I've received this file 3 times this week from people I don't know:

Content-Disposition: attachment; filename="Fw VIRUS WARNING!!!!!!! Very Important Please Read.20338DEFANGED-eml"

On one "DEFANGED" attachement it came over as "DEFANGED.EXE"

Anyone know what this is? I scanned the attachments with Innoculate and no virus was reported. I still have not opened it.

Lawyers are by nature or training very sceptical :-)) Are you telling me you do not trust InnoculateIt that is so strongly recommended by all the gurus on this site !? Your 'alert' could be a version of the other ' long file name deleter'- See post by HAL2000. Go on, be brave, open it !

Could be a worm. Old and renamed or brand new. Could be a program that simply deletes your disk. If you do not know the sender and why it was sent it would be stupid to open it.

When I was selling music stuff on eBay and posting on music related newsgroups, I used to receive such e-mails almost every week or even often.
After first, I didn't even bother to scan with InoculateIT, just deleted.
Prolly some kids on AOHell playing.

If you get .EXE(or .SCR) from someone you don't know- just delete e-mail

Originally posted by Parangles
Go on, be brave, open it !

Now we know how new virii propagate!!!!


As was mentioned before, if you dont know trash it. If you dont know the person who sent it, all the more reason to. If u do and are expecting an email.. enquire before trashing, meanwhile quarantine it.

Maybe one of you could give us a quick lesson on virii, versus trojans and worms etc. I do not, and have not opened any email in the past 15 years if I don't know the sender. While trying to be lightharted about the matter, I am serious about InnoculateIt. If the consensus is that testing with any antivirus program is not to be trusted then please tell us and I will stop wasting precious time using any.:confused:

Sorry abt the blunt statement... but here's the thing .. preventing virii & other infections is not about blindly trusting any piece of code to be the end all and be all of all protection. It involves some basic common sense coupled with it. How do you suppose that CERT puts out advisories of vulnerabilities and of infections or how do you think antivirus corps put out pattern updates. It surely doesnt work out that the coder of the virus send a mail to these guys telling them of impending infections (no that only works in the case of terrorist bombings), someone has to get an infection or someone has to get hacked before it is caught and then a cure can be made.
The same can be said of false positives. people have to realize that a particualr file that was IDed as a virus by scans for it not to be a virus, only then do antivirus firms confirm it and then change their heuristics to account for that software as not being detected by a virus.

In addition there are other intangbles to not trusting just an antivirus telling u that a file you dont expect/recognize.. things like, the pattern file u are using could be old.. it is a polymorphic virus that has already changed .....


Basically any piece of malignant code can be termed a virus. A trojan is not necessarily malignant code .. it is (from Greek Heroic Legend) a "backdoor" to a system where none should exist. It could either be propagated separately, or it could be a known software that has an entry that the client is not aware of. A worm is not necessarily a standalone executable, it is more of a macro virus that invokes other components to either propagate itself or to execute.



Originally posted by Parangles
Maybe one of you could give us a quick lesson on virii, versus trojans and worms etc. I do not, and have not opened any email in the past 15 years if I don't know the sender. While trying to be lightharted about the matter, I am serious about InnoculateIt. If the consensus is that testing with any antivirus program is not to be trusted then please tell us and I will stop wasting precious time using any.:confused:

I like to play a bit, so whenever I get an e-mail attachment that I don't know what it is, I forward it to a second e-mail address that I retrieve on an old 486. This is just a junk machine that was given to me, so I could care less if the OS gets nuked since that and my e-mail client are the only things on it. It doesn't have a flash BIOS, so no worries there. I download the file, check it out, and yes, have received many viruses, trojans, etc, but have also recieved many amusing videos, audio clips, etc.

