Page 2 of 8 FirstFirst 1234 ... LastLast
Results 16 to 30 of 120
  1. #16
    New Lounger
    Join Date
    Jun 2011
    Posts
    2
    Thanks
    2
    Thanked 0 Times in 0 Posts
    I have a dual boot machine with WIndows 7 & Windows 8, each on a separate hard drive. In Windows 8 machine, if I try to open an Excel file on Win 7 hard disk I get "Excel cannot open the file [filename] because the file format or file extension is not valid," which seems to suggest that the virus is on the machine. However, if I copy the file over to Win 8 machine then there is no problem opening it! I can open all Office files that are on the Win 8 hard disk but none that are on Win 7 disk.

    On Win 7 there is no problem opening any Office file on either hard disk.

    so, is the virus on my machine or not?

    I have run the Microsoft Safety Scanner on both machines and it came up with nothing!

    I am beginning to wonder if the blog's claim "This problem has been confirmed to be caused by malware on the affected machine" is a lot of nonsense.
    Last edited by dmkg; 2013-10-24 at 09:55.

  2. #17
    New Lounger
    Join Date
    Oct 2013
    Posts
    21
    Thanks
    1
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by dmkg View Post
    In Windows 8 machine, if I try to open an Excel file on Win 7 hard disk I get "Excel cannot open the file [filename] because the file format or file extension is not valid," which seems to suggest that the virus is on the machine. However, if I copy the file over to Win 8 machine then there is no problem opening it! I can open all Office files that are on the Win 8 hard disk but none that are on Win 7 disk. On Win 7 there is no problem opening any Office file on either hard disk.
    What reason is there to think that this is a CryptoLocker issue? If files had been locked by CryptoLocker you wouldn't be able to open them from anywhere... IMO it is more likely to be something a bit wrong (not necessarily virus-related) with the Windows 8 setup, or with the format of the Windows 7 hard disk.

  3. #18
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 208 Times in 181 Posts
    @ SF99, #14:

    Sucuri website=scareware tactics
    Free Website Malware ScannerSucuri SiteCheck API

    Sitecheck Results
    Website details
    Blacklisting status

    Blacklist status
    Domain blacklisted by SiteAdvisor (McAfee): foolishit.com - reference
    Domain clean by Google Safe Browsing: foolishit.com - reference
    Domain clean by Norton Safe Web: foolishit.com - reference
    Domain clean on Phish tank: foolishit.com - reference
    Domain clean on the Opera browser: foolishit.com - reference
    Domain clean by the Sucuri Malware Labs blacklist: foolishit.com - reference
    Domain clean on Yandex (via Sophos): foolishit.com - reference
    Domain clean by ESET: foolishit.com - reference

    Worried about malware or getting blacklisted? Sign up and be at ease. Check out our monitoring & cleanup packages.
    They have a product to sell (which rates foolishIT.com as clean).

    McAfee Site Adviser - is that even still operational? When it was, you would be lucky to find any scan results newer than 6 months old = useless!

    http://www.urlvoid.com/scan/foolishit.com/ = checked by close to 30 sites = clean.

    http://www.google.com/safebrowsing/d....foolishit.com = not suspicious.

  4. #19
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 208 Times in 181 Posts
    Quote Originally Posted by Dominicf View Post
    What reason is there to think that this is a CryptoLocker issue? If files had been locked by CryptoLocker you wouldn't be able to open them from anywhere... IMO it is more likely to be something a bit wrong (not necessarily virus-related) with the Windows 8 setup, or with the format of the Windows 7 hard disk.
    Or a permissions issue wrongly interpreted by Excel, sure doesn't feel like CryptoLocker.

  5. #20
    Lounger
    Join Date
    Dec 2009
    Location
    New Jersey USA
    Posts
    25
    Thanks
    0
    Thanked 3 Times in 2 Posts

    Question How does the simple act of opening a ZIP file (i.e. the attachment) launch a Virus ??

    The top of the article Susan's wrote that the #1 way to get this virus is:

    1) Via an email attachment. For example, you receive an email from a shipping company you do business with. Attached to the email is a .zip file. Opening the attachment launches a virus...

    Question: How does the simple act of opening a ZIP file (i.e. the attachment) launch a Virus ????
    Last edited by JohnReam; 2013-10-24 at 10:51.

  6. #21
    New Lounger
    Join Date
    Oct 2013
    Posts
    21
    Thanks
    1
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by JohnReam View Post
    Question: How does the simple act of opening a ZIP file (i.e. the attachment) launch a Virus ????
    Good point, I don't think it does? However an exe file may be disguised as a zip file i.e. named Mydata.zip.exe and in some email programs or with some Windows setting you may just see Mydata.zip?

  7. #22
    Lounger
    Join Date
    Dec 2011
    Posts
    47
    Thanks
    48
    Thanked 1 Time in 1 Post
    @ Satrow
    Yes, I agree with you.
    McAfee reports should be banned from VirusTotal...

    I suspect McAfee has its own "agenda".
    Labeling that web site as: HIJACKED ,
    when and if it is not - is highly irresponsible.

    But the 2nd link you included in your post (Google Web Site Checker),
    it reports:

    "Has this site hosted malware?
    Yes, this site has hosted malicious software over the past 90 days. It infected 0 domain(s), including... ". (???)

    Check it out...
    http://www.google.com/safebrowsing/d....foolishit.com
    Last edited by SF99; 2013-10-24 at 10:57.

