Email Harvesting virus?

["Joel R. Helgeson" <joel () helgeson com>]

I came across an intersting event today. I haven't been able to research it as much as I'd like, but I'd like to toss 
it out to the community just the same.

A customers machine appears to be infected with some type of malware that apparently harvests email addresses and puts 
them into a file named '~'.  Just the tilde ~, no extention.  This file is created under the C:\Documents and 
Settings\%username%\~.  I have attached a zipped copy of the file for refrence.

I came across the file earlier today, renamed it and copied it off to a keychain USB drive for later analysis. Well, 
the file re-created itself and the malware creating it is not immediately apparent.  I've scanned all the running apps 
but I haven't had much time to investigate.

Any ideas?


Joel R. Helgeson
Director of Networking & Security Services
SymetriQ Corporation

"Give a man fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life."

Attachment: ~.zip
Description: