«

I'm a real greenhorn when it comes to understanding how trojan viruses
work. But I recently download an .exe file that was pro ported to be
a "necessary" media upgrade. After checking the file with Symantic A/
V and getting the OK, I opened the file which then turned out to be a
night mayer of major proportions.

I immediately deleted the .exe file and ran Symantic A/V, Spybot, and
AdAware all in safe mode with very favorable results. However, when I
then opened the Recycle Bin to verify the name of the dastardly .exe
file it evidently triggered the Symantic A/V alert.

Several more files were successfully quarantined leaving me to wonder
-- when a trojan virus is moved to Recycle, is it possible that by
opening the Recycle Bin you can reactivate the virus?

Thanks.
digger

digger odell wrote:
> I'm a real greenhorn when it comes to understanding how trojan viruses
> work. But I recently download an .exe file that was pro ported to be
> a "necessary" media upgrade. After checking the file with Symantic A/
> V and getting the OK, I opened the file which then turned out to be a
> night mayer of major proportions.
>
> I immediately deleted the .exe file and ran Symantic A/V, Spybot, and
> AdAware all in safe mode with very favorable results. However, when I
> then opened the Recycle Bin to verify the name of the dastardly .exe
> file it evidently triggered the Symantic A/V alert.
>
> Several more files were successfully quarantined leaving me to wonder
> -- when a trojan virus is moved to Recycle, is it possible that by
> opening the Recycle Bin you can reactivate the virus?

Yup.

Remember, the recycle bin is just another folder on your drive. Files
in the recycle bin are just the same as the same files in any other part
of your drive. Even emptying the recycle bin does not remove the file
from the drive, it just marks the space occupied by the file as empty so
that it *might* get overwritten by a new file.

--
Old Codger
e-mail use reply to field

What matters in politics is not what happens, but what you can make
people believe has happened. [Janet Daley 27/8/2003]

digger odell <> wrote:

>I'm a real greenhorn when it comes to understanding how trojan viruses
>work. But I recently download an .exe file that was pro ported to be
>a "necessary" media upgrade. After checking the file with Symantic A/
>V and getting the OK, I opened the file which then turned out to be a
>night mayer of major proportions.

I'm guessing you download a p0rn movie that claimed it wouldn't work
without this file.

>I immediately deleted the .exe file and ran Symantic A/V, Spybot, and
>AdAware all in safe mode with very favorable results. However, when I
>then opened the Recycle Bin to verify the name of the dastardly .exe
>file it evidently triggered the Symantic A/V alert.
>
>Several more files were successfully quarantined leaving me to wonder
>-- when a trojan virus is moved to Recycle, is it possible that by
>opening the Recycle Bin you can reactivate the virus?


Opening the recycle bin no, you'll just get a list of files. If you
restore the file from the recycle bin you could have problems.


--

Here is an alphabetical list of Band Name Origins,
or "How they got that name."
http://www.digitaldreamdoor.com/pages/music0_name.html

digger odell <> wrote in
news:3c4b3b5e-100c-47b8-88f5-:

> I'm a real greenhorn when it comes to understanding how trojan viruses
> work. But I recently download an .exe file that was pro ported to be
> a "necessary" media upgrade. After checking the file with Symantic A/
> V and getting the OK, I opened the file which then turned out to be a
> night mayer of major proportions.
>
> I immediately deleted the .exe file and ran Symantic A/V, Spybot, and
> AdAware all in safe mode with very favorable results. However, when I
> then opened the Recycle Bin to verify the name of the dastardly .exe
> file it evidently triggered the Symantic A/V alert.
>
> Several more files were successfully quarantined leaving me to wonder
> -- when a trojan virus is moved to Recycle, is it possible that by
> opening the Recycle Bin you can reactivate the virus?
>
> Thanks.
> digger

When checking for viri/trojans, you need to check *every* file on your
hard drive(s). You should do this every month, preferably just after
you've downloaded the latest virus definitions. It will take a *long*
time. It's supposed to.

