??
| > | >
| > |
| > |
| >
| >
|
|
I was being facetious with him. In that form even a virus would be benign. There are NO
viruses or Trojans that use a disk file that has no extension. Worms don't necessarily use
disk files, they use network protocols (and maybe a disk file as well as many have multiple
infection methods). Certain exploits like MIME use email as the conveyance.
If you rename the file to TEST.WAB you will see it is a copy of your Windows Address Book.
It is a bug in OE that produces this. Just delete it.
Dave
| Great question. I get this on my desk too.
| | > As a virus, worm or Trojan, what can an extentionless, single character
| named, file do ?
| >
| > How would it infect a platform ?
| >
| > Dave
| >
| >
| >
| message
| > | > | First, be sure your antivirus software has the latest definitions and
| run a
| > | virus scan.
| > |
| > | Second, download, install and run Ad Aware:
| > | www.lavasoftusa.com
| > | Note: you should always be well backed up before running an application
| of
| > | this type.
| > |
| > |
| > | --
| > | Michael Solomon MS-MVP
| > | Windows Shell/User
| > | Backup is a PC User's Best Friend
| > | DTS-L.Org: http://www.dts-l.org/
| > |
| > | | > | > Does anyone know what the "~" file is? It keeps appearing on my
| desktop
| > | > every once and awhile. I move it to the recycle bin but am afraid to
| > | > empty it.......any ideas??
| > | >
| > |
| > |
| >
| >
|
|
M
Michael Solomon \(MS-MVP Windows Shell/User\)
If I see something of this nature, I'm inclined to have them run a scan as
sometimes the sudden appearance of such files is an indication of something
else going on. Perhaps the file itself is harmless but it may have been
deposited by something that is recognized by Ad Aware. By the same token,
some antivirus programs now have the capability of picking up adware, hence,
from my perspective it doesn't hurt to run both.
sometimes the sudden appearance of such files is an indication of something
else going on. Perhaps the file itself is harmless but it may have been
deposited by something that is recognized by Ad Aware. By the same token,
some antivirus programs now have the capability of picking up adware, hence,
from my perspective it doesn't hurt to run both.
T
TheCrewser
And I had the same suspicion...about a year ago when the first of
about 10,000 posts concerning this issue surfaced. This is a long
standing and very well known Outlook Express bug at this point.
Just a thought...
GLCrews,MCP
about 10,000 posts concerning this issue surfaced. This is a long
standing and very well known Outlook Express bug at this point.
Just a thought...
GLCrews,MCP
M
Michael Solomon \(MS-MVP Windows Shell/User\)
I appreciate the information.
A year ago at this time, I was offline caring for my mother who was quite
ill with bladder cancer and passed away in March of last year. Hence, I
missed all the excitement. I did not return to full time action on these
boards until June of last year.
That said, would it not be possible for someone to exploit that little bug
or knowing that such a bug exists to come up with a script that might just
deposit such a file on the desktop, just to be annoying as is the case for
many script kiddies?
A year ago at this time, I was offline caring for my mother who was quite
ill with bladder cancer and passed away in March of last year. Hence, I
missed all the excitement. I did not return to full time action on these
boards until June of last year.
That said, would it not be possible for someone to exploit that little bug
or knowing that such a bug exists to come up with a script that might just
deposit such a file on the desktop, just to be annoying as is the case for
many script kiddies?
D
David H. Lipman
How could one exploit a single character, extentionless, disk file ?
There is NO association to an extentionless file.
It's like getting a car with no wheels or steering wheel. Your just not getting anywhere
with it.
Dave
| I appreciate the information.
|
| A year ago at this time, I was offline caring for my mother who was quite
| ill with bladder cancer and passed away in March of last year. Hence, I
| missed all the excitement. I did not return to full time action on these
| boards until June of last year.
|
| That said, would it not be possible for someone to exploit that little bug
| or knowing that such a bug exists to come up with a script that might just
| deposit such a file on the desktop, just to be annoying as is the case for
| many script kiddies?
|
| --
| Michael Solomon MS-MVP
| Windows Shell/User
| Backup is a PC User's Best Friend
| DTS-L.Org: http://www.dts-l.org/
|
| | > And I had the same suspicion...about a year ago when the first of
| > about 10,000 posts concerning this issue surfaced. This is a long
| > standing and very well known Outlook Express bug at this point.
| >
| > Just a thought...
| >
| > GLCrews,MCP
| >
| >
| > On Mon, 19 Jan 2004 18:50:48 -0800, "Michael Solomon \(MS-MVP Windows
| >
| >>If I see something of this nature, I'm inclined to have them run a scan as
| >>sometimes the sudden appearance of such files is an indication of
| >>something
| >>else going on. Perhaps the file itself is harmless but it may have been
| >>deposited by something that is recognized by Ad Aware. By the same token,
| >>some antivirus programs now have the capability of picking up adware,
| >>hence,
| >>from my perspective it doesn't hurt to run both.
| >
|
|
There is NO association to an extentionless file.
