Re: AV-warning about batHEX.tmp
Hi, on Mon, 15 Feb 2010 22:28:45 +0100GMT (15.02.2010, 22:28 +0100GMT here), Jernej Simončič wrote: JS On Monday, February 15, 2010, 22:15:38, Peter Meyns wrote: I don't really worry about this, as Avira blocks it anyway, I'm just curious. Is this The Bat!'s problem or Avira's? JS Alvira's - TB downloads the messages to a temporary folder first, but JS your AV intercepts it there. I found the culprit via the mail dispatcher. As it was on an account that I don't use for PayPal, it was most certainly a PayPal spoofing scam - the headers looked accordingly - that was intercepted by Avira and therefore not downloaded. So The Bat! tried again and again to download the message with the aforementioned results. Now I deleted it from the server and I'm sure the alerts will stop - until the next spoof arrives. Thank you Jernej and MFPA for your help. -- Cheers Peter 'There are two major products that come out of Berkeley; LSD and BSD Unix. We don't believe this to be a coincidence.' Current version is 4.2.23 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
AV-warning about batHEX.tmp
Hi all, since a couple of weeks I keep getting warnings from Avira about C:\Documents and Settings\user\Local Settings\Temp\batHEX.tmp, where HEX is a hexadecimal number from one to three digits. According to Avira it contains signs of an HTML/Spoofing.Gen. It only occurs, when The Bat! downloads messages, but it doesn't always occur when downloading messages. Any ideas? I don't really worry about this, as Avira blocks it anyway, I'm just curious. Is this The Bat!'s problem or Avira's? -- Cheers Peter The Bat! Pro v4.2.23 on WinXP, SP3, 5, 1, build 2600, AMD Athlon 2200+ at 1794 MHz, 1024 MB RAM Current version is 4.2.23 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: AV-warning about batHEX.tmp
On Monday, February 15, 2010, 22:15:38, Peter Meyns wrote: I don't really worry about this, as Avira blocks it anyway, I'm just curious. Is this The Bat!'s problem or Avira's? Alvira's - TB downloads the messages to a temporary folder first, but your AV intercepts it there. -- Jernej Simončič http://eternallybored.org/ A smoker is always attracted to the non-smoking section. -- Dhawan's Third Law for the Non-Smoker Current version is 4.2.23 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: AV-warning about batHEX.tmp
Hi On Monday 15 February 2010 at 9:15:38 PM, in mid:523294134.20100215221...@nosuchdomain.com, Peter Meyns wrote: since a couple of weeks I keep getting warnings from Avira about C:\Documents and Settings\user\Local Settings\Temp\batHEX.tmp, where HEX is a hexadecimal number from one to three digits. According to Avira it contains signs of an HTML/Spoofing.Gen. It only occurs, when The Bat! downloads messages, but it doesn't always occur when downloading messages. Any ideas? I don't really worry about this, as Avira blocks it anyway, I'm just curious. Is this The Bat!'s problem or Avira's? My guess is either you are sometimes receiving emails containing a malicious script in connection with a Phishing/ url spoofing scam, or it's a false positive. Googling HTML/Spoofing.Gen the first result is at http://www.avira.com/en/threats/section/fulldetails/id_vir/4139/html_spoofing.gen.html and I quote:- Special detection HTML/Spoofing.Gen Description: A Homepage can use a HTML trick to fool the user. This is called spoofing. Very often the URL of a homepage is not displayed correctly and the user thinks he is visiting a banking site. In reality he visits a page created by the malware author which looks like a banking site to steal users identities and passwords. Version history: The following engine updates were released in order to enhance detection: • 7.08.00.04 ( 08/04/2007 ) • 7.09.00.04 ( 15/10/2008 ) • 7.09.00.26 ( 05/11/2008 ) [snipped most of the list] • 7.09.01.146/8.02.01.146 ( 20/01/2010 ) • 7.09.01.150/8.02.01.150 ( 22/01/2010 ) • 7.09.01.156/8.02.01.156 ( 01/02/2010 ) Note the latest update to improve detection was a couple of weeks ago. One of my search results was a post from an Outlook user who was getting that warning when sending/receiving mail last May, and another was from somebody a year ago who was getting that same warning when opening PayPal's website (no mention of which browser but some of the info suggests it exploits an IE vulnerability). -- Best regards MFPAmailto:expires2...@ymail.com No matter where you go, there you are. Using The Bat! v4.0.38 on Windows XP 5.1 Build 2600 Current version is 4.2.23 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html