Security Incidents mailing list archives
Re: File on desktop called "~"
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 13 Jun 2003 12:35:00 +1300
<rice () up edu> wrote:
I'm starting to see some of my workstations getting a suspicious file on the desktop with the filename ~. Using a hex editor, you can see current email addresses that mail has been sent to. Neither Norton or Sophos detect a problem. Has anyone else seen this or have any infomation about what this might be?
This has been widely reported as a bug shipped in the recent OE cumulative patch announced in MS03-014. Apparently, instead of making backup copies of the address book when entries are to be added or removed to files named something like <username>.WA~ this copy is made to a file named just ~. In some cases -- I've not seen any explanation of the precise circumstances -- this is either made the desktop or a shortcut to it placed there (this confusion probably arises from user reports not being very reliable in such matters).
All workstations are running win2k or winxp. Outlook 2002 is the email app. Task manager on the afflicted machines shows all the same processes of non-afflicted machines.
Is OE not able to be used at all on these machines? A search of Google Groups that turns up many related message threads is: http://groups.google.com/groups?as_q=tilde&safe=images&ie=UTF-8&oe=UTF-8&as_ugroup=*outlookexpress&lr=&num=100&hl=en (URL may wrap) -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- File on desktop called "~" rice (Jun 12)
- Re: File on desktop called "~" Sander van Vliet (Jun 12)
- Re: File on desktop called "~" Patrick Nolan (Jun 13)
- Re: File on desktop called "~" Kurt Seifried (Jun 13)
- Re: File on desktop called "~" Nick FitzGerald (Jun 13)
- RE: File on desktop called "~" David McBeth [VMACS] (Jun 13)
- <Possible follow-ups>
- Re: File on desktop called "~" http-equiv () excite com (Jun 13)
- Re: File on desktop called "~" http-equiv () excite com (Jun 16)
- Re: File on desktop called "~" Sander van Vliet (Jun 12)