Re: [NTLK] Bizarre Dongle !

From: Murray, Tom (TMurray_at_usequities.com)
Date: Fri Oct 11 2002 - 23:23:03 EDT


This used to be the case, but now with the Windows Scripting Host .scr files
are "script" files. This is the problem, when you double-click on a .scr
file it will run the "executable" script which is what infects the system.
This is why most companies are trying to remove the Windows Scripting Host
to avoid this problem. The .scr files are much like batch files (.bat) and
Visual Basic scripts (.vbs) all of which are real nasties and can (in the
wrong hands) majorly screw up your PC's.

-----Original Message-----
From: Nicholas Gillock
To: newtontalk_at_newtontalk.net
Sent: 10/11/02 10:49 AM
Subject: Re: [NTLK] Bizarre Dongle !

Just FYI, ".scr" files are generally screen saver files on the PC. And
all a screen saver is on a pc, is an ".exe" (executable) file that has
had it's extension changed to ".scr". There are very few differences
between the few.

-----Original Message-----
From: newtontalk-bounce_at_newtontalk.net
[mailto:newtontalk-bounce_at_newtontalk.net] On Behalf Of Neil Brown
Sent: Friday, October 11, 2002 8:08 AM
To: newtontalk_at_newtontalk.net
Subject: Re: [NTLK] Bizarre Dongle !

Unfortunately you are wrong. The klez CANNOT propogate on a mac. the
scr file is a script file which does not execute on a mac. Klez uses a
weakness in outlook and windows messaging on PC as in intel windows
boxes.

Your message is confusing since you refer to both mac and Pc machines.
An up to date norton which is scanning email does not send a copy out!

On you mac you may have a saved attachment which is the scr file. Your
no name text file is not anything to do with klez. Klez files have
names and are not hidden.

  I have to wonder what these files were (probably some temp file
created by the outlook or another program) but NO virus sends files
this size otherwise it would cause the message to reject on almost
every email server on the net (message size limits are usually in the
3-6MB size) and what good would that be!

I might sugget a trip to Symantecs antivirus page for the Mac if you
want to read more....

Neil

On Friday, October 11, 2002, at 05:47 AM, Woo Lee wrote:

>
>
> ------------------
>> ??? What's all this? I take it Klez is some sort of virus?
>
> Yup, a 'mass-mailing' worm.
> ------------------
>> And what is a ".scr" file (I've never seen one.)?
>
> ".scr"=3D 'script file' and ".pif"=3D Program Information File' are
> sent =
> to execute on MS' Outlook and Outlook Express.
> ------------------
>> Are you really saying that there's now
>> a virus that can infect a Mac via e-mail? And if so, what OS?
>>
>> - Eric.
>
> What happened is Virex missed these worms(on my Win.98SE Norton =
> quarantined W32.Klez.H_at_mm virus, but it still sent a copy out) since
> the =
> virus scanner was up-to-date and configured to scan email. As I =
> opened(clicked) the email, it setup a hidden text file, had to use
> 'Unhide =
> tools' to find the text files. Using the finder to get info. on the =
> unknown file, there was no name, just a 'text' file, 107-147 MB. size.

> =
> Using the desktop Virex drop-scan, the scanner froze, had to force
> quit. =
> The dialog box said 'scanning unknown file'. The files on the Mac are

> =
> fine, but those 'text files' were hiding on the Mac and sending copies

> on =
> the second and fourth Friday of the month. At least I was able to
> unhide =
> and delete the 'text files'.
> D'oh, Daniel's computer sent me a 67KB. file with '.exe.pif'
> extensions, =
> at least I checked with my Newt. first, :-)
> ------------------
>
> !ooW
> Pres. of Los Angeles Newton Users Group.
>
>
> --
> Read the List FAQ/Etiquette: http://www.newtontalk.net/faq.html
> Read the Newton FAQ: http://www.chuma.org/newton/faq/
> This is the NewtonTalk mailing list - http://www.newtontalk.net/
>

-- 
Read the List FAQ/Etiquette: http://www.newtontalk.net/faq.html
Read the Newton FAQ: http://www.chuma.org/newton/faq/
This is the NewtonTalk mailing list - http://www.newtontalk.net/

-- Read the List FAQ/Etiquette: http://www.newtontalk.net/faq.html Read the Newton FAQ: http://www.chuma.org/newton/faq/ This is the NewtonTalk mailing list - http://www.newtontalk.net/

-- Read the List FAQ/Etiquette: http://www.newtontalk.net/faq.html Read the Newton FAQ: http://www.chuma.org/newton/faq/ This is the NewtonTalk mailing list - http://www.newtontalk.net/



This archive was generated by hypermail 2.1.2 : Thu Oct 31 2002 - 12:02:35 EST