Guest Scott Posted March 13, 2009 Posted March 13, 2009 Twice in the last ten days I have been the subject of a virus attack from perceived safe websites. I invite comments on if this is a correct assessment. Details. Attack 1. (March 12) On the website http://netscape.aol.com at the top of the page, I clicked on the link "Get Winamp toolbar". The browser indicated that I saved to disk one file called "toolbar.exe". I ran this file and got this unexpected warning: Ad Watch Live Alerts (I have this Ad Aware program) stopped process ns70.tmp (3932) because it identified it as Win32.Trojan.Agent. The Winamp toolbar did install. Scans by Spybot and AVG Free did not detect any infection. If Win XP supposed to execute .tmp files? Attack 2. (March 3) I received an email from a person I had not heard from in 4+ years. It had the characteristics of a virus attack: (1) it appears it was sent to everyone in the address book, (2) and addressed to "Whom it may concern..." It contained the following link: http://rapidshare.com/files/203380183/load_m3_01.exe It was sent from this persons Yahoo Mail account to my Yahoo Mail account. I thought Yahoo had protections against this kind of thing. I have not heard back from this person about my inquiry about this. Does anyone know what this exe file is or does? If I'm on a user account and click on it, with the user account protect me from this exe? Thanks Scott Los Angeles Quote
Guest Peter Foldes Posted March 13, 2009 Posted March 13, 2009 Was kind of dumb to post that link with your issue. Especially if it is an .exe link -- Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. "Scott" <scott@adelphia.net> wrote in message news:ulSuwwCpJHA.1172@TK2MSFTNGP04.phx.gbl...<span style="color:blue"> > Twice in the last ten days I have been the subject of a virus attack from > perceived safe websites. I invite comments on if this is a correct assessment. > > Details. > > Attack 1. (March 12) > > On the website http://netscape.aol.com at the top of the page, I clicked on the > link "Get Winamp toolbar". > The browser indicated that I saved to disk one file called "toolbar.exe". I ran > this file and got this unexpected warning: Ad Watch Live Alerts (I have this Ad > Aware program) stopped process ns70.tmp (3932) because it identified it as > Win32.Trojan.Agent. The Winamp toolbar did install. Scans by Spybot and AVG Free > did not detect any infection. > > If Win XP supposed to execute .tmp files? > > Attack 2. (March 3) > > I received an email from a person I had not heard from in 4+ years. It had the > characteristics of a virus attack: (1) it appears it was sent to everyone in the > address book, (2) and addressed to "Whom it may concern..." > It contained the following link: > It was sent from this persons Yahoo Mail account to my Yahoo Mail account. I > thought Yahoo had protections against this kind of thing. I have not heard back > from this person about my inquiry about this. > > Does anyone know what this exe file is or does? > If I'm on a user account and click on it, with the user account protect me from > this exe? > > Thanks > Scott > Los Angeles > </span> Quote
Guest Scott Posted March 13, 2009 Posted March 13, 2009 Why? Scott Los Angeles "Peter Foldes" <okf122@hotmail.com> wrote in message news:%23p9Bv0CpJHA.6132@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> > Was kind of dumb to post that link with your issue. Especially if it is an > .exe link > > -- > Peter > > Please Reply to Newsgroup for the benefit of others > Requests for assistance by email can not and will not be acknowledged.</span> Quote
Guest FromTheRafters Posted March 13, 2009 Posted March 13, 2009 "Scott" <scott@adelphia.net> wrote in message news:ulSuwwCpJHA.1172@TK2MSFTNGP04.phx.gbl...<span style="color:blue"> > Twice in the last ten days I have been the subject of a virus attack > from perceived safe websites. I invite comments on if this is a > correct assessment. > > Details. > > Attack 1. (March 12) > > On the website http://netscape.aol.com at the top of the page, I > clicked on the link "Get Winamp toolbar". > The browser indicated that I saved to disk one file called > "toolbar.exe". I ran this file and got this unexpected warning: Ad > Watch Live Alerts (I have this Ad Aware program) stopped process > ns70.tmp (3932) because it identified it as Win32.Trojan.Agent. The > Winamp toolbar did install. Scans by Spybot and AVG Free did not > detect any infection. > > If Win XP supposed to execute .tmp files? > > Attack 2. (March 3) > > I received an email from a person I had not heard from in 4+ years. It > had the characteristics of a virus attack: (1) it appears it was sent > to everyone in the address book, (2) and addressed to "Whom it may > concern..." > It contained the following link: > http://rapidshare.com/files/203380183/load_m3_01.exe</span> So the first attack (we'll call this attack #2) came after the second one (we'll call attack #1)? <span style="color:blue"> > It was sent from this persons Yahoo Mail account to my Yahoo Mail > account. I thought Yahoo had protections against this kind of thing. I > have not heard back from this person about my inquiry about this. > > Does anyone know what this exe file is or does?