Virus apparently in a .txt file
Thread poster: Oliver Walter

Oliver Walter  Identity Verified
United Kingdom
Local time: 21:32
Member (2005)
German to English
+ ...
Jan 22, 2006

This was an attempt to infect my PC with a virus by sending what looked like a file called document.txt:


1. I received an email that appeared to be from an email address containing the word "etranslate", so I was only 99% sure that it was malicious email, not 100%.

2. The email's subject was "your day"; it contained the message "Congratulations!, your best friend" and an attachment called postcard.zip. Suspicion now 99.9%.

3. I saved the attachment as a disk file (not dangerous even if it contains a virus) and opened it with WinZip.

4. It appeared to contain a file called document.txt, so I thought I would see what it contained by dragging it from the WinZip window to the Notepad icon on my desktop. I deliberately did not try to open it by double-clicking because I wanted to be sure that it would be opened by Notepad.

5. However, at that point I received an error message from Notepad saying that I did not have permission to open a file called
C:\windows\temp\docume~1.exe

6. I also got a message from my virus detector (AVG free edition, not set up to monitor incoming email) saying it had detected the netsky.Q virus. Suspicion confirmed.

7. Instead of deleting the file at that point, I returned to WinZip and noticed that the filename was displayed as
document.txt ...
(including nearly invisible dots). So I widened the "name" column and found that the file's real name was

document.txt                 .exe

(i.e. with lots of spaces before ".exe").
This is one consequence of the fact that "long file names" in Windows can contain spaces. In earlier operating systems, the space character was invalid in file names. You adjust the name column the same way as in Windows Explorer: drag the boundary of the column header or just double-click on it.

8. Slight mystery entirely solved. It wasn't a harmless text file; it was a very harmfull executable (i.e. program) file. My action: delete the saved attachment and the email.

9. I hope this is a little education for some of you (and the others already knew this method.)

Oliver

[Edited at 2006-01-22 21:43]

[Edited at 2006-01-22 21:43]


Direct link Reply with quote
 

Fernando Toledo  Identity Verified
Germany
Local time: 22:32
German to Spanish
Woww! Jan 22, 2006

Oliver Walter wrote:
document.txt .exe

(i.e. with lots of spaces before ".exe").
This is one consequence of the fact that "long file names" in Windows can contain spaces



I must say, it is a good idea

Thks for the advice

I always 2xclic text files, thinking it is impossible to be infected that way.


Direct link Reply with quote
 
Robert Zawadzki  Identity Verified
Local time: 22:32
English to Polish
+ ...
This was an .exe , not .txt file Jan 23, 2006

It's the last part of a name (after the last dot, the extension) that determines file type. The trick with spaces was meant to hide this, and make you think it's a .txt file, that cannot be infected.

[Edited at 2006-01-23 08:44]


Direct link Reply with quote
 

Fernando Toledo  Identity Verified
Germany
Local time: 22:32
German to Spanish
yes Jan 23, 2006

Robert Zawadzki wrote:

It's the last part of a name (after the last dot, the extension) that determines file type. The trick with spaces was meant to hide this, and make you think it's a .txt file, that cannot be infected.

[Edited at 2006-01-23 08:44]


Everybody understood it, we are no children


Direct link Reply with quote
 
Robert Zawadzki  Identity Verified
Local time: 22:32
English to Polish
+ ...
But it was a .txt in a post header... Jan 23, 2006

I just wanted everything to be 100% clear. I thought about not posting anything at all, but I decided it will not hurt - it may help somone else reading this thread.

Direct link Reply with quote
 

Oliver Walter  Identity Verified
United Kingdom
Local time: 21:32
Member (2005)
German to English
+ ...
TOPIC STARTER
I already said it Jan 23, 2006

Robert Zawadzki wrote:
I just wanted everything to be 100% clear. I thought about not posting anything at all, but I decided it will not hurt - it may help somone else reading this thread.

You may be right, but (a) I thought I had already made that point clear in point 8 of my posting, and (b) my original heading said "apparently", meaning that it appeared to be in a .txt file, although it was in fact something else.
Anyway, you may also have done some good, simply by provoking a discussion. I suggest that a conclusion from this kind of experience is: Treat EVERY email that you receive as potentially harmfull, until and unless you have a good reason to believe that it is legitimate. I know, the difficult thing can be how to decide what is a good reason to trust an email....
Oliver


Direct link Reply with quote
 


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Virus apparently in a .txt file

Advanced search






SDL MultiTerm 2017
Guarantee a unified, consistent and high-quality translation with terminology software by the industry leaders.

SDL MultiTerm 2017 allows translators to create one central location to store and manage multilingual terminology, and with SDL MultiTerm Extract 2017 you can automatically create term lists from your existing documentation to save time.

More info »
memoQ translator pro
Kilgray's memoQ is the world's fastest developing integrated localization & translation environment rendering you more productive and efficient.

With our advanced file filters, unlimited language and advanced file support, memoQ translator pro has been designed for translators and reviewers who work on their own, with other translators or in team-based translation projects.

More info »



Forums
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums
  • Multiple search