--
(setq (chuck nil) car(chuck) )

"digger odell" <> wrote in message
news:3c4b3b5e-100c-47b8-88f5-...
> I'm a real greenhorn when it comes to understanding how trojan viruses
> work. But I recently download an .exe file that was pro ported to be
> a "necessary" media upgrade. After checking the file with Symantic A/
> V and getting the OK, I opened the file which then turned out to be a
> night mayer of major proportions.
>
> I immediately deleted the .exe file

You mean it was you who sent it to the Recycle bin?
So I'm guessing you only scanned the file with your Anti-virus software,
then rather then let the AV attempt to repair/quarantine, you just
deleted it?


> and ran Symantic A/V, Spybot, and
> AdAware all in safe mode with very favorable results. However, when I
> then opened the Recycle Bin to verify the name of the dastardly .exe
> file it evidently triggered the Symantic A/V alert.
>
> Several more files were successfully quarantined leaving me to wonder
> -- when a trojan virus is moved to Recycle, is it possible that by
> opening the Recycle Bin you can reactivate the virus?
>

Something is amiss, all the tools you used once the trojan was detected
they would have alerted and gave options, the obvious being to either
quarantine or permenantly delete, you're indicating they didn't, or did
you opt for the tools to take no action?

> Thanks.
> digger

On Nov 17, 2:30 pm, "ded" <with...@witheld.invalid> wrote:
> "digger odell" <diggerod...@gmail.com> wrote in message
>
> news:3c4b3b5e-100c-47b8-88f5-...
>
> > I'm a real greenhorn when it comes to understanding how trojan viruses
> > work. But I recently download an .exe file that was pro ported to be
> > a "necessary" media upgrade. After checking the file with Symantic A/
> > V and getting the OK, I opened the file which then turned out to be a
> > night mayer of major proportions.
>
> > I immediately deleted the .exe file
>
> You mean it was you who sent it to the Recycle bin?
> So I'm guessing you only scanned the file with your Anti-virus software,
> then rather then let the AV attempt to repair/quarantine, you just
> deleted it?
>
Yes, I sent it to the Recycle bin but only after (a) Symantic scanned
the file and found no evidence of it be viral, followed by (b) opening
the file and discovering that it was in fact a virus. Keep in mind
that I update my Symantic a/v software on a daily basis.

> > and ran Symantic A/V, Spybot, and
> > AdAware all in safe mode with very favorable results. However, when I
> > then opened the Recycle Bin to verify the name of the dastardly .exe
> > file it evidently triggered the Symantic A/V alert.
>
> > Several more files were successfully quarantined leaving me to wonder
> > -- when a trojan virus is moved to Recycle, is it possible that by
> > opening the Recycle Bin you can reactivate the virus?
>
> Something is amiss, all the tools you used once the trojan was detected
> they would have alerted and gave options, the obvious being to either
> quarantine or permenantly delete, you're indicating they didn't, or did
> you opt for the tools to take no action?
>

Once the .exe file was opened, I began getting all sorts of malicious
files being detected by Symantic. But even after being quarantined,
and more alerts would appear, I decided to reboot into Safe mode
before running the verious programs mentioned above, including
Symantic a/v once more. Once all those program finished their sweep,
everything looked O.K. until I opened the Recycle Bin to list the name
of the bogus .exe file, since it was still there. That triggered
Symantic to say that it discovered and quarantined two more files,
neither of which was the suspicious .exe file.

That is what aroused my curiosity about merely opening the Recycle Bin
and whether that operation alone could activate a virus.

