Re: Protected folders

From: Roger Fink (fink_at_*****.net)
Date: 08/30/05 

Date: Mon, 29 Aug 2005 23:20:49 -0400

David H. Lipman wrote:
> From: "Roger Fink" <fink@*****.net>
>
>> Simple question - can a virus change an executable file that's
>> located in a read only folder?
>>
>
> Change it to what ? Read-Write ? Sure.
>
> Can you be more specific.

David - you're here too - what a shocker!

OK, I'm probably not going to describe this 100% accurately, but here's my
best shot. I recently was infected with VBS:REDLOF. The infected file that
was picked up on the virus scan was unfortunately sysclean.exezz, which was
created when sysclean.exe was launched earlier, I believe in response to
something else. The file had been on the hard drive for awhile . The several
other files that normally are created in the same folder when SysClean is
launched all had zz added to their extensions, such as .logzz and .dllzz,
although they didn't scan "positive". The pattern file to all appearances
remained unchanged.

What prompted the question is that I wanted to save myself a 3.5mb download
by keeping the file on the computer. (I realize this part of the program
does get modified from time to time and would need to check that). It's
downloaded as an executable but I've currently got it stored as a zip, if
that makes any difference. And yes, I agree in advance of your suggesting it
that it's not the end of the world to download it only on an as-needed
basis.

I've done my reading and my housekeeping, and I think my system is free and
clear at the moment.

BTW, Trend Micro describes VBS:REDLOF and its variants as highly
destructive. It's more than an annoyance.

Relevant Pages

  • Re: Two Questions Fom A Friend Of Mine To Yall
    ... Tony Trout wrote: ... > folder and she's having trouble putting them into one single folder. ... I can't speak for David, of course, but please note: ... >> Download the Trend Pattern File by obtaining the ZIP file. ...
    (microsoft.public.security.virus)
  • Re: Browser takeover
    ... I created a new folder in C drive called Software Help and ... Please download a copy. ... "David H. Lipman" wrote: ...
    (microsoft.public.security.virus)
  • RE: INTERN~2
    ... > subdirectory is a folder containing files that describe ... Are you using some type of download manager? ...
    (microsoft.public.windowsxp.general)
  • Re: IE6 overwrites anything I try to type in to the address bar
    ... install of WinXP with all of the updates/hot fixes installed before anything ... download a copy of LSPFIX from any of the following sites: ... > enable you to regain your connection. ... > folder after appropriate unzipping, ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: IE6 and "TV Media"
    ... TV Media is still somewhere on your system, and may not be detected by ... Download, install, immediately update the definitions, and then run AdAware ... get a copy of WinsockFix Utility ... and download HiJackThis to the new folder. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)