<mjvelloat_private> wrote: > I made the sad mistake of clicking on the link that Jay sent ... Clicking on the link to the EXE, per se, is not dangerous (well, unless you have some really wacky Email client or browser that automatically executes EXEs from URL-style links!). So long as you either cancelled or selected the "Save" option when IE gave you the "Would you like to open the file or save it to your computer?" prompt, you were safe. > ... to read more > and did get the virus. I don't think I am infected, as Norton did a full > scan when I rebooted and found the virus and quarantined it. But it was > found in an odd location (or at least I think so, but maybe not since I got > it from the link) > > Here is where it was: doc and settings\administrator\local\Temporary > Internet Files\Content IE5\RRLJFH08 My guess is that, even if you selected cancel, the whole file may have been "pre-fetched" by IE -- the EXE is only 5664 bytes and would transfer in just a few packets. If so, even though you cancelled the actual download, IE probably still caches it "just in case" you ever "revisit" the link. > Strange thing though, my admin ID showed a change made on the same date that > this happened. I checked the regedit keys and found no changes, how do I > know for sure that my computer has not been compromised? I did not execute > anything. If you had run this thing, you would not be able to write the Email I'm replying to, assuming you are writing from the same computer (which your message very strongly suggests). In general, simply downloading a program file will not cause you trouble (though there have been many examples of badly written client applications that allow, or even default, to writing stuff where they really "shouldn't" and thus open their users up to all manner of trouble...). -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sat Jul 19 2003 - 08:48:39 PDT