Re: DBXtend extracted attachment query

From: DGuess (majik_at_mindspring.oops)
Date: 10/07/04 

Date: Thu, 7 Oct 2004 10:35:35 -0500

This could be an issue with the DBX file itself.

When you say extracted attachments, do you mean the .eml file itself or it
was an attachment that was removed from a message?

The developer is out of town (lost in that woods again I suspect) so it will
be a few days to get a reply from him.

"David Purdy" <Nospam@here.co.uk> wrote in message
news:ck3dtk$753$1@hercules.btinternet.com...
> >I am using DBXtend v1.70 on a Win XP system, and upon extracting some
> >messages (22 in total) from a folder, one of the extracted attachments
> >has the following name (note the preceding spaces):
>>
>> ' WScript.KakWorm'
>
> [cut]
>
> By a process of elimination, the source message has been traced, attached.
> It's from January 2001 (sent via my previous, Win98, PC), ironically
> copying Symantec information about the virus to a colleague.
>
> I cannot see anything obvious in the message that would cause this.
> Perhaps it's a software design issue ?
>
> Regards,
>
> Dave.
>
> From: [cut]
> To: [cut]
> Subject: E-mail virus details
> Date: Tue, 23 Jan 2001 13:54:42 -0000
> MIME-Version: 1.0
> Content-Type: text/plain;
> charset="Windows-1252"
> Content-Transfer-Encoding: 7bit
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 5.50.4133.2400
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>
> David,
>
> Some background details, for information.
>
> Regards,
>
> Dave
>
>
> **********************************************************************
> ** **
> ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT **
> ** **
> ** Symantec AntiVirus Research Center (SARC) January 18, 2001 **
> ** **
> **********************************************************************
>
> The ten most commonly reported viruses, worldwide:
>
> 1 W32.Navidad
> 2 W95.MTX
> 3 W32.HLLW.QAZ.A
> 4 VBS.Stages.A
> 5 VBS.LoveLetter
> 6 VBS.Network
> 7 Wscript.KakWorm <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> 8 W32.Funlove.4099
> 9 PrettyPark.Worm
> 10 Happy99.Worm
>
>
> **********************************************************************
> Virus Information
> **********************************************************************
>
> Virus name: WScript.KakWorm
> Aliases:
> Infects:
> Likelihood: Common
> Length: 4116 bytes
>
> Characteristics
>
> Memory resident No Triggered event No
> Size stealth No Encrypting No
> Full stealth No Polymorphic No
>
> Comments:
> Please visit this website for a more detailed description.
> http://www.sarc.com/avcenter/venc/data/wscript.kakworm.htm
>
> http://www.sarc.com/avcenter/venc/data/wscript.kakworm.htm ...
>
> VBS.KakWorm spreads using Microsoft Outlook Express. It attaches itself to
> all
> outgoing messages via the Signature feature of Outlook Express and
> Internet
> Explorer newsgroup reader.
>
> The worm utilizes a known Microsoft Outlook Express security hole so that
> a viral
> file is created on the system without having to run any attachment. Simply
> reading
> the received email message will cause the virus to be placed on the
> system.
>
> Microsoft has patched this security hole. The patch is available from
> Microsoft's
> website. If you have a patched version of Outlook Express, this worm will
> not work
> automatically.
>
> http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000020318071406 ...
>
> Solution 1-- To remove this worm from within Windows, follow these
> instructions:
> 1. Restart the computer in Safe mode.
> 2. Enable show all files.
> 3. Find and delete the kak.*, *.kak, and *.hta files.
> 4. Remove the worm entry from the Autoexec.bat file.
> 5. Remove the worm entry from the registry.
> 6. Uninstall the Windows Scripting host.
> 7. Delete infected files from Quarantine.
> 8. Clear deleted items folder.
> 9. Install the Microsoft patch.
> 10. Take action after installing the Microsoft patch.
>

Relevant Pages

  • Re: Agent 4.0 Well Worth The $15
    ... If you had seen Windows newsreaders in action,a ... Sandman, I'm sorry to inform you, but Microsoft Outlook for Windows ... Microsoft Outlook Express has NONE of Microsoft Office Outlook's ...
    (comp.sys.mac.advocacy)
  • Re: How to send meeting request from ASP .NET using VB
    ... Here is the info on using CDO in Outlook ... You can install Microsoft Outlook in two different modes: ...
    (microsoft.public.office.developer.outlook.vba)
  • Re: how do I create a hyperlink
    ... web addresses with hyperlinks" were correctly checked. ... illiterate jerk who can't figure out this Microsoft stuff.) ... Author of Configuring Microsoft Outlook 2003 ... I have an 8th grade diploma (and a master's degree in engineering, ...
    (microsoft.public.outlook)
  • Re: Outlook 2003 hangs on send/receive
    ... See AlsoApplies ToExampleSpecificsOccurs when Microsoft Outlook encounters ... This event is not available in Microsoft Visual Basic ... displays a message box describing the synchronization error when an error ... Because the Download progress is to download information from server, ...
    (microsoft.public.office.developer.com.add_ins)
  • Re: last 24 hour port scan log
    ... > because they didn't install a Microsoft patch. ... it doesn't "make them stupid and morons" (M$ products do that by ...
    (comp.security.firewalls)