It seems more likely, from what has been said thusfar, that there were
other malicious files besides the one .exe file that became infested.
And before opening the .exe file, I should have run all 3 tools.

digger odell wrote:
> I'm a real greenhorn when it comes to understanding how trojan viruses
> work. But I recently download an .exe file that was pro ported to be
> a "necessary" media upgrade. After checking the file with Symantic A/
> V and getting the OK, I opened the file which then turned out to be a
> night mayer of major proportions.
>
> I immediately deleted the .exe file and ran Symantic A/V, Spybot, and
> AdAware all in safe mode with very favorable results. However, when I
> then opened the Recycle Bin to verify the name of the dastardly .exe
> file it evidently triggered the Symantic A/V alert.
>
> Several more files were successfully quarantined leaving me to wonder
> -- when a trojan virus is moved to Recycle, is it possible that by
> opening the Recycle Bin you can reactivate the virus?


Disable System Restore then run a full anti-virus scan.
http://support.microsoft.com/kb/310405

digger odell wrote:

> Once the .exe file was opened,

Opened? How did you "open" it? A text editor? Or did you really
*execute* it (double-clicking, thereby infecting yourself)?

> I began getting all sorts of malicious files being detected by
> Symantic.

...which probably means you executed it.

--
-bts
-Motorcycles defy gravity; cars just suck

"digger odell" <> wrote in message
news:ab043b24-3515-4536-bc9a-...
> On Nov 17, 2:30 pm, "ded" <with...@witheld.invalid> wrote:
>> "digger odell" <diggerod...@gmail.com> wrote in message
>>
>> news:3c4b3b5e-100c-47b8-88f5-...
>>
>> > I'm a real greenhorn when it comes to understanding how trojan viruses
>> > work. But I recently download an .exe file that was pro ported to be
>> > a "necessary" media upgrade. After checking the file with Symantic A/
>> > V and getting the OK, I opened the file which then turned out to be a
>> > night mayer of major proportions.
>>
>> > I immediately deleted the .exe file
>>
>> You mean it was you who sent it to the Recycle bin?
>> So I'm guessing you only scanned the file with your Anti-virus software,
>> then rather then let the AV attempt to repair/quarantine, you just
>> deleted it?
>>
> Yes, I sent it to the Recycle bin but only after (a) Symantic scanned
> the file and found no evidence of it be viral, followed by (b) opening
> the file and discovering that it was in fact a virus. Keep in mind
> that I update my Symantic a/v software on a daily basis.
>
>> > and ran Symantic A/V, Spybot, and
>> > AdAware all in safe mode with very favorable results. However, when I
>> > then opened the Recycle Bin to verify the name of the dastardly .exe
>> > file it evidently triggered the Symantic A/V alert.
>>
>> > Several more files were successfully quarantined leaving me to wonder
>> > -- when a trojan virus is moved to Recycle, is it possible that by
>> > opening the Recycle Bin you can reactivate the virus?
>>
>> Something is amiss, all the tools you used once the trojan was detected
>> they would have alerted and gave options, the obvious being to either
>> quarantine or permenantly delete, you're indicating they didn't, or did
>> you opt for the tools to take no action?
>>
>
> Once the .exe file was opened, I began getting all sorts of malicious
> files being detected by Symantic. But even after being quarantined,
> and more alerts would appear, I decided to reboot into Safe mode
> before running the verious programs mentioned above, including
> Symantic a/v once more. Once all those program finished their sweep,
> everything looked O.K. until I opened the Recycle Bin to list the name
> of the bogus .exe file, since it was still there. That triggered
> Symantic to say that it discovered and quarantined two more files,
> neither of which was the suspicious .exe file.
>
> That is what aroused my curiosity about merely opening the Recycle Bin
> and whether that operation alone could activate a virus.
>
> It seems more likely, from what has been said thusfar, that there were
> other malicious files besides the one .exe file that became infested.
> And before opening the .exe file, I should have run all 3 tools.
>

Well, it could be opening the recycle bin, but I doubt it and suspect
that was purely coincidental, it seems from what you decribe that
the executable, was executed? You wrote: "before opening the .exe"
Did you execute it, the ""necessary media upgrade"?
Looking at the anti-virus/malware tools you list, but no firewall
mentioned - is it XP, and are you using the XP firewall?
I would suspect multiple naughties are now infecting your PC,
and if you were relying on XP's firewall, alas that is very basic
and only scans inward, it dosen't scan anything on-board that
maybe phoning home.
If you executed that dubious download, I think you've opened a
backdoor into the deep inner bowels of your comp.

On Nov 17, 4:53 pm, "ded" <with...@witheld.invalid> wrote:
> "digger odell" <diggerod...@gmail.com> wrote in message
>
> news:ab043b24-3515-4536-bc9a-...
>
>
>
> > On Nov 17, 2:30 pm, "ded" <with...@witheld.invalid> wrote:
> >> "digger odell" <diggerod...@gmail.com> wrote in message
>
> >>news:3c4b3b5e-100c-47b8-88f5-...
>
> >> > I'm a real greenhorn when it comes to understanding how trojan viruses
> >> > work. But I recently download an .exe file that was pro ported to be
> >> > a "necessary" media upgrade. After checking the file with Symantic A/
> >> > V and getting the OK, I opened the file which then turned out to be a
> >> > night mayer of major proportions.
>
> >> > I immediately deleted the .exe file
>
> >> You mean it was you who sent it to the Recycle bin?
> >> So I'm guessing you only scanned the file with your Anti-virus software,
> >> then rather then let the AV attempt to repair/quarantine, you just
> >> deleted it?
>
> > Yes, I sent it to the Recycle bin but only after (a) Symantic scanned
> > the file and found no evidence of it be viral, followed by (b) opening
> > the file and discovering that it was in fact a virus. Keep in mind
> > that I update my Symantic a/v software on a daily basis.
>
> >> > and ran Symantic A/V, Spybot, and
> >> > AdAware all in safe mode with very favorable results. However, when I
> >> > then opened the Recycle Bin to verify the name of the dastardly .exe
> >> > file it evidently triggered the Symantic A/V alert.
>
> >> > Several more files were successfully quarantined leaving me to wonder
> >> > -- when a trojan virus is moved to Recycle, is it possible that by
> >> > opening the Recycle Bin you can reactivate the virus?
>
> >> Something is amiss, all the tools you used once the trojan was detected
> >> they would have alerted and gave options, the obvious being to either
> >> quarantine or permenantly delete, you're indicating they didn't, or did
> >> you opt for the tools to take no action?
>
> > Once the .exe file was opened, I began getting all sorts of malicious
> > files being detected by Symantic. But even after being quarantined,
> > and more alerts would appear, I decided to reboot into Safe mode
> > before running the verious programs mentioned above, including
> > Symantic a/v once more. Once all those program finished their sweep,
> > everything looked O.K. until I opened the Recycle Bin to list the name
> > of the bogus .exe file, since it was still there. That triggered
> > Symantic to say that it discovered and quarantined two more files,
> > neither of which was the suspicious .exe file.
>
> > That is what aroused my curiosity about merely opening the Recycle Bin
> > and whether that operation alone could activate a virus.
>
> > It seems more likely, from what has been said thusfar, that there were
> > other malicious files besides the one .exe file that became infested.
> > And before opening the .exe file, I should have run all 3 tools.
>
> Well, it could be opening the recycle bin, but I doubt it and suspect
> that was purely coincidental, it seems from what you decribe that
> the executable, was executed? You wrote: "before opening the .exe"
> Did you execute it, the ""necessary media upgrade"?

Yes, I did execute it.

> Looking at the anti-virus/malware tools you list, but no firewall
> mentioned - is it XP, and are you using the XP firewall?

I have two firewalls. Symantic Client Security and XP.

> I would suspect multiple naughties are now infecting your PC,
> and if you were relying on XP's firewall, alas that is very basic
> and only scans inward, it dosen't scan anything on-board that
> maybe phoning home.
> If you executed that dubious download, I think you've opened a
> backdoor into the deep inner bowels of your comp.

Granted, I did open the file but only after getting a green light from
Symantic's a/v checker. So my learnings right now are on the theory
of collateral and coincidental mal-ware.