T
tjwatkins
There was one of those ISP numbers (I forget the correct name for
them). I put it in Arin, was told it's invalid !
Very likely, I keep getting all kinds of "stock" spam lately.
Yep, 256 colors max.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
There was one of those ISP numbers (I forget the correct name for
them). I put it in Arin, was told it's invalid !
Very likely, I keep getting all kinds of "stock" spam lately.
Yep, 256 colors max.
V
Virus Guy
There was one of those ISP numbers (I forget the correct name
for them).
The IP address of the source of an e-mail will be contained in the
first received line of the header, like this:
Return-Path: <[email protected]>
Received: from xlgggby ([210.82.32.47]) by (your SMTP server)
with SMTP id AAA246 for <[email protected]>;
Fri, 14 Jul 2006 03:32:28 -0400
The IP address in the above example is 210.82.32.47.
I put it in Arin, was told it's invalid !
You did not give Arin an IP address. You gave it something else, and
it told you what you gave it was invalid.
D
David H. Lipman
From: <[email protected]>
| Can a .GIF contain a virus?
|
| I was sent an email from someone I do not know. There was no text in
| it, just two .GIF files. The message ID number (using arin.net) was
| invalid. My email software does not view anything except plain text.
| HTML is viewed as text too. I have to manually open attachments too.
| Because of this, I was never exposed to any viruses or spyware.
| I deleted the message and the gifs, so it's gone.
|
| I used to feel safe opening pictures, but heard that some can now
| contain a virus. Can a .GIF contain one?
|
| Thanks
|
| TJ
I just received a sample named "UPX.GIF"
BitDefender 7.2 07.16.2006 Dropped:Trojan.Spy.HAKvip.A
DrWeb 4.33 07.15.2006 Trojan.PWS.Lineage
Kaspersky 4.0.2.24 07.16.2006 Trojan-Spy.Win32.Agent.nf
McAfee 4807 07.14.2006 Exploit-CodeBase.chm
Panda 9.0.0.4 07.15.2006 Suspicious file
VBA32 3.11.0 07.15.2006 suspected of Trojan-PSW.Lineage.3
It could be a file that was renamed to .GIF but I haven't really looked at its contents to
know for sure.
| Can a .GIF contain a virus?
|
| I was sent an email from someone I do not know. There was no text in
| it, just two .GIF files. The message ID number (using arin.net) was
| invalid. My email software does not view anything except plain text.
| HTML is viewed as text too. I have to manually open attachments too.
| Because of this, I was never exposed to any viruses or spyware.
| I deleted the message and the gifs, so it's gone.
|
| I used to feel safe opening pictures, but heard that some can now
| contain a virus. Can a .GIF contain one?
|
| Thanks
|
| TJ
I just received a sample named "UPX.GIF"
BitDefender 7.2 07.16.2006 Dropped:Trojan.Spy.HAKvip.A
DrWeb 4.33 07.15.2006 Trojan.PWS.Lineage
Kaspersky 4.0.2.24 07.16.2006 Trojan-Spy.Win32.Agent.nf
McAfee 4807 07.14.2006 Exploit-CodeBase.chm
Panda 9.0.0.4 07.15.2006 Suspicious file
VBA32 3.11.0 07.15.2006 suspected of Trojan-PSW.Lineage.3
It could be a file that was renamed to .GIF but I haven't really looked at its contents to
know for sure.
A
Art
From: <[email protected]>
| Can a .GIF contain a virus?
|
| I was sent an email from someone I do not know. There was no text in
| it, just two .GIF files. The message ID number (using arin.net) was
| invalid. My email software does not view anything except plain text.
| HTML is viewed as text too. I have to manually open attachments too.
| Because of this, I was never exposed to any viruses or spyware.
| I deleted the message and the gifs, so it's gone.
|
| I used to feel safe opening pictures, but heard that some can now
| contain a virus. Can a .GIF contain one?
|
| Thanks
|
| TJ
I just received a sample named "UPX.GIF"
BitDefender 7.2 07.16.2006 Dropped:Trojan.Spy.HAKvip.A
DrWeb 4.33 07.15.2006 Trojan.PWS.Lineage
Kaspersky 4.0.2.24 07.16.2006 Trojan-Spy.Win32.Agent.nf
McAfee 4807 07.14.2006 Exploit-CodeBase.chm
Panda 9.0.0.4 07.15.2006 Suspicious file
VBA32 3.11.0 07.15.2006 suspected of Trojan-PSW.Lineage.3
It could be a file that was renamed to .GIF but I haven't really looked at its contents to
know for sure.
It's not a GIF file, David. It has the header of a CHM file. There's a
compressed (and encrypted?) EXE "inside it" that Kaspersky identifiies
as SCHOVE.EXE. It's in this EXE file that KAV identifies
Trojan-Spy.Win32.Agent.nf.
I guess the malware author is depending on that quirk in Win XP
where under certain conditions the OS will execute based on file
type rather than on file extension???
Thanks for sending me the sample. I don't see my JPG-SCAN proggy
detecting this kind of file since it seems the av vednors are at
least starting to develop detection for it. We shall see.
Art
http://home.epix.net/~artnpeg
- Joined
- Aug 28, 2012
- Messages
- 2
- Reaction score
- 0
I got this from a friend but I'm a little leery if it contains a malicious code. He is a programmer. One time he used my laptop and shortly it crashed. The link was sent by text and it's a video of a dog bouncing on a ball. Can someone check this URL if it contains one of those hidden file extensions?
http://i.imgur.com/nCPIg.gif
Thanks!
http://i.imgur.com/nCPIg.gif
Thanks!
- Joined
- Aug 28, 2012
- Messages
- 2
- Reaction score
- 0