</span> I got this... "This file is suspected to contain illegal content and has been blocked. After the file has been blocked for 7 days it will automatically be deleted, if the block is not removed by RapidShare. For this reason, a download of this file is currently not possible." ....from the html document that that URL points me to. Smells like malware huh? <span style="color:blue"> > If I'm on a user account and click on it, with the user account > protect me from this exe?</span> No. The limited user idea is to protect the rest of the system (and other users) from you if you fall for a trojan. No matter what kind of "protection" you have - it is still not a good idea to execute malware. The adware "attack" was just you trying to install ad supported software I think. The latter looks like an e-mail vector clickworm. Good thing you didn't run it. Quote
Guest Scott Posted March 13, 2009 Posted March 13, 2009 Thank you very much for taking the time to investigate and respond. I was considering the idea of experimenting with this but I guess the safest course is just to move on. Scott Los Angeles "FromTheRafters" <erratic@nomail.afraid.org> wrote in message news:uyxZEODpJHA.3896@TK2MSFTNGP04.phx.gbl...<span style="color:blue"> > "Scott" <scott@adelphia.net> wrote in message > news:ulSuwwCpJHA.1172@TK2MSFTNGP04.phx.gbl...<span style="color:green"> >> Twice in the last ten days I have been the subject of a virus attack from >> perceived safe websites. I invite comments on if this is a correct >> assessment. >> >> Details. >> >> Attack 1. (March 12) >> >> On the website http://netscape.aol.com at the top of the page, I clicked >> on the link "Get Winamp toolbar". >> The browser indicated that I saved to disk one file called "toolbar.exe". >> I ran this file and got this unexpected warning: Ad Watch Live Alerts (I >> have this Ad Aware program) stopped process ns70.tmp (3932) because it >> identified it as Win32.Trojan.Agent. The Winamp toolbar did install. >> Scans by Spybot and AVG Free did not detect any infection. >> >> If Win XP supposed to execute .tmp files? >> >> Attack 2. (March 3) >> >> I received an email from a person I had not heard from in 4+ years. It >> had the characteristics of a virus attack: (1) it appears it was sent to >> everyone in the address book, (2) and addressed to "Whom it may >> concern..." >> It contained the following link: >> http://rapidshare.com/files/203380183/load_m3_01.exe</span> > > So the first attack (we'll call this attack #2) came after the second one > (we'll call attack #1)? ><span style="color:green"> >> It was sent from this persons Yahoo Mail account to my Yahoo Mail >> account. I thought Yahoo had protections against this kind of thing. I >> have not heard back from this person about my inquiry about this. >> >> Does anyone know what this exe file is or does?</span> > > I got this... > > "This file is suspected to contain illegal content and has been blocked. > After the file has been blocked for 7 days it will automatically be > deleted, if the block is not removed by RapidShare. For this reason, a > download of this file is currently not possible." > > ...from the html document that that URL points me to. > > Smells like malware huh? ><span style="color:green"> >> If I'm on a user account and click on it, with the user account protect >> me from this exe?</span> > > No. The limited user idea is to protect the rest of the system (and other > users) from you if you fall for a trojan. No matter what kind of > "protection" you have - it is still not a good idea to execute malware. > > The adware "attack" was just you trying to install ad supported software I > think. The latter looks like an e-mail vector clickworm. Good thing you > didn't run it. > </span> Quote
Guest David H. Lipman Posted March 14, 2009 Posted March 14, 2009 From: "Scott" <scott@adelphia.net> | Why? | Scott | Los Angeles If it is malicious you may infect others. Always obfuscate possibly malicious URLs such that they are no longer clickable. Such as... h p://rapidshare.com/files/203380183/load_m3_01.exe and hxxp://rapidshare.com/files/203380183/load_m3_01.exe -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.