P2P-Zone - virus watch

P2P-Zone (http://www.p2p-zone.com/underground/index.php)

- Peer to Peer (http://www.p2p-zone.com/underground/forumdisplay.php?f=5)

- - virus watch (http://www.p2p-zone.com/underground/showthread.php?t=10416)

just downloaded an obvious virus from grokster, watch out for it:

Dashboard Confessional - Remember To Breath.mp3.vbs. 11k

i deleted it before i opened it of course then ran mcafee which picked up something too. so i ran some searches on the band and found additional 11k files under different titles. it reminds me of the gnutella stuff, all small like that. what's interesting is the fact that the fastrack client does not display the vbs file ending. i spotted that in explorer. i've never seen this before on fastrack, a client i've used almost every day for exactly one year. and a client i've used to d/l thousands of files. maybe something new. maybe not. still, forewarned is forearmed.

- js.

It shows the extensions here... :PO:

Practice Safe Downloading

Back on the old Morpheus Discussion Board I had this posted under a couple of forums (Bug Report & Questions, my two favorite hangouts!!) One or another of us would occasionally bump it to the top... :tu:

Quote:

A while ago, just for fun, I deliberately searched for a *.vbs file to download to test my system.
Sure enough I located some so I picked one that claimed to be "Uriah Heep - Sunrise.mp3"
Wow! A 13 sec. download...
Bam! Up pops Norton AntiVirus to inform me that

"Norton AntiVirus has detected the VBS.LoveLetter.CIH virus in..."
and further informs me that it is
"Unable to repair this file."
Well I guess not, it's only a 9K file. Click OK. Another box pops up
"Unable to access this file."
***********************************************
Why did I do all this? To prove several things about practicing safe downloads!
1. Install a good AntiVirus program and keep your definitions updated.
2. Pay attention to what you are downloading. If you look all the way to the right at the filename you would see the file I was downloading was really named "Uriah Heep - Sunrise.mp3.vbs"
3. In order to get my experiment to work I had to alter my usual safety settings which are:
Open the "Tools" menu - select "Options..." - open the "Filter" tab and under "Miscellaneous"
I select the options:
Filter the file types that can potentially contain viruses
(If you d/l Programs you will need to clear the above box)
Filter bogus music and video files
I repeated my search after and all I found were some files that contained the letters vbs in the description but NO VBS Scripts!
In conclusion if you practice safe downloading and follow the three steps above you will run less risk of harming your system and files and won't contribute to the spread of these VBS Scripts.

while it's true after closing the left side search column and sliding everything else over that technically you can get grokster to cough up an ending, in a practical sense i'm comfortable saying it doesn't display, at least in my resolution. it's too much work for every search. or at least it was until this happened. since two of the most common complaints on the old boards were with users inability to see everything at once and to fix broken sliders, you got the feeling most people just left it all alone.

- js.

i added .mp3.vbs to the blocklist of the search filter - seems it does also some job - get 0 results if i search for "mp3 vbs"

indication for .mp3.vbs is, that

title=xyz.mp3 (because its not rcognised as audio)
artist=unknown
size small (11k, 9k)
downloadtime 0.0

good and simple thing (as mentioned on old morph and elsewhere):

set the default file association for .vbs, .reg, .wsh and others to edit, then they just end up in the notepad, in case you doubleclick them.

indy

send it to notepad. i like that.

- js.

Quote:

Originally posted by JackSpratts
send it to notepad. i like that.

- js.

OK, here is another one of my "How-To's" From the Old Board :tu:

Quote:

Those are not Music Files (MP3) they are VBS Scripts!
Read this posting own how to prevent them from opening again.
Also you should get a "Good" virus scanner and keep it running, at least while you downloading! (I use Norton Anti-Virus myself)
My scanner won't even let me open VBS Scripts! - And keep your Virus definitions updated!
Also Zone Alarm can protect your e-mail from VBS Scripts!

Below is a previous posting I made on a “fix” to this problem

Beware Of *.vbs Ext. Files!
What you have done is downloaded a VBS script that was masquerading as an MP3 (Song Name.mp3.vbs).

Here is a fix for your "Songs " problem! :D

Changing the Default Action for VBS Scripts to Edit
Instead of losing all file associations, you can change the default action for .VBS, .VBE, .JS, .JSE and .WSH files. When installed, these extensions are configured to default to 'Open'. If this default action is changed to 'Edit', scripts will open in a text editor instead of executing, which effectively renders them harmless.

To change the default action for these three extensions:

1) Open up 'Windows Explorer'
2) Under the 'View' menu select 'Options…' or 'Folder Options…'
3) Single click on the 'File Types' tab
4) Scroll down the list until you find 'VBScript Script File'. Single click on it and click the 'Edit…' button
5) Where it says 'Actions' look for 'Edit'. Single click on it and then click the button that says 'Set Default'
6) Click the 'Close' button
7) Repeat steps 4-6 for 'VBScript Encoded Script File' (skip this step if it is not listed)
8) Repeat steps 4-6 for 'JScript Script File'
9) Repeat steps 4-6 for 'JScript Encoded Script File'
10) Repeat steps 4-6 for 'Windows Scripting Host Settings File'

Now VBS scripts, which is how these virii are spreading, will just open harmlessly in notepad. Problem solved.

After neutering the Script Files you can go to your shared folder and delete the little buggers!! :D

NOTE: When searching for mp3's, make sure you've clicked on the audio radio button beneath the search area on the search page. This way .vbs files won't even show up in the first place and you should be okay. (Thank You gogostop for pointing me in the right direction)

And after changing the default for your VBS Scripts read this -
You should learn to practice "Safe Downloading"

Check this out
http://cgi-bin.streamcastnetworks.co...ID4/2432.html#

I found this "fix" by doing a search for "VBS Scripts" at http://google.com/ which is an excellent source for finding answers to many questions including program errors!

Don't bother trying the link... It pointed to the other posting above...

Add .com too. There are some nasty surprises in .com files aswell. Same as .bat theres tons you can add.

But everyone just goes after .vbs

Re: Practice Safe Downloading

Quote:

Originally posted by BuzzB2K
Back on the old Morpheus Discussion Board I had this posted under a couple of forums (Bug Report & Questions, my two favorite hangouts!!) One or another of us would occasionally bump it to the top... :tu:

Eat: Food :LF:

;)

Quote:

Originally posted by Ethen
Add .com too. There are some nasty surprises in .com files aswell. Same as .bat theres tons you can add.

But everyone just goes after .vbs

On my computers if you double-click any of the above mentioned script files (js, ws, vbs) you get notepad (actually I have them open with Pfe32 - a Notepad replacement). The same goes with bat, inf, reg files as well.

Enjoy: Food :LF:

I picked up an unknown .com "virus" while looking for photoshop projects on Google a couple of days ago, and NAV had to hold it for me, it could not even be deleted.

I had not seen anything like it before, and sent it to SARC.

Any other file types I should watch out for?

I think .wbs can be dangerous, scrap file I believe. Which you can tell it to execute commands.

oh man. that probly explains where i got some .vbs files on my hd.. mixed in with movies or mp3s. i thought i always checked the filenames to be sure, but apparently i dload some from title only in my haste.