It's like getting a car with no wheels or steering wheel. Your just not getting anywhere
with it.
Dave
| I appreciate the information.
|
| A year ago at this time, I was offline caring for my mother who was quite
| ill with bladder cancer and passed away in March of last year. Hence, I
| missed all the excitement. I did not return to full time action on these
| boards until June of last year.
|
| That said, would it not be possible for someone to exploit that little bug
| or knowing that such a bug exists to come up with a script that might just
| deposit such a file on the desktop, just to be annoying as is the case for
| many script kiddies?
|
| --
| Michael Solomon MS-MVP
| Windows Shell/User
| Backup is a PC User's Best Friend
| DTS-L.Org: http://www.dts-l.org/
|
| | > And I had the same suspicion...about a year ago when the first of
| > about 10,000 posts concerning this issue surfaced. This is a long
| > standing and very well known Outlook Express bug at this point.
| >
| > Just a thought...
| >
| > GLCrews,MCP
| >
| >
| > On Mon, 19 Jan 2004 18:50:48 -0800, "Michael Solomon \(MS-MVP Windows
| >
| >>If I see something of this nature, I'm inclined to have them run a scan as
| >>sometimes the sudden appearance of such files is an indication of
| >>something
| >>else going on. Perhaps the file itself is harmless but it may have been
| >>deposited by something that is recognized by Ad Aware. By the same token,
| >>some antivirus programs now have the capability of picking up adware,
| >>hence,
| >>from my perspective it doesn't hurt to run both.
| >
|
|
D
David Candy
If it can deposit files on the desktop it can get itself executed. Just create a file extension for . (a single dot) and set it's default open command to "%1". If the file is an executable (of any type) internally it will run.
Or create a shortcut. The extension is always hidden.
Or create a shortcut. The extension is always hidden.
D
David H. Lipman
Then a virus helper application would have do this but the helper application could have
done the infecting itself so why bother ? And since it is a remnant of the WAB it is NOT an
executable so again why would it be a target of a VXer ?
Dave
If it can deposit files on the desktop it can get itself executed. Just create a file
extension for . (a single dot) and set it's default open command to "%1". If the file is an
executable (of any type) internally it will run.
Or create a shortcut. The extension is always hidden.
done the infecting itself so why bother ? And since it is a remnant of the WAB it is NOT an
executable so again why would it be a target of a VXer ?
Dave
If it can deposit files on the desktop it can get itself executed. Just create a file
extension for . (a single dot) and set it's default open command to "%1". If the file is an
executable (of any type) internally it will run.
Or create a shortcut. The extension is always hidden.
M
Michael Solomon \(MS-MVP Windows Shell/User\)
All very true except it doesn't speak to the possibility that the sudden
appearance of such a file, though in this case apparently the result of a
previously identified OE bug could be the result of a virus or some scumware
running on the system. Your response, misleads people into thinking that
such things can or should be ignored. Also, as I pointed out, elsewhere in
this thread, it's not out of the realm of possibility that some script
kiddie would create something of this nature just to be annoying or someone
else use the bug as something to be exploited. The file is harmless but
seeing something unusual such as this should be a warning to users to scan
their systems and to be cautious.
appearance of such a file, though in this case apparently the result of a
previously identified OE bug could be the result of a virus or some scumware
running on the system. Your response, misleads people into thinking that
such things can or should be ignored. Also, as I pointed out, elsewhere in
this thread, it's not out of the realm of possibility that some script
kiddie would create something of this nature just to be annoying or someone
else use the bug as something to be exploited. The file is harmless but
seeing something unusual such as this should be a warning to users to scan
their systems and to be cautious.
C
cquirke (MVP Win9x)
"David Candy" <[email protected]> wrote in message news:[email protected]...
....were discussing the " ~ on the desktop" issue, and missing the
malware significance of this.
Firstly, the cause isn't malware, it's the result of a buggy bug-fix
from MS that is now around six months old. The new code fails to name
the temp backup of the address book properly, so it's saved in the
"current directory" with the name ~ (no extension).
The malware significance of this very well-known behavious is that
instead of having to locate an address book file of unknown name in a
location that has a complicated CLSID-style name, the same data may be
available as a file that is always called ~ and is always in a
guessable location. Far easier to reach from all those "attacker has
to know name and location" holes; no registry lookup needed.
That's why I do NOT see this as "harmless", and am unimpressed that
this security issue has remained unfixed to date.
Dreams are stack dumps of the soul--------------- ----- ---- --- -- - - -
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.