  8. #23
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,306
    Thanks
    138
    Thanked 113 Times in 97 Posts
    Quote Originally Posted by Dominicf View Post
    CryptoPrevent (currently at v2.2) seems like a very simple (to use) and elegant preventative solution - and free. Has anyone used this with success? Shame that he doesn't provide a md5sum to verify the download...

    Re taking frequent backups, isn't there a danger that a backup will happen while CryptoLocker is doing its nasty work, so you end up overwriting a previous good backup with locked versions of some of your files?

    I heard that some antivirus software does spot and delete CryptoLocker-infected emails, others have been infected despite having av software (including Avast, which I use).
    I don't overwrite or append data backups. I add new copies until about a month, or until the older backups become obsolete. Then I delete the oldest copies first.
    -- Bob Primak --

  9. #24
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,306
    Thanks
    138
    Thanked 113 Times in 97 Posts
    Quote Originally Posted by Dominicf View Post
    Good point, I don't think it does? However an exe file may be disguised as a zip file i.e. named Mydata.zip.exe and in some email programs or with some Windows setting you may just see Mydata.zip?
    Ever hear of a self-executing ZIP file? If not, read up on it. They've been around for awhile.
    -- Bob Primak --

  10. #25
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,306
    Thanks
    138
    Thanked 113 Times in 97 Posts
    Quote Originally Posted by satrow View Post
    Or a permissions issue wrongly interpreted by Excel, sure doesn't feel like CryptoLocker.
    Or an Ownership issue. I run into these when trying to access user-owned data files from across partitions or disks or machines.
    -- Bob Primak --

  11. #26
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,306
    Thanks
    138
    Thanked 113 Times in 97 Posts
    Quote Originally Posted by zwayne View Post
    The local security policy change as mentioned in the article is way too problematic. Many legitimate programs use local and roaming appdata locations for executables, including lots of Google programs (such as chrome and numerous update files). I certainly don't see "folks with solid IT savvy" doing either this or "application whitelisting" for themselves. For corporate environments, of course, whitelisting or locked-down desktops may be appropriate...
    Well, that's just bad program design. Linux doesn't generally do this sort of thing, so it's not necessary.

    And that Avast Browser Cleanup module is a system performance killer, and nothing in it does a better job than the browser plugins Click & Clean or (for Firefox) Better Privacy, plus the built-in History cleanup tools. Follow up with CCleaner. Trouble is, most folks don't do brwoser cleanups often enough, as they rely on History instead of Bookmarks, and like to keep login cookies so as not to have to use a password manager.
    Last edited by bobprimak; 2013-10-24 at 11:24.
    -- Bob Primak --

  12. #27
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 208 Times in 181 Posts
    Quote Originally Posted by SF99 View Post
    But the 2nd link you included in your post (Google Web Site Checker),
    it reports:

    "Has this site hosted malware?
    Yes, this site has hosted malicious software over the past 90 days. It infected 0 domain(s), including... ". (???)
    I did check it before posting; no infections caused, no second/third/fourth case recorded ...

    "the last time suspicious content was found on this site was on 2013-08-09" - I reckon by the follow-up visit the "suspicious" content had been given a clean bill of health = false positive, very common with heuristics (guesses).

  13. The Following User Says Thank You to satrow For This Useful Post:

    SF99 (2013-10-24)

  14. #28
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,306
    Thanks
    138
    Thanked 113 Times in 97 Posts
    Quote Originally Posted by jimrf View Post
    I think I may have had the virus because I was getting the Excel message. Luckily I rely on Libre Office and nothing I created was affected. Open Source is usually the solution. None of the extensions listed in the article are Libre Office extensions. Because of a problem with my sound system on Windows7 (I could not play music or watch HBOGO on Firefox and games had no music) I reformatted my computer. Different forums said I had a virus, but I could not find it using various programs. Everything is sort of back to normal. One of these days Adobe is going to realize Linux runs their servers and they should program things like Shockwave to work on Linux computers.
    Actually, LibreOffice users do use Microsoft Office formats. When you receive a file from someone, chances are better than three in four that they are providing a MS Office formatted file. LibreOffice can read and edit and write these formats. So there are ways Open Source programs can get your computer infected with this malware. It isn't difficult at all to imagine these scenarios.

    And LibreOffice is vulnerable to Java based attacks.
    -- Bob Primak --

  15. #29
    New Lounger
    Join Date
    Oct 2013
    Posts
    21
    Thanks
    1
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by bobprimak View Post
    Ever hear of a self-executing ZIP file? If not, read up on it. They've been around for awhile.
    But not if they just have a .zip extension, because then your OS will pass them as a parameter to your installed 'unzip' application. I can't find info about 'self-executing' zip files but plenty about 'self-extracting' zip files - which I think will all have an executable extension such as '.exe'.

  16. #30
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,306
    Thanks
    138
    Thanked 113 Times in 97 Posts
    Quote Originally Posted by Dominicf View Post
    But not if they just have a .zip extension, because then your OS will pass them as a parameter to your installed 'unzip' application. I can't find info about 'self-executing' zip files but plenty about 'self-extracting' zip files - which I think will all have an executable extension such as '.exe'.
    Yeah, self-extracting ZIP files. But upon extraction, an auto-run might possibly become active. Not sure this is possible, but apparently it has happened.
    -- Bob Primak --

Page 2 of 8 FirstFirst 1234 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •