[Date Prev][Date Next] [Chronological] [Thread] [Top]

(rshsdepot) OT: mobeus virus <AKA hi.dat> (formerly Re: (rshs depot) also...)

Subject: (rshsdepot) OT: mobeus virus <AKA hi.dat> (formerly Re: (rshs depot) also...)
From: "fred fep" <luckyshow_@_mindspring.com>
Date: Mon, 27 Jan 2003 22:52:31 -0500
References: <Pine.LNX.4.44.0301271540320.27546-100000_@_eris.io.com> <02d801c2c652$778359b0$ee1f49d8@D2VWBV11>

Ha...let me tell you a funny virus related subject..

My anti-virus software said it found and healed a virus it called "Warning:
hidden extension..dat" and it was in a specific folder inside another folder
inside Temporary Internet Files folder.

OK, it found it every day and I realized that if I scanned for viruses,
complete scan one after another, it still always said it found the same file
and healed it.

Oddly even though I hide no files there were no files after I deleted the
Temporary Internet Files. But it kept showing up....Like a mobeus strip
virus..
Except there seemed no adverse conditions and there seemed to be no file
there.-it would be found and supposedly healed time after time.

Why the folders don't show up in the Temporary Internet Files folder is odd,
they are there in Explorer..
Finally I thought it is Temporary so from Explorer I deleted that empty
folder.

And 1,997 separate "objects" or files were them in the Recycle bin,

The kicker was the file's name: this DAT file's name was.."hi" ... hi.dat

a simple <hi>

Try searching for that on the internet, a virus with a name of "hi"...good
luck..

It has disappeared and I have no idea at all what it actually was...I do
know that many of those deleted but before deleting invisible files were
headers from RSHS mail, any attachment I sent someone...whatever it wasn't
large for 1,996 files, only 2.9 MB..I would recommend that anyone with
Windows, at least the old ones go to Explorer, find the Temporary Internet
Files and when you see a folder called IE.5 inside this are folders with
long strings of letters and numbers. You will see nothing inside these
folders but I recommend you delete them, they are just temporary junk that
stays there in a ghost header if not a usable file, plus you'll pick up a
good 10 MB space

Paul
- ----- Original Message -----
From: "Gary LaPointe" <sglap3_@_lightlink.com>
To: <rshsdepot_@_lists.railfan.net>
Sent: Monday, January 27, 2003 5:21 PM
Subject: Re: (rshsdepot) also...

> Thanks.  This has almost become more of a pain than it is worth.  I
> appreciate your reply.
>
> GL
>
>
>
> ----- Original Message -----
> From: "Andy Ingraham Dwyer" <adwyer_@_io.com>
> To: "Gary LaPointe" <sglap3_@_lightlink.com>; <rshsdepot@lists.railfan.net>
> Sent: Monday, January 27, 2003 4:48 PM
> Subject: Re: (rshsdepot) also...
>
>
> > On Mon, 27 Jan 2003, Gary LaPointe wrote:
> >
> > > Also:  At the same time, I ran a virus scan on my computer and found
> > > nothing, so who knows?  Sorry!  Maybe you should check anyway.
> > >
> > > GL
> >
> >
> > It's a hoax.  If you search in Google on [jdbgmgr.exe and virus], you'll
> > get links back to the websites of most of the major Anit-Virus software
> > vendors (Symantec, McAfee, etc.) like this one:
> >
> > http://www.symantec.com/avcenter/venc/data/jdbgmgr.exe.file.hoax.html
> >
> >
> > Important details:
> >
> > "The file that the hoax refers to, Jdbgmgr.exe, is the Microsoft
Debugger
> > Registrar for Java. It may be installed when you install Windows."
> >
> > "If you have already deleted the Jdbgmgr.exe file, in most cases, you do
> > not have to reinstall it."
> >
> > "CAUTION: Jdbgmgr.exe, like any file, can become infected by a virus.
One
> > virus in particular, W32.Efortune.31384_@_mm, targets this file. Norton
> > AntiVirus has provided protection against W32.Efortune.31384_@_mm since
May
> > 11, 2001."
> >
> >
> >
> > In general, take anything that is forwarded to you in email with a grain
> > of salt.  Items that *demand* to be forwarded are even more suspect.  Do
a
> > little bit of research on a search engine first.
> >
> >
> > -Andy
> >
> > =================================
> > The Railroad Station Historical Society maintains a database of existing
> > railroad structures at: http://www.rrshs.org
> >
>
> =================================
> The Railroad Station Historical Society maintains a database of existing
> railroad structures at: http://www.rrshs.org
>

=================================
The Railroad Station Historical Society maintains a database of existing
railroad structures at: http://www.rrshs.org

------------------------------

References:
- Re: (rshsdepot) also...
  - From: Andy Ingraham Dwyer <adwyer_@_io.com>

Prev by Date: Re: (rshsdepot) Virus, maybe...
Next by Date: Re: (rshsdepot) Lakeport [NH] Freight House
Index(es):
- Chronological
- Thread