Zip file contains a nasty payload
by George Skarbek - 26th July 05

To look at the book, Computer Guide, based on these columns click here

Computer Guide

Q: I have just received an email, the subject being "Your account is about to be expired", with an attached file called but no other details. I would expect my ISP to provide more information than a Zip file and I am reluctant to open it to investigate it. Do you think opening it will be safe?

A: This attachment contains a nasty worm virus - you should not open the attachment unless you are a computer expert familiar with viruses. This is a variant of the Mydoom virus and I am glad many users are now being cautious. This particular virus can have more than 100 different subjects and faked senders. The Zip file attachment may also have several innocent-sounding names. If activated, it will create a randomly named DLL file, several registry entries, and, after a reboot, it will start sending out mail and Denial of Service attacks via its own email engine.

This attachment should be deleted while holding down the Shift key, which results in immediate deletion and prevents the file from going to the Recycle Bin, from where it may be recovered if someone else also uses your computer.

For any reader who is not sure of the contents of any Zip file and is naturally reluctant to unzip suspicious files, you can view the file names of the zipped files by hovering the mouse over the Zip file in Windows Explorer. The has one more interesting feature that may not be apparent if the file is just unzipped. The payload has two extensions. The file appears to be called information.htm, which should be a relatively harmless webpage, but it has 67 spaces after the .htm so that the final extension may not be seen with the usual column width. The final extension can be a number of extensions such as .scr, .bat, .exe, .pif or .cmd. These are executable files that will cause the damage when run.


Q: I have been getting a few emails (jokes), mainly from one friend but also the odd one from elsewhere. The problem is the text is OK but the pictures are in a box with a red X in the corner and I can't open them. I have tried everything I can think of. I operate with Windows XP.

A: The most likely explanation is that the security settings have been altered when installing an automatic update from Microsoft.
To restore your settings, open Outlook Express and click on Tools, Options and click the Security tab. Now you can remove the tick from the box marked "Block images and other external content in HTML mail".

After restarting Outlook Express, you will then be able to view your pictures.


Q: I have read advice given by knowledgeable people to store data in a different partition from the boot partition containing the operating system, for easy back-up and in case Windows needs reinstalling with formatting. Applications can be in the boot partition as these can be reinstalled. As important data are in email, using Outlook Express, and other documents in "My Documents", how are these folders shifted to, say, D: drive? I attempted to shift "My Documents" using shift-drag to D:, but that only made a shortcut.

A: Moving the location of the mail requires modifying the registry. See: for more details.
If you do not wish to modify the registry and know some basic DOS commands, you can create a tiny BAT file that will copy the mail; that is, all the .DBX files, into an appropriate folder on the other hard disk. This can then be automated and you can burn the CD for off-site storage. Note that when burning CDs, the file name must be less than 63 characters. In Windows XP the mail is stored in the following folder: C:\Documents and Settings\YourName\Local Settings\ Application Data\Identities\ {DB615905-D44A-4DCE-A124 -DAA12DE7E366}\Microsoft\Outlook Express, which is much too long, so your destination folder should be something simple such as Mail so you can just drag that folder onto the CD.

Although there in an article by Microsoft stating that the registry need to be modified in order to move the mail location, this is not required. With Outlook Express versions 5 and 6 moving is easily done by clicking on Tools, Options, Maintenance and selecting Store Folder. Changes will take place after restarting.

To move the location of “My Documents” folder is very simple. Using Windows Explorer, right-click on the “My Documents” folder. (Note that you do NOT navigate to the C:\Documents and Settings\YourName\My Documents folder which looks identical.) Then click on Properties and select Move.

To look at the book, Computer Guide, based on these columns click here