I recently changed malware/virus protection and it detected vbs loveletter in my cache. This could explain some odd behaviour lately! All now dealt with, but I thought this spread by opening dodgy attachments? I always delete strange mail on sight. Or could it have got there through a genuine mail or just through surfing?
Cheers.
VBS Loveletter C found in firefox profile cache
-
poppy3
- Guest
vbs loveletter
I forgot to say that I periodically delete my cache yet somehow this remained.
-
brucine
- Posts: 68
- Joined: December 23rd, 2007, 5:36 am
As Loveletter rewrites several files, manual removal is very difficult.
As a general rule, as long as the corrupted dll, exe or vbs script remains on your disk, deleting the cache is of no use since the infected files are created again at each start up.
You need a specific tool like:
http://www.symantec.com/security_respon ... 09-4441-99
And of course you must, if not allready the case, force your system to show hidden files and extensions,e.g. xxx.dll.vbs instead of xxx.dll.
What is curious is that Loveletter is indeed bound to mail (more specifically Outlook), and i suppose it can express itself even without opening the mail if you receive mail in html format and read therein some kind of script. It is also said to be spread through IRC or loading scripts on "darkside" websites.
Hereby, it needs IE to express itself and one should, if not allready done, firewall deny IE.
One can keep himself from this kind of infection by choosing mail only in text format and either disabling the vbs extension, either making the default option for it to be opened with Notepad.
As a general rule, as long as the corrupted dll, exe or vbs script remains on your disk, deleting the cache is of no use since the infected files are created again at each start up.
You need a specific tool like:
http://www.symantec.com/security_respon ... 09-4441-99
And of course you must, if not allready the case, force your system to show hidden files and extensions,e.g. xxx.dll.vbs instead of xxx.dll.
What is curious is that Loveletter is indeed bound to mail (more specifically Outlook), and i suppose it can express itself even without opening the mail if you receive mail in html format and read therein some kind of script. It is also said to be spread through IRC or loading scripts on "darkside" websites.
Hereby, it needs IE to express itself and one should, if not allready done, firewall deny IE.
One can keep himself from this kind of infection by choosing mail only in text format and either disabling the vbs extension, either making the default option for it to be opened with Notepad.
-
VanillaMozilla
- Posts: 13808
- Joined: November 7th, 2005, 11:26 am
Contrary to what brucine has written, anything in your Firefox cache is considered harmless. See this post http://forums.mozillazine.org/viewtopic ... 01#3241601 for a recent explanation.
Just be aware that if you try to run any programs that you download or receive in e-mails, Firefox cannot protect you against that. By design, Firefox will not run such scripts -- but YOU can. Just don't do it.
By the way, I can't think of any reason to delete your cache periodically. It empties itself as needed to make room for more. And if there's anything harmful there, it was harmful BEFORE you emptied the cache, wasn't it?
And don't discount the possibility of a false alarm. This sometimes happens.
Just be aware that if you try to run any programs that you download or receive in e-mails, Firefox cannot protect you against that. By design, Firefox will not run such scripts -- but YOU can. Just don't do it.
By the way, I can't think of any reason to delete your cache periodically. It empties itself as needed to make room for more. And if there's anything harmful there, it was harmful BEFORE you emptied the cache, wasn't it?
And don't discount the possibility of a false alarm. This sometimes happens.
-
Anonymosity
- Posts: 8779
- Joined: May 7th, 2007, 12:07 pm
What is curious is that Loveletter is indeed bound to mail (more specifically Outlook), and i suppose it can express itself even without opening the mail if you receive mail in html format and read therein some kind of script.
If you do not open the mail message, you cannot have html rendered in it and therefore no scripts are going to be run. If you read the mail message as plain text, the same situation applies. Scripts will not be run.
By the way, I can't think of any reason to delete your cache periodically. It empties itself as needed to make room for more.
If Firefox has to stop and clear things out of the cache to make room for more, that will slow it down.
-
VanillaMozilla
- Posts: 13808
- Joined: November 7th, 2005, 11:26 am
-
jscher2000
- Posts: 11762
- Joined: December 19th, 2004, 12:26 am
- Location: Silicon Valley, CA USA
- Contact:
Re: VBS Loveletter C found in firefox profile cache
poppy3 wrote:I recently changed malware/virus protection and it detected vbs loveletter in my cache. This could explain some odd behaviour lately!
Firefox doesn't run VBScript. It might download the code when you retrieve the message, but the script will just be ignored.
However, if you use the IETab extension to read email, then messages you open within that tab could run VBScript. But probably those would appear in IE's Temporary Internet Files folder rather than Firefox's cache.
So my best guess is that particular script never ran, and any problems with the PC have other causes.