Virus apparently in a .txt file
Thread poster: Oliver Walter
Oliver Walter
Oliver Walter  Identity Verified
United Kingdom
Local time: 05:49
German to English
+ ...
Jan 22, 2006

This was an attempt to infect my PC with a virus by sending what looked like a file called document.txt:


1. I received an email that appeared to be from an email address containing the word "etranslate", so I was only 99% sure that it was malicious email, not 100%.

2. The email's subject was "your day"; it contained the message "Congratulations!, your best friend" and an attachment called postcard.zip. Suspicion now 99.9%.

3. I saved the attachment as a disk
... See more
This was an attempt to infect my PC with a virus by sending what looked like a file called document.txt:


1. I received an email that appeared to be from an email address containing the word "etranslate", so I was only 99% sure that it was malicious email, not 100%.

2. The email's subject was "your day"; it contained the message "Congratulations!, your best friend" and an attachment called postcard.zip. Suspicion now 99.9%.

3. I saved the attachment as a disk file (not dangerous even if it contains a virus) and opened it with WinZip.

4. It appeared to contain a file called document.txt, so I thought I would see what it contained by dragging it from the WinZip window to the Notepad icon on my desktop. I deliberately did not try to open it by double-clicking because I wanted to be sure that it would be opened by Notepad.

5. However, at that point I received an error message from Notepad saying that I did not have permission to open a file called
C:\windows\temp\docume~1.exe

6. I also got a message from my virus detector (AVG free edition, not set up to monitor incoming email) saying it had detected the netsky.Q virus. Suspicion confirmed.

7. Instead of deleting the file at that point, I returned to WinZip and noticed that the filename was displayed as
document.txt ...
(including nearly invisible dots). So I widened the "name" column and found that the file's real name was

document.txt                 .exe

(i.e. with lots of spaces before ".exe").
This is one consequence of the fact that "long file names" in Windows can contain spaces. In earlier operating systems, the space character was invalid in file names. You adjust the name column the same way as in Windows Explorer: drag the boundary of the column header or just double-click on it.

8. Slight mystery entirely solved. It wasn't a harmless text file; it was a very harmfull executable (i.e. program) file. My action: delete the saved attachment and the email.

9. I hope this is a little education for some of you (and the others already knew this method.)

Oliver

[Edited at 2006-01-22 21:43]

[Edited at 2006-01-22 21:43]
Collapse


 
Fernando Toledo
Fernando Toledo  Identity Verified
Spain
Local time: 06:49
German to Spanish
Woww! Jan 22, 2006

Oliver Walter wrote:
document.txt .exe

(i.e. with lots of spaces before ".exe").
This is one consequence of the fact that "long file names" in Windows can contain spaces



I must say, it is a good idea

Thks for the advice

I always 2xclic text files, thinking it is impossible to be infected that way.


 
Robert Zawadzki (X)
Robert Zawadzki (X)  Identity Verified
Local time: 06:49
English to Polish
+ ...
This was an .exe , not .txt file Jan 23, 2006

It's the last part of a name (after the last dot, the extension) that determines file type. The trick with spaces was meant to hide this, and make you think it's a .txt file, that cannot be infected.

[Edited at 2006-01-23 08:44]


 
Fernando Toledo
Fernando Toledo  Identity Verified
Spain
Local time: 06:49
German to Spanish
yes Jan 23, 2006

Robert Zawadzki wrote:

It's the last part of a name (after the last dot, the extension) that determines file type. The trick with spaces was meant to hide this, and make you think it's a .txt file, that cannot be infected.

[Edited at 2006-01-23 08:44]


Everybody understood it, we are no children


 
Robert Zawadzki (X)
Robert Zawadzki (X)  Identity Verified
Local time: 06:49
English to Polish
+ ...
But it was a .txt in a post header... Jan 23, 2006

I just wanted everything to be 100% clear. I thought about not posting anything at all, but I decided it will not hurt - it may help somone else reading this thread.

 
Oliver Walter
Oliver Walter  Identity Verified
United Kingdom
Local time: 05:49
German to English
+ ...
TOPIC STARTER
I already said it Jan 23, 2006

Robert Zawadzki wrote:
I just wanted everything to be 100% clear. I thought about not posting anything at all, but I decided it will not hurt - it may help somone else reading this thread.

You may be right, but (a) I thought I had already made that point clear in point 8 of my posting, and (b) my original heading said "apparently", meaning that it appeared to be in a .txt file, although it was in fact something else.
Anyway, you may also have done some good, simply by provoking a discussion. I suggest that a conclusion from this kind of experience is: Treat EVERY email that you receive as potentially harmfull, until and unless you have a good reason to believe that it is legitimate. I know, the difficult thing can be how to decide what is a good reason to trust an email....
Oliver


 


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Virus apparently in a .txt file






Trados Business Manager Lite
Create customer quotes and invoices from within Trados Studio

Trados Business Manager Lite helps to simplify and speed up some of the daily tasks, such as invoicing and reporting, associated with running your freelance translation business.

More info »
Trados Studio 2022 Freelance
The leading translation software used by over 270,000 translators.

Designed with your feedback in mind, Trados Studio 2022 delivers an unrivalled, powerful desktop and cloud solution, empowering you to work in the most efficient and cost-effective way.

More info »