Recently I took a break from reading NLS books to listening to DVS movies
downloaded for free from Blind Mice. I started with all the Star Trek
movies, some of which I hadn't even watched, and the ones I had seen, I
downloaded anyway because it had been years since I had read the books or
seen the movies. When I downloaded Star Trek The Wrath of Khan, I noticed
as I cursored down through the filenames in a folder on my hard drive, it
was an executable .EXE file. I just figured it was larger so it was
archived perhaps or there was another file inside the archive. I opened the
file and got an advertisement which asked me to download a uni deals program
for quick shopping plus a program called something like Search Protect. I
got 4 or 5 screen saying, are you sure you don't want to download our
program, press enter to continue, or enter to agree, enter to accept, and
enter to continue. I discovered, it made no difference I was saying no all
this time because one screen had no choice but yes. I tried bypassing it by
going back a screen, but when I said no again, it downloaded the program
Search Protect anyway. Then it allowed me to download the movie Wrath of
Khan. As soon as I tried opening the MP3 movie file, a Trojan horse warning
popped up in AVG and said 6 files had just been infected. Do you want AVG
to quarantine the threat, delete the virus, or do you want AVG to handle it
in its own way. I told it to remove the infection, not the files of course,
and it did so; deleting them from the files. I ran AVG full scan after this
happened because I have a pair of 500 gig drives, the second for backup.
Nothing was found. I ran Mal Bytes freeware and it found nothing else. Of
course, I have AVG set up for full drive scan in the middle of the night but
it never hurts to do it when something like this happens. I've scanned for
the .EXE file hidden elsewhere but couldn't find it after deleting the
original star trek the Wrath of Khan,EXE file from my hard drive. Next time
I'm on blind mice mega mall, I'll look to see how that file is posted to see
if it is listed as an MP3, as all the rest are, or if it's filename is .EXE
instead. Well, let me check that right now. Very interesting. I went
through everything but canceled the download at the last prompt. Keep in
mind, this isn't blind mice mega mall because when you pick your movie to
download from blind mice, it connects to sendspace.com so you are no longer
on blind mice but sendspace to conduct the download. The download is listed
on sendspace as an .MP3 file and when you select download, it still shows as
an .MP3 before you select save. Even after selecting save, as you well
know, windows prompts you again for a file folder to tell windows where you
want to save the file on your hard drive. So, either something already on
my hard drive was already there and waiting to be launched or something gets
changed, or did get changed at least that one time, to an .EXE file on my
harddrive. I know this isn't ham radio related but it could have been so I
figured I'd share the information just to be safe. This is not a third or
fourth removed virus scare either; this just happened yesterday and last
night. I added an additional freeware AVG firewall to the one that was
already with AVG just to be safer yet. Boy, I haven't gotten a virus for
years so it certainly was unexpected. I also did a full search on this
program for shopping they were calling UniDeals but that, and Search
Protect, were gone so AVG definitely found them and deleted them. With an
open system such as the mega file services for uploading and downloading
huge files, no telling who might upload something infectious and even doing
it unknowingly.
Phil.
K0NX
|