For those of you "in the dark", there are only a couple of ways you can get a virus or trojan.
First, it must be an executable file of some sort, not just .exe but things that masquerade as .scr .jpg .gif .avi .mpg may NOT really be what they purport to be.
You need to "see" the WHOLE filename to be sure what it is.
A couple of ways to do that:
Open a DOS box, and do a "dir" on the folder that contains the questionable attachment/file, is the easiest.
If it ends in .vbs or .exe (the filename may be something like brittneyspears.jpg when viewed in Outlook, but in DOS, it's brittneyspears.jpg.vbs or brittneyspears.avi.exe), it's time to get suspicious.
One can also "bury" and executable in HTML code, but that's a whole 'nother topic.
There ARE good files that end in .vbs (my little freemem prog is one), but the infamous Melissa is also a .vbs script.

Thanks guys ! Saved/filed it all to be digested later.

Analogies are the refuge of the ignorant like me! I read the detailed explanations (Thanks!) and have come up with the following after seeing a re run of 'Witness' with Harrison Ford and the Amish kid last night. Criminals (and virii ?) are identified in two major ways a)By looking at 'Mug Shots " ie Photos of known criminals that have committed similar crimes in the past. b) by the much maligned ( but effective ?)'profiling'. ie if you see eight 4Ft 3inch guys all with lumber jack shirts and caps on backways riding in one car then they may likely will be some (otherwise decent, hardworking) Mexicans with no work permits on their way to work in LA. Does this summarise it? A bit oversimplistic, but I have a better understanding.ie. Virus detection programs can only detect virii after they have been incorporated in an anti Virus program.
Therefore- I may start to send suspicious stuff over to my Classic pentium as Hal2000 says, and let them do their worst. But I love it so much !! Its like new-I couldn't bear to see it hurt. :D Anyway 'Bulk pick up Day' is coming in a
few weeks and you would be amazed to see the computers people leave on the sidewalk for garbage in this neighbourhood.Maybe pick up another for just that.
Never had a virus in my life. Luck and caution maybe.
Later.

Ps- second time tonight the post reply page has expired and I have had to copy-paste message into a new page. I reported this months ago :mad:

The chances are VERY VERY slim that you will indeed get a virus that wasnt out in the wild and for which a database / incident report hasnt been created. Actually even most hoaxes are documented. Instead of wrecking a computer (potentially) a better option for u would be to study/research virus information libraries.
<HR>
<b>LawyerRon: Here's what it could be </b> (& boy do I feel so stupid for not thinking along those lines earlier, speaking of being conditioned - from a discussion in AltOS, I was so conditioned to thinking virus virus virus ...). Again I am not entirely certain that it cant be a virus, but here's my take..

Most UNIX systems use something called <b>/procmail</b>, your ISP probably uses it too, its a good enough implementation, but too rigid at times, hence kinda rare. Its basically a hasty way of protecting users on win based systems from getting virii by changing exe's and com's and vbs' etc etc into a file called nameoffile.defanged-exe

Why it hasnt become popular is imaginable, sometimes it even changes HTML into these attachments.

I was visiting Aopen's site about a week ago, and they had a warning on it about some of their "motherboard software bundles" shipping with a virus on them. This is the first time I think I have ever seen a CD with a virus.

Originally posted by Jenni
This is the first time I think I have ever seen a CD with a virus.

Nope,
ALL AOHell CDs contains virus: AOL

One thing about viruses is it's best to keep them away. For sure, CDs can have viruses! ... just as much as a floppy drive containing drivers could. It is rare.
One thing I've always wondered is by "thrashing your hard drive", what exactly does that mean? I've seen viruses rename files and wipe out a boot sector but aside from that, not very much. It almost sounds like the hard drive could not be ever reused after. Is that even possible?

I've always thought of "thrashing your hard drive" as crippling the operating system. No virus or trojan can physically harm hardware, although you could make a case for the BIOS. Malware that simulates a bad BIOS flash, rendering the motherboard unusable (until the eeprom is replaced). When it comes to the hard drive, a clean floppy boot followed by fdisk will cure